You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
When using dependency-check to scan a .net framework project, the results are very different when the packages folder is included and when the packages folder is not included. Many vulnerabilities will be missed when the packages folder is included.
Version of dependency-check used
The problem occurs using version 11.1.1 of the cli.
To Reproduce
Steps to reproduce the behavior:
I just scanned the project twice, the first time with the packages folder, the second time just the code project folder. Here are the commands I used.
Here is my test code: Test4DC.zip
Expected behavior
A clear and concise description of what you expected to happen.
Regardless of whether the packages folder is included, I think some vulnerabilities should be reported, such as the vulnerability with System.Text.Json:8.0.1.
Additional context
Thanks
The text was updated successfully, but these errors were encountered:
Describe the bug
When using dependency-check to scan a .net framework project, the results are very different when the packages folder is included and when the packages folder is not included. Many vulnerabilities will be missed when the packages folder is included.
Version of dependency-check used
The problem occurs using version 11.1.1 of the cli.
Log file
The reports and logs of the two scans are here: report-and-log (2).zip
To Reproduce
Steps to reproduce the behavior:
I just scanned the project twice, the first time with the packages folder, the second time just the code project folder. Here are the commands I used.
Here is my test code:
Test4DC.zip
Expected behavior
A clear and concise description of what you expected to happen.
Regardless of whether the packages folder is included, I think some vulnerabilities should be reported, such as the vulnerability with System.Text.Json:8.0.1.
Additional context
Thanks
The text was updated successfully, but these errors were encountered: