I have a multi module pom which is checked via the owasp dependency-check. I use the aggregate goal and get a html report file where all vulnerabilities are listed. So far so good. What i like to know is if there is a possibility to show in the report for each vulnerability the module or modules in which the vulnerable dependency is used.
In HMTL-Report I have a list of the maven modules where the vulnerability is found. Is this what you meant? The report was generated with maven in the parent module:
mvn verify dependency-check:aggregate