You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
While scanning the Flutter project, I discovered a false positive. DependencyTrack incorrectly identified the package pkg:pub/build@2.4.1 as belonging to the npm repository and issued the vulnerability CVE-2020-28423. Upon visiting the NIST NVD website to view the details, I found that it has cpe:2.3:a:monorepo-build_project:monorepo-build::::::node.js::*. Although in the actual bom file, the cpe is absent altogether.
Steps to Reproduce
git clone any flutter project with pub/build@2.4.1
generate bom file
upload bom file to dependencytrack server
Expected Behavior
the vulnerability should not appear on this component
Current Behavior
While scanning the Flutter project, I discovered a false positive. DependencyTrack incorrectly identified the package pkg:pub/build@2.4.1 as belonging to the npm repository and issued the vulnerability CVE-2020-28423. Upon visiting the NIST NVD website to view the details, I found that it has cpe:2.3:a:monorepo-build_project:monorepo-build::::::node.js::*. Although in the actual bom file, the cpe is absent altogether.
Steps to Reproduce
Expected Behavior
the vulnerability should not appear on this component
Dependency-Track Version
4.11.0-SNAPSHOT
Dependency-Track Distribution
Container Image
Database Server
PostgreSQL
Database Server Version
No response
Browser
Google Chrome
Checklist
The text was updated successfully, but these errors were encountered: