This repository has been archived by the owner on Jan 27, 2023. It is now read-only.
False positive on reactor-netty* jars #1379
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
{{ message }}
Is this a request for help?:
Is this a BUG REPORT or a FEATURE REQUEST? (choose one):
BUG REPORT
Version of Anchore Engine and Anchore CLI if applicable:
Engine DB Version: 0.0.16
Engine Code Version: 1.1.0
What happened:
Got a false positive for jars related to Netty.
What did you expect to happen:
Expected Netty jars to not get flagged. Example:
Getting lots of seemingly false positive on reactor-netty* jars, for example:
CRITICAL Vulnerability found in non-os package type (java) - /app/libs/reactor-netty-http-1.0.19.jar (CVE-2019-20445 - https://nvd.nist.gov/vuln/detail/CVE-2019-20445)
The text was updated successfully, but these errors were encountered: