Hi,
I am having some problems with my Jenkins clustered configuration. At moment I have one controller and 3 Linux slaves. Since we have tons a jobs I preferred configure the private Maven repository's strategy with "Local to Executor". In this way jobs can share the same repository.

Check Dependency plugin intercepts dependency non declared in some pom.xml because it looks at all files presents in the maven repository at executor level.

Below, the instructions that you can use to reproduce the problem:

1. configure jenkins job "A"
git repo: https://github.com/EugenioMarzo/test-my-app.git
Use private Maven repository: local to executor
Check Dependency => Path to scan: $JENKINS_HOME/maven-repositories

2. configure jenkins job "B"
git repo: https://github.com/EugenioMarzo/test-my-app2.git
Use private Maven repository: local to executor
Check Dependency => Path to scan: $JENKINS_HOME/maven-repositories

test-my-app and test-my-app2 are different. The first contains hibernate-validator-annotation-processor.4.3.0.Final that is a vulnerability. The second container hibernate-validator-annotation-processor.4.3.0.Final.4.3.0.Final and xwork-core.2.3.15.3 that are both vulnerabilities.

3. Run the job A, the plugin will give one warning
4. Run the job B, the plugin will return more warnings
5. Run again the job A, the plugin will return more warnings instead of one.

If I use Check-dependency as plugin Maven from command line there is not this problem.

Thank you,
Eugenio