Skip to main content

Fix example direct vulnerability for Gradle

When your build.gradle configuration file specifically references a library, or you add the library to your project as a JAR file, Veracode SCA refers to the library as a direct dependency.

These example steps provide a fix for an Unauthorized Modification of Nodes vulnerability in Apache Kafka, version 0.9.0.1 in the example-java-gradle repository.

To complete this task:

  1. Edit the build.gradle file in the root of the project, and edit the dependencies scope to match this example:

    compile 'org.apache.kafka:kafka_2.11:0.10.2.1'

  2. Validate the fix.