Comments (3)
I added org.owasp/dependency-check-core {:mvn/version "RELEASE"}
to my :watson
alias to override the version used -- which pulled 7.4.0 from Maven (not 7.3.2 which I was expecting) -- and that got rid of both FPs I had suppressions for.
Perhaps worth a new release with all the deps updated?
Or suggest in the README that folks should add that dependency to always get the latest version? ("RELEASE"
is unsupported so maybe link to https://search.maven.org/artifact/org.owasp/dependency-check-core so folks can find the most recent version to use?).
from clj-watson.
Hi @seancorfield thx for the issue, sorry for the late answer, but I released a new version of clj-watson 😄
from clj-watson.
Thanks. I'll update our build.clj
at work to use that -- but I'll probably continue to override the o.owasp.d-c-c
dep with "RELEASE"
so that we continue to automatically get the very latest of that without needing clj-watson
to be updated. At least until it breaks...
from clj-watson.
Related Issues (20)
- comparing version in a really wrong way. HOT 1
- Sorted report
- Native SARIF output support HOT 20
- Project- and version-based false positives when shadow-cljs is a dependency HOT 5
- support sarif output for dependency-check scan strategy HOT 1
- CVE identifiers are missing in 3.0.2 output HOT 9
- Can't run clj-watson as a -M alias HOT 2
- Bug in 4.1.1? HOT 4
- Unable to update watson database, version exceeds column limit HOT 1
- Persistent 503 errors? HOT 6
- Switch from depstar to tools.build HOT 2
- Provide an additive properties file HOT 2
- Bug in 5.0.0: clj-watson.properties file not found on classpath
- Error scanning after latest update HOT 6
- Add logging/printing to show additional properties
- Update DependencyCheck to latest version HOT 1
- Clean up command-line tool invocation HOT 1
- Document how to suppress false positives HOT 1
- Score and severity missing from output
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from clj-watson.