Trivy flagged vulnerability in my project for artifact com.google.guava version 11.0.2 which is not exit in my app #4472
Replies: 3 comments 2 replies
-
|
Need more info |
Beta Was this translation helpful? Give feedback.
-
|
Used trivy version v0.35.0 through harbor for scan |
Beta Was this translation helpful? Give feedback.
-
|
please share what you scanned. |
Beta Was this translation helpful? Give feedback.
-
|
Hi. We are facing the same issue. We have a project with lots of dependencies, and some of them are bringing old version of Guava. However, on the parent pom.xml, we are dealing with it via dependency management and specifying the latest version, which by now is 32... Here I am just assuming, but seems that the scan is not checking the project's final set of dependencies, but whatever dependencies are bringing individually. |
Beta Was this translation helpful? Give feedback.
-
|
Hi @felipelo Could you share an example of what you are scanning? Otherwise it's hard to reproduce the problem. |
Beta Was this translation helpful? Give feedback.
-
IDs
CVE-2020-8908
Description
Trivy flagged vulnerability in my project for artifact com.google.guava version 11.0.2 which is not exit in my app and even its not exit in .m2 folder
Reproduction Steps
Target
Kubernetes
Scanner
Vulnerability
Target OS
Linux
Debug Output
Version
Checklist
-f jsonthat shows data sources and confirmed that the security advisory in data sources was correctBeta Was this translation helpful? Give feedback.
All reactions