i have a question on where DepShield actually looks at when checking maven projects is it the dependencies section of the pom.xml only or also the dependencyManagement section or something completely different.
Reason for asking is I have a GitHub Maven Project which consist only of a couple of pom.xml Files which define dependencyMangement and pluginManagement and Version properties used by them. These are intended to be used as maven parents or as maven bom for other maven projects. The idea behind it is to align 3rdParty dependencies on projects to the sam current veesion. Now I just would like to know that when I enable DepShield for that GitHub Project will it actually file issues to it when there is something in the dependencyMangement section with a Version defined by a property which is vulnerable or does it need a Project using that in ist dependencies section for an issue to be filed.
In my case it would be nice if DepShield would look at the DependencyMangement section.
Url for what I am talking about is GitHub - agilhard-oss/agilhard-align-modules: Maven pom/bom for Dependency Alignment and Maven Project Parents