Hello,
We are waiting all the fixes in 6.0.3 for our projects, do you know when 6.0.3 will be out approximatly ?
Thanks ;)
It would be really useful to get an idea on the timeframe for this as we're getting 100s of false positives where a CPE is matching on a substring (e.g. package _npm/content-type_ is matching CPE _content_project\content_).
It would be really useful to get an idea on the timeframe for this as we're getting 100s of false positives where a CPE is matching on a substring (e.g. package _npm/content-type_ is matching CPE _content_project\content_).
Exactly, same problem ;) , you can already add --disableNodeJS flag, only false positives with this, and will be removed soon
@sebastienroux the NodeJS analyzer may not be completely removed - it may be needed for the vendor modules. Still researching this. However, some of the other changes reduced the FP for this analyzer greatly in 6.0.3.
Regarding the release date - I am hoping to get to it this weekend. However, I still have to cycle through the FP reports for node and dotnet.
@jeremylong , not trying to push at all, just curious if you have thoughts on how close 6.0.3 is.
relatively soon - likely this weekend.
We just released 6.0.3.
@jeremylong wonderful, thank you all for the hard work. Appreciated.
I cannot see 6.0.3 coming up in Jenkins yet (it pulls from dl.bintray.com it seems).
Most helpful comment
@sebastienroux the NodeJS analyzer may not be completely removed - it may be needed for the vendor modules. Still researching this. However, some of the other changes reduced the FP for this analyzer greatly in 6.0.3.
Regarding the release date - I am hoping to get to it this weekend. However, I still have to cycle through the FP reports for node and dotnet.