maven - Why would Sonatype IQ scan report Guava vulnerability when 'mvn dependency:tree' does not show Guava at all? - Stack Overflow

Why would Sonatype IQ scan report show (in IntelliJ-IDEA) a Guava vulnerability when mvn dependency:tree does not show Guava at all? Here is my Sonatype scan result, with a Level-7 Critical vulnera

June 2018 - devel - Fedora Mailing-Lists

java - Failed to read artifact descriptor for com.google.guava (nexus) - Stack Overflow

解决：dependencies.dependency.version' for com.google.guava:guava:jar is missing.-CSDN博客

Maven: dependency appears in effective pom but not in dependency tree

Unnecessary-looking dependencies · Issue #2824 · google/guava · GitHub

yandex-big-data-analysis/Week2-Hive-Assignment-2-DML:-Find-Most-Popular-Tags.ipynb at master · lpenet/yandex-big-data-analysis · GitHub

Maven dependencies not resolved correctly during filesystem scan - properties · Issue #2145 · aquasecurity/trivy · GitHub

Damn Vulnerable Web App (DVWA): Lesson 7: Automate SQL Injection with SqlMap

spring - NexusIQ scan report - Stack Overflow

Older Release Notes

BUG] dependency with circular dependencies causes StackOverflowError · Issue #76 · sonatype-nexus-community/scan-gradle-plugin · GitHub

java - IntelliJ IDEA does not recognise maven dependencies (omitted for conflict with ) - Stack Overflow

IQ Server vulnerability information contains the Root Cause – Sonatype Support