We tried putting a few entries in pom.xml which have known vulnerabilities, but Github shows alerts for only a few of them. For e.g. activemq-all(v5.7.0) and commons-collections(v3.2.2) have known vulnerability issues, but it doesn't give alerts for these jars.
Please advise if the alerts are for selective jars or it covers all CVE vulnerabilities.
Solved! Solved! Go to Solution.
Thanks for being a part of the GitHub Community Forum!
This topic has already been opened and is being discussed in another thread here: https://github.community/t5/How-to-use-Git-and-GitHub/Security-Alerts/td-p/26425. In an effort to keep the Community Forum organized and make it easier for other users to find information, we ask that users continue the conversation in existing threads, instead of opening new ones about the same topic. For this reason, I'll be closing this topic, and you can continue the conversation in the original thread, if you'd like. It's more likely you'll get engagement and answers to your own questions this way, too.
Thank you again for being here!
Mark helpful posts with Accept as Solution to help other users locate important info. Don't forget to give Kudos for great content!