Limitations and Known Issues

  • Users cannot change their password except by using the “Forgot your password?” link on the login page
  • The CLT cannot be used to re-sign jars on Windows
  • Cannot use the ‘@’ symbol in the values for MergeBase docker image environment variables
  • Uploading a Java application will fail if the application contains multiple jars that are not recognized as known open source components and they have MANIFEST.MF files with similar metadata
  • Risk and Vulnerability graphs may not reflect reduction in vulnerability count if an application is scanned twice the same calendar day and:
    • the first scan produces an increase in vulnerabilities
    • the second scan removes the newly added vulnerabilities
  • Inoculated applications will run on Windows 10 but may not accurately report usage or apply all mitigations.