Skip to content

Dependency check cannot scan individual components with known vulnerabilities #7494

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
yanhui2623 opened this issue Mar 4, 2025 · 1 comment
Open

Dependency check cannot scan individual components with known vulnerabilities #7494

yanhui2623 opened this issue Mar 4, 2025 · 1 comment
Labels
question

Comments

@yanhui2623
Copy link

For the vulnerability CVE-2022-23395 in component jquery.cookie, dependency check seems unable to identify it.
Image
I installed problematic components jquery.cookie and SixLabors.ImageSharp in a project I built locally.
Image
My scanning command is as follows:
Image
Surprisingly, there is no vulnerability information for jquire.cookie in my report results
Image
Dependency check seems to only be able to detect information about jquery.cookie, but cannot identify security vulnerabilities.
Image
Just to add, there is information about this CVE in my vulnerability database.
Image
@yanhui2623
Copy link
Author

Upon reviewing the documentation again, I discovered the -- hints parameter, which seems to be a key parameter for resolving false positives.
Image
But it still doesn't seem to solve this problem.
Image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@yanhui2623