You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
Since #4685 the unmatched suppression rules are outputted. I think there is a bug in this logic. When a suppression is listed with multiple CVEs, where 1 CVE will not match, there is no output if there is at least one other CVE that is matched.
Version of dependency-check used
The problem occurs using version 7.1.2 of the maven plugin.
To consider for this enhancement that a single rule can contain a variety of different suppression types, e.g both <cve> and <vulnerabilityName> to cover the same things being raised against multiple sources.
Describe the bug
Since #4685 the unmatched suppression rules are outputted. I think there is a bug in this logic. When a suppression is listed with multiple CVEs, where 1 CVE will not match, there is no output if there is at least one other CVE that is matched.
Version of dependency-check used
The problem occurs using version 7.1.2 of the maven plugin.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
See the README.txt contained in the zip file.
The text was updated successfully, but these errors were encountered: