From c55efddc812b173bc0870e755bef3705fd6a14ca Mon Sep 17 00:00:00 2001
From: Jeremy Long <jeremy.long@gmail.com>
Date: Sat, 10 May 2014 06:59:34 -0400
Subject: [PATCH] patch to remove additional false positives due to SCM entries
 in the pom

Former-commit-id: 7f889606bf9ece29121a14167b01ad6f5b93df76
---
 .../java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java  | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
index 4cdeec00d..08b7fb9d7 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
@@ -138,7 +138,8 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
             "include-resource",
             "embed-dependency",
             "ipojo-components",
-            "ipojo-extension");
+            "ipojo-extension",
+            "eclipse-sourcereferences");
     /**
      * item in some manifest, should be considered medium confidence.
      */
@@ -764,6 +765,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
                             && !key.endsWith("class-path")
                             && !key.endsWith("-scm") //todo change this to a regex?
                             && !key.startsWith("scm-")
+                            && !value.trim().startsWith("scm:")
                             && !isImportPackage(key, value)
                             && !isPackage(key, value)) {