You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Mar 24, 2026. It is now read-only.
Is this a request for help?:
Is this a BUG REPORT or a FEATURE REQUEST? (choose one):
BUG REPORT
Version of Anchore Engine and Anchore CLI if applicable:
Engine DB Version: 0.0.16
Engine Code Version: 1.1.0
What happened:
Got a false positive for jars related to Netty.
What did you expect to happen:
Expected Netty jars to not get flagged. Example:
Getting lots of seemingly false positive on reactor-netty* jars, for example:
CRITICAL Vulnerability found in non-os package type (java) - /app/libs/reactor-netty-http-1.0.19.jar (CVE-2019-20445 - https://nvd.nist.gov/vuln/detail/CVE-2019-20445)