Augment Failure Report with first level dependency if transitive vulnerable dependency
albuch opened this issue · comments
Alexander v. Buchholtz commented
Is your feature request related to a problem? Please describe.
If a transitive dependency has a vulnerability it would be great to directly see which actual dependency defined in the build pulls the vulnerability in without the need to manually check the dependency tree.
Describe the solution you'd like
Display the dependency graph for a vulnerable dependency in the log output.
Describe alternatives you've considered
Manually running jrudolphs dependencyTree