• /
  • Log in
  • Free account

Large number of false positive security vulnerabilities


When a security scan is performed, it reports back with a high number of false positive security vulnerabilities.


Supress the false positives with:

<notes><![CDATA[newrelic-agent false positives due to the instrumentation package]]></notes>
<filePath regex="true">.*newrelic-agent-.*\.jar[\\\/]instrumentation.*\.jar</filePath>
<cpe regex="true">.*


The security scan flagged the .jar files as vulnerable due to the class and method names we use to identify sources for instrumentation. However, our instrumentation code is not part of the vulnerable libraries and the vulnerable libraries do not exist in our .jar files, which contain only New Relic code.

For more help

If you need more help, check out these support and learning resources:

Create issueEdit page
Copyright © 2021 New Relic Inc.