-
-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve Spring Support #5
Comments
The hints regarding the spring framework have been removed from the JarAnalyzer and have been placed into the HintAnalyzer. The SpringCleanerAnalyzer has been cleaned up, made generic, and is now the DependencyBundlingAnalyzer and FalsePositiveAnalyzer. |
I seem to have an issue where Spring Security Core is being mis-identified as Spring Core and generating false positives, for Jenkins plugin v1.2.1: Example:
spring-security-web-3.2.3.RELEASE.jar Is this an artifact of the way this issue was closed? Should I create a new issue? New to GitHub and DependencyCheck, please advise. |
Thanks for pointing this out. A new issue should be opened for this so that --Jeremy On Mon, Jun 9, 2014 at 1:05 PM, CorduroyCordova notifications@github.com
|
Jeremy, Thank you. I will open a new issue today. I appreciate the quick response. Be well, EK From: Jeremy Long [mailto:notifications@github.com] Thanks for pointing this out. A new issue should be opened for this so that --Jeremy On Mon, Jun 9, 2014 at 1:05 PM, CorduroyCordova <notifications@github.commailto:notifications@github.com>
— |
I already opened issue #130 to track this. Thanks, Jeremy On Tue, Jun 10, 2014 at 10:04 AM, CorduroyCordova notifications@github.com
|
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
The Spring Framework is bad about including vendor information in their manifest. There are a few "a priori" items of evidence added to aid in the detection of the Spring Framework. This is currently in the JAR Analyzer and should be moved to a PRE_IDENTIFIER_ANALYSIS Analyzer.
Additionally, the SpringCleaner Analyzer should be cleaned up to use regular expressions rather then the two hard-coded partial CPE Strings.
The text was updated successfully, but these errors were encountered: