Skip to main content

Fix example direct vulnerability for Maven

When your pom.xml configuration file specifically references a library, or you add the library to your project as a JAR file, Veracode SCA refers to the library as a direct dependency.

These example steps provide a fix for an Unauthorized Modification of Nodes vulnerability in Apache Kafka, version 0.9.0.1 in the example-java-maven repository.

To complete this task:

  1. Edit the pom.xml file in the root of the project to match this example:

    <dependency>
    <groupId>org.apache.kafka</groupId>
    <artifactId>kafka_2.11</artifactId>
    <version>0.10.2.1</version>
    </dependency>

  2. Validate the fix.