Skip to content

Commit

Permalink
Update OWASP suppression file
Browse files Browse the repository at this point in the history
  • Loading branch information
@rjeberhard
rjeberhard committed Aug 24, 2023
1 parent 6363874 commit b6c4ce7
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 31 deletions.
35 changes: 5 additions & 30 deletions build-tools/dependency-check/dependency-check-suppression.xml
View file
Original file line number Diff line number Diff line change
@@ -1,29 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
<suppress>
<packageUrl regex="true">^pkg:maven/jakarta\.ws\.rs/jakarta\.ws\.rs-api@.*$</packageUrl>
<cpe>cpe:/a:eclipse:eclipse_ide</cpe>
</suppress>
<suppress>
<packageUrl regex="true">^pkg:maven/io\.kubernetes/client\-java@.*$</packageUrl>
<cpe>cpe:/a:kubernetes:kubernetes</cpe>
</suppress>
<suppress>
<packageUrl regex="true">^pkg:maven/io\.kubernetes/client\-java\-api@.*$</packageUrl>
<cpe>cpe:/a:kubernetes:kubernetes</cpe>
</suppress>
<suppress>
<packageUrl regex="true">^pkg:maven/io\.kubernetes/client\-java\-api\-fluent@.*$</packageUrl>
<cpe>cpe:/a:kubernetes:kubernetes</cpe>
</suppress>
<suppress>
<packageUrl regex="true">^pkg:maven/io\.kubernetes/client\-java\-proto@.*$</packageUrl>
<cpe>cpe:/a:kubernetes:kubernetes</cpe>
</suppress>
<suppress>
<packageUrl regex="true">^pkg:maven/com\.google\.protobuf/protobuf\-java@.*$</packageUrl>
<cpe>cpe:/a:google:protobuf-java</cpe>
</suppress>
<suppress>
<packageUrl regex="true">^pkg:maven/oracle\.kubernetes/weblogic\-kubernetes\-operator@.*$</packageUrl>
<cpe>cpe:/a:kubernetes:kubernetes</cpe>
Expand All @@ -45,11 +21,10 @@
<cpe>cpe:/a:kubernetes:kubernetes</cpe>
</suppress>
<suppress>
<packageUrl regex="true">^pkg:maven/org\.jetbrains\.kotlin/kotlin\-stdlib\-jdk7@.*$</packageUrl>
<cpe>cpe:/a:jetbrains:kotlin</cpe>
</suppress>
<suppress>
<packageUrl regex="true">^pkg:maven/org\.jetbrains\.kotlin/kotlin\-stdlib\-jdk8@.*$</packageUrl>
<cpe>cpe:/a:jetbrains:kotlin</cpe>
<notes><![CDATA[
This CVE is in dispute for the very reason that it does not apply to us. We do not use databind for processing protocol data, but use it to write our own objects.
]]></notes>
<packageUrl regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson-databind@.*$</packageUrl>
<vulnerabilityName>CVE-2023-35116</vulnerabilityName>
</suppress>
</suppressions>
2 changes: 1 addition & 1 deletion pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -307,7 +307,7 @@
<configuration>
<skip>${skip.dependency-check}</skip>
<skipTestScope>true</skipTestScope>
<failBuildOnAnyVulnerability>false</failBuildOnAnyVulnerability>
<failBuildOnCVSS>0</failBuildOnCVSS>
<assemblyAnalyzerEnabled>false</assemblyAnalyzerEnabled>
<formats>
<format>HTML</format>
Expand Down

0 comments on commit b6c4ce7

Please sign in to comment.