You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Maybe I'm missing it, but with the Gradle plugin can I see what declared dependency led to a detected vulnerability?
For instance, if I add 'org.owasp:dependency-check-maven:7.0.0' and then run dependencyCheckAnalyze, I get a hit on sisu-guava-0.9.9.jar - cpe:2.3:a:google:guava:0.9.9:*:*:*:*:*:*:*.
Presently, to find out where that came from I have to run the dependencies task and search for it.
Maybe I'm missing it, but with the Gradle plugin can I see what declared dependency led to a detected vulnerability?
For instance, if I add 'org.owasp:dependency-check-maven:7.0.0' and then run dependencyCheckAnalyze, I get a hit on
sisu-guava-0.9.9.jar - cpe:2.3:a:google:guava:0.9.9:*:*:*:*:*:*:*
.Presently, to find out where that came from I have to run the dependencies task and search for it.
It would be nice to see what led to it being in the project right from the HTML report.
The text was updated successfully, but these errors were encountered: