Jeremy Long
Jeremy Long
Pending a resolution to https://github.com/gradle/gradle/issues/27156
False positives exist due to how LTS versions are listed in the NVD. See https://github.com/jeremylong/DependencyCheck/issues/3364#issuecomment-888560473
Currently two proxy configurations are used. System properties and the original proxy configuration. This should be consolidated to use just the system properties used by the open-vulnerability-client.
Currently, ODC primarily tracks the file path of the dependency - not necessarily the "source". If scanning a pom.xml we do not provide the path to the pom. We do...
While not specifically vulnerability data - this could be useful to a lot of projects that utilize vulnerability data. https://deps.dev/ See https://github.com/jeremylong/DependencyCheck/issues/5871