u/Agreeable-Price8343

Been using Dependency-Check for years. Starting to feel like it’s mostly noise now. CPE matching is still messy, false positives are common, and the suppression file becomes its own maintenance project.

Do you find it still useful? Or it became a legacy checkbox scanner?

[ Removed by Reddit on account of violating the content policy. ]