You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This then created a large number of false positive findings when we try to scan Jira with Grype using CPEs (there are many other jars in Jira that do this)
There is no official CPE for this jar I can find. Syft does find the pom properties correctly
What happened:
If we scan the attached jar take from Jira
jira-api-9.12.13.jar.zip
(I had to zip a jar so I could upload it)
We get a very aggressive CPE list
This then created a large number of false positive findings when we try to scan Jira with Grype using CPEs (there are many other jars in Jira that do this)
There is no official CPE for this jar I can find. Syft does find the pom properties correctly
I would not expect Syft to generate such a general list of CPEs if we are able to find a groupId and artifactId for a jar
The text was updated successfully, but these errors were encountered: