Hello guys,
I am using the tool from the CLI and my concern is that it provides a lot of false positives.
For example, my application uses mina-filter-ssl-1.1.7.jar and the tool identifies a vulnerability (CVE-2004-0009) that refers to Apache-SSL.
Could you please help me in making the match with the NVD more “strict” (somehow to put a certain library in the report only if the names are very similar)?
Thank you,
Raoul
--
You received this message because you are subscribed to the Google Groups "Dependency Check" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dependency-che...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.