New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dependency check finds some vulnerabilities #266

Open

khauser opened this issue Jan 23, 2024 · 1 comment

Assignees

khauser commented Jan 23, 2024 •

edited

Using id 'org.owasp.dependencycheck' version '9.0.9' in my build.gradle shows some issues regarding the sonarlint dependencies:

sonar-ruby-plugin-1.15.0.4655.jar
sonar-scala-plugin-1.15.0.4655.jar

But I guess these things need to be fixed on their side.

The text was updated successfully, but these errors were encountered:

github-actions bot assigned remal

Member

remal commented Jan 24, 2024

This project automatically update dependencies using Renovate. So, I'd suggest trying to update to the latest version of the plugin.

If it doesn't help, we have two options:

It's an issue in these exact dependencies. In this case, it should be addressed on the Sonar's side
The issue is in a transitive dependency. In this case I could upgrade this transitive dependency, but I'd like to avoid it. Even in this case I'd recommend talking to Sonar authors

Summary:

Try to use the latest version of the plugin
If it doesn't help and the issue is with transitive dependencies, please report it

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment