I'm fixing flaws from my application's Veracode static scan result, and I'm realizing that it is analyzing third party libraries in addition to my source code. For instance, it's looking at the Apache Commons libraries and it is finding flaws inside it.
How can I instruct Veracode not to scan those third party libraries?
It was solved. Including the jars in then war's buildpath instead of passing it with my code made the thing