Hi Everyone ,
We implement Dependency Check Plugin , which fetches results from Dependency Check and Publishes on SonarQube .
I have a question on how SonarQube Plugin deals with third party libraries that are marked as False Positives. We have vast number of projects and every project uses third party libraries .
For example: I mark
as a false positive , because the CVE-2019-3826 is not applicable to my project.
My Questions -
- Next time project is scanned will this be reopened ?
- If a new CPE is identified in this jar , will this be reopened ?
Any assistance would be helpful. Thank you !