Fix example direct vulnerability for Ant
When your configuration file specifically references a library, or you add the library to your project as a JAR file, Veracode SCA refers to the library as a direct dependency.
These example steps provide a fix for an Unauthorized Modification of Nodes vulnerability in Apache Kafka, version 0.9.0.1 in the example-java-ant repository.
To complete this task:
Delete the
kafka_2.11-0.9.0.1.jar
file in thelibsrc/
directory.The
libsrc/
directory is the location where you store the JAR files for your project.From the issue details page, click the link to the appropriate version of the Apache Kafka library in Maven Central.
Within that page, select the download link for the Apache Kafka JAR file.
Download the JAR file to the
libsrc/
directory.