I am doing dependency management via Maven. In my root POM I have defined latest secured version of dependency X to be used. Two of the dependencies Y & Z directly specified in my POM uses dependency X but vulnerable version. ODC is reporting security vulnerabilities; however, I am not vulnerable as I have defined in my parent POM latest version of X to be used. Maven dependency tree also shows latest version of dependency X.How to suppress or remove this false positive? Wondering if there is way to make ODC work only on Maven dependency tree output.
--
You received this message because you are subscribed to the Google Groups "Dependency Check" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dependency-check+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
To unsubscribe from this group and stop receiving emails from it, send an email to dependency-che...@googlegroups.com.