diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ComposerLockAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ComposerLockAnalyzer.java
index cccfeb010..b154247ac 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ComposerLockAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ComposerLockAnalyzer.java
@@ -105,8 +105,14 @@ public class ComposerLockAnalyzer extends AbstractFileTypeAnalyzer {
             final ComposerLockParser clp = new ComposerLockParser(fis);
             LOGGER.info("Checking composer.lock file {}", dependency.getActualFilePath());
             clp.process();
+            //if dependencies are found in the lock, then there is always an empty shell dependency left behind for the
+    	    		//composer.lock. The first pass through, reuse the top level dependency, and add new ones for the rest.
+            boolean processedAtLeastOneDep = false;
             for (ComposerDependency dep : clp.getDependencies()) {
-                final Dependency d = new Dependency(dependency.getActualFile());
+            		
+            		final Dependency d = new Dependency(dependency.getActualFile());
+            	    
+            			
                 d.setDisplayFileName(String.format("%s:%s/%s", dependency.getDisplayFileName(), dep.getGroup(), dep.getProject()));
                 final String filePath = String.format("%s:%s/%s", dependency.getFilePath(), dep.getGroup(), dep.getProject());
                 final MessageDigest sha1 = getSha1MessageDigest();
@@ -115,8 +121,17 @@ public class ComposerLockAnalyzer extends AbstractFileTypeAnalyzer {
                 d.getVendorEvidence().addEvidence(COMPOSER_LOCK, "vendor", dep.getGroup(), Confidence.HIGHEST);
                 d.getProductEvidence().addEvidence(COMPOSER_LOCK, "product", dep.getProject(), Confidence.HIGHEST);
                 d.getVersionEvidence().addEvidence(COMPOSER_LOCK, "version", dep.getVersion(), Confidence.HIGHEST);
-                LOGGER.info("Adding dependency {}", d);
-                engine.getDependencies().add(d);
+                
+                LOGGER.info("Adding dependency {}", d.getDisplayFileName());
+        			engine.getDependencies().add(d);	
+                
+                //make sure we only remove the main dependency if we went through this loop at least once.
+                	processedAtLeastOneDep = true;
+                }
+            //remove the dependency at the end because it's referenced in the loop itself.
+            if (processedAtLeastOneDep) {
+            		LOGGER.info("Removing main redundant dependency {}",dependency.getDisplayFileName());
+            		engine.getDependencies().remove(dependency);   
             }
         } catch (IOException ex) {
             LOGGER.warn("Error opening dependency {}", dependency.getActualFilePath());