Skip to content

Commit b6c4ce7

Browse files
rjeberhardrjeberhard
committed
Update OWASP suppression file
1 parent 6363874 commit b6c4ce7

File tree

2 files changed

+6
-31
lines changed

2 files changed

+6
-31
lines changed

build-tools/dependency-check/dependency-check-suppression.xml

Lines changed: 5 additions & 30 deletions
Original file line numberDiff line numberDiff line change
@@ -1,29 +1,5 @@
11
<?xml version="1.0" encoding="UTF-8"?>
22
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
3-
<suppress>
4-
<packageUrl regex="true">^pkg:maven/jakarta\.ws\.rs/jakarta\.ws\.rs-api@.*$</packageUrl>
5-
<cpe>cpe:/a:eclipse:eclipse_ide</cpe>
6-
</suppress>
7-
<suppress>
8-
<packageUrl regex="true">^pkg:maven/io\.kubernetes/client\-java@.*$</packageUrl>
9-
<cpe>cpe:/a:kubernetes:kubernetes</cpe>
10-
</suppress>
11-
<suppress>
12-
<packageUrl regex="true">^pkg:maven/io\.kubernetes/client\-java\-api@.*$</packageUrl>
13-
<cpe>cpe:/a:kubernetes:kubernetes</cpe>
14-
</suppress>
15-
<suppress>
16-
<packageUrl regex="true">^pkg:maven/io\.kubernetes/client\-java\-api\-fluent@.*$</packageUrl>
17-
<cpe>cpe:/a:kubernetes:kubernetes</cpe>
18-
</suppress>
19-
<suppress>
20-
<packageUrl regex="true">^pkg:maven/io\.kubernetes/client\-java\-proto@.*$</packageUrl>
21-
<cpe>cpe:/a:kubernetes:kubernetes</cpe>
22-
</suppress>
23-
<suppress>
24-
<packageUrl regex="true">^pkg:maven/com\.google\.protobuf/protobuf\-java@.*$</packageUrl>
25-
<cpe>cpe:/a:google:protobuf-java</cpe>
26-
</suppress>
273
<suppress>
284
<packageUrl regex="true">^pkg:maven/oracle\.kubernetes/weblogic\-kubernetes\-operator@.*$</packageUrl>
295
<cpe>cpe:/a:kubernetes:kubernetes</cpe>
@@ -45,11 +21,10 @@
4521
<cpe>cpe:/a:kubernetes:kubernetes</cpe>
4622
</suppress>
4723
<suppress>
48-
<packageUrl regex="true">^pkg:maven/org\.jetbrains\.kotlin/kotlin\-stdlib\-jdk7@.*$</packageUrl>
49-
<cpe>cpe:/a:jetbrains:kotlin</cpe>
50-
</suppress>
51-
<suppress>
52-
<packageUrl regex="true">^pkg:maven/org\.jetbrains\.kotlin/kotlin\-stdlib\-jdk8@.*$</packageUrl>
53-
<cpe>cpe:/a:jetbrains:kotlin</cpe>
24+
<notes><![CDATA[
25+
This CVE is in dispute for the very reason that it does not apply to us. We do not use databind for processing protocol data, but use it to write our own objects.
26+
]]></notes>
27+
<packageUrl regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson-databind@.*$</packageUrl>
28+
<vulnerabilityName>CVE-2023-35116</vulnerabilityName>
5429
</suppress>
5530
</suppressions>

pom.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -307,7 +307,7 @@
307307
<configuration>
308308
<skip>${skip.dependency-check}</skip>
309309
<skipTestScope>true</skipTestScope>
310-
<failBuildOnAnyVulnerability>false</failBuildOnAnyVulnerability>
310+
<failBuildOnCVSS>0</failBuildOnCVSS>
311311
<assemblyAnalyzerEnabled>false</assemblyAnalyzerEnabled>
312312
<formats>
313313
<format>HTML</format>

0 commit comments

Comments
 (0)