Hello guys,
I’m getting security vulnerabilities for spring web jars in Sonartype scanning, leading Bamboo builds failure.
My question is how to disable the Sonar from scanning these jars? Something like, configure in Gradle, Maven or Bamboo?
We already use 2.2.* version SpringBoot, so upgrade is not considered.
Thanks in advance
Hi Xiaohua,
Thanks for reaching out with your question. It sounds like you have a policy setup in IQ Server to break your builds based on these security vulnerabilities.
This guide might be helpful to understand what is happening and why. Getting Started with IQ Server Remediation - Sonatype Guides
There’s a couple different way to solve this particular problem but it’s highly dependent on your company and their setup. I can reach out to your Customer Success Engineer so they can offer some more in-depth personalized guidance. Who do you work with (feel free to send me a private message if you prefer)?
Cheers,
Nick