Wiremock.net showing vulnerability not related to it

Hi,

I have wiremock.net (version 1.5.47) in my .net APIand sonarqube show me 15 vulnerability because of this :

From what I see when

It seems to me that these vulnerabilities are linked to other library like wiremock (for Java) and Wire AVS

I am wondering if this is a false positive or if I missed something.
If it is a false positive, is there a way to hide the vulnerabilities shown by sonarqube?

Are these issues being raised by GitHub - dependency-check/dependency-check-sonar-plugin: Integrates Dependency-Check reports into SonarQube?

If so, you should reach out to the maintainer of this community supported plugin on Github.

Hello Collin,
Thanks for you answer! Yeah you are right, they are raised by the dependency check, I will go check this side.

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.