More false positives since DC 2.1.1
See original GitHub issueI’m seeing a change in behavior for the DC 2.1.1 release:
More Jars are reported as false positives than before the release: e.g.:
- mailapi-1.5.6.jar, which was already used in the exact same version in DC 2.1.0, is now falsely reported as CVE-2015-9097 since DC 2.1.1.
- joda-time-1.6.jar is now falsely reported as CVE-2014-5169
- javax.json-1.0.4.jar is now falsely reported as CVE-2015-2808 and CVE-2013-2566
See https://gist.github.com/albuch/b9b080cf8d07c528c89b38aa9abb2790 for full report.
The issue occurs when running sbt-dependency-check
on itself with dependency-check-core
updated to v2.1.1 (for reference: https://github.com/albuch/sbt-dependency-check/pull/28).
@jeremylong do you have any idea why these are newly reported as false positives?
Issue Analytics
- State:
- Created 6 years ago
- Comments:8 (4 by maintainers)
Top Results From Across the Web
Dual-Antigen System Allows Elimination of False Positive ...
Combining nucleocapsid protein and receptor-binding domain for analysis allowed us to completely eliminate false positive results in the ...
Read more >Estimating the false positive rate of highly automated SARS ...
We consider these three tests false positives and estimate the overall false positive rate of high-throughput automated, sample-to-answer ...
Read more >Potential for False Positive Results with Antigen Tests ... - FDA
Laboratories should expect some false positive results when screening large populations with a low prevalence of COVID-19 infection.
Read more >ON THE LOW FALSE POSITIVE PROBABILITIES OF KEPLER ...
Since Kepler has detected many more planetary signals than can be positively ... The false positive term can be further broken down accounting...
Read more >False positives and false negatives with a cocaine-specific ...
With all these discussions, cobalt thiocyanate tests such as the Scott test are still the most popular field tests for cocaine. The aim...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
I’ll look into this as soon as I’ve gotten the database branch to build on travis…
FWIW, some (more) false positives: