Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Encourage folks improve DependencyCheck by submitting false positives #101

Open
lread opened this issue Aug 16, 2024 · 2 comments
Open

Encourage folks improve DependencyCheck by submitting false positives #101

lread opened this issue Aug 16, 2024 · 2 comments
Labels
needs analysis Further hammock time is required to figure out the best solution
Milestone
6.1

Comments

@lread
Copy link
Contributor

lread commented Aug 16, 2024

Currently

If a user hits a false positive, they might simply suppress it. See #55.

But...

If we encourage users to submit false positives (and potentially fixes) back to DependencyCheck, we improve tooling for everyone.

For example, here's me submitting a false positive for some jetty libs and here's my fix.

Next Steps

For this to be viable, we'd also need to report the cpe in findings.

And then describe/encourage in the clj-watson README.
@seancorfield seancorfield added the needs analysis Further hammock time is required to figure out the best solution label Aug 16, 2024
@seancorfield seancorfield added this to the 6.1 milestone Aug 17, 2024
@seancorfield seancorfield mentioned this issue Aug 22, 2024
Closed
@seancorfield seancorfield mentioned this issue Aug 30, 2024
Open
@seancorfield
Copy link
Contributor

I created #121 to deal with the cpe reporting. I'll make it part of 6.1.

@lread
Copy link
Contributor Author

lread commented Aug 31, 2024

Good idea, thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
needs analysis Further hammock time is required to figure out the best solution
Milestone
6.1
Development

No branches or pull requests
2 participants
@seancorfield @lread