[FP]: False positive findings in Dependency Checker for bss chef service component

### Package URl

pkg:maven/com.bss.chef/service@1.4.4-SNAPSHOT

### CPE

cpe:2.3:a:chef:chef:1.4.4:snapshot:::::: 

### CVE

CVE-2015-8559

### ODC Integration

{"label" => "Docker"}

### ODC Version

7.1.0

### Description

Hi Team,

We are getting following vulnerabilities (CVEs) in Dependency Checker Tool findings, although as per our analysis we consider them as false positive.
CVEs details and our justification for false positive for each CVE is mentioned below.
Kindly check and get it fixed in Dependency Checker tool. So these false positive does not appear in scan report.

CVE-2015-8559
Justification: There vulnerability is related to chef infra client.
We include chef services jar only and does not include chef infra client packages. Hence we have consider this vulnerability as false postive.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[FP]: False positive findings in Dependency Checker for bss chef service component #7386

Package URl

CPE

CVE

ODC Integration

ODC Version

Description

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[FP]: False positive findings in Dependency Checker for bss chef service component #7386

Description

Package URl

CPE

CVE

ODC Integration

ODC Version

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions