false positive

falsepositive.log

[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Check for updates complete (1920 ms)
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (1 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (1 seconds)
[INFO] Finished Central Analyzer (3 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (3 seconds)
[INFO] Finished CPE Analyzer (6 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished Cpe Suppression Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (1 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (14 seconds)
[WARNING] 

One or more dependencies were identified with known vulnerabilities in packager:

logback-gelf-0.3.jar (cpe:/a:logback:logback:0.3, me.moocar:logback-gelf:0.3) : CVE-2017-5929
socket-encoder-appender-0.1beta1.jar (cpe:/a:logback:logback:0.1bet, me.moocar:socket-encoder-appender:0.1beta1) : CVE-2017-5929
tomcat-embed-core-8.5.11.jar (cpe:/a:apache:tomcat:8.5.11, org.apache.tomcat.embed:tomcat-embed-core:8.5.11) : CVE-2017-6056, CVE-2016-6325, CVE-2016-5425
spring-boot-starter-data-jpa-1.5.2.RELEASE.jar (cpe:/a:pivotal_software:spring_data_jpa:1.5.2, org.springframework.boot:spring-boot-starter-data-jpa:1.5.2.RELEASE) : CVE-2016-6652