You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
My guess is the CPE's cpe:2.3:a:apache:tomcat:3.0:*:*:*:*:*:*:* and cpe:2.3:a:apache:tomcat:4.0.0:*:*:*:*:*:*:* would need to be suppressed. I could do this on my own with something along the lines:
Not only are they a false positive for Tomcat, they're also false negatives for the API jars they actually are. Though I haven't checked if they all actually have registered CPEs.
A general suppression might be this, but I don't know if it makes sense to be built-in.
I'm using the following maven coordinate to assembly a custom Tomcat distribution:
... and I'm receiving the following scanner results:
cpe:2.3:a:apache:tomcat:3.0:*:*:*:*:*:*:*
cpe:2.3:a:apache_tomcat:apache_tomcat:9.0.85:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apache_tomcat:apache_tomcat:9.0.85:*:*:*:*:*:*:*
My guess is the CPE's
cpe:2.3:a:apache:tomcat:3.0:*:*:*:*:*:*:*
andcpe:2.3:a:apache:tomcat:4.0.0:*:*:*:*:*:*:*
would need to be suppressed. I could do this on my own with something along the lines:However, could you also do this and roll this out to everybody? I might not be the only one having this problem.
The text was updated successfully, but these errors were encountered: