Skip to content
This repository was archived by the owner on Jan 27, 2023. It is now read-only.
This repository was archived by the owner on Jan 27, 2023. It is now read-only.

False positive on reactor-netty* jars #1379

Open
Open
False positive on reactor-netty* jars#1379
@seanleblancicdtech

Description

@seanleblancicdtech
seanleblancicdtech
opened on May 13, 2022

Is this a request for help?:

Is this a BUG REPORT or a FEATURE REQUEST? (choose one):
BUG REPORT

Version of Anchore Engine and Anchore CLI if applicable:

Engine DB Version: 0.0.16
Engine Code Version: 1.1.0

What happened:

Got a false positive for jars related to Netty.

What did you expect to happen:

Expected Netty jars to not get flagged. Example:

Getting lots of seemingly false positive on reactor-netty* jars, for example:

CRITICAL Vulnerability found in non-os package type (java) - /app/libs/reactor-netty-http-1.0.19.jar (CVE-2019-20445 - https://nvd.nist.gov/vuln/detail/CVE-2019-20445)

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions