Replies: 2 comments
-
|
Which analyzer is reporting the vulnerability? You can enable a column to show the analyzer. |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
This is the Sonatype analyser. I managed to get the Trivy analyser working and it did not show this vulnerability. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi. We raised with a development team a number of vulnerabilities that were showing against their product and when they looked at them, they highlighted a number that they were using that DT was incorrectly flagging.
To recreate. Create a project and add a component with
Name: krb5
Version: 1.20.1
Purl: pkg:conda/[email protected]
Save it and after a while you will get a number of vulnerabilities. One is:
CVE-2000-0389 https://nvd.nist.gov/vuln/detail/CVE-2000-0389
This does not show version 1.20.1 as being affected.
Am I missing something or is it correctly being highlighted? Thanks, N
Beta Was this translation helpful? Give feedback.
All reactions