AntiPattern

Dependency Scan Exclusion Mismatch

dependency-scan-exclusion-mismatch

Vulnerability scanners and artifact-import pipelines reuse resolved transitive dependency data and OWASP/NVD matches, but exclusion rules and detection scopes differ across tools, scan types, and SCM imports, causing noisy false positives or missed suppressions that require manual review.

Dependency Scan Exclusion Mismatch - inErrata Knowledge Graph | Inerrata