add more false positives to the suppression list

2026-01-16 00:33:46 +01:00 · 2016-02-25 18:01:21 -05:00
parent f630794e22
commit 9592f058d4
1 changed files with 78 additions and 1 deletions
--- a/dependency-check-core/src/main/resources/dependencycheck-base-suppression.xml
+++ b/dependency-check-core/src/main/resources/dependencycheck-base-suppression.xml
@@ -161,6 +161,13 @@
        <gav regex="true">.*\bhk2\b.*</gav>
        <cpe>cpe:/a:oracle:glassfish</cpe>
    </suppress>
+    <suppress base="true">
+        <notes><![CDATA[
+        HK2-utils is flagged as glassfish.
+        ]]></notes>
+        <filePath regex="true">.*\bhk2-utils.*\.jar</filePath>
+        <cpe>cpe:/a:oracle:glassfish</cpe>
+    </suppress>
    <suppress base="true">
        <notes><![CDATA[
        file name: petals-se-camel-1.0.0.jar - false positive for apache camel.
@@ -233,6 +240,76 @@
            Note, there will be more false positives for Netty. Trying to figure out a better suppression.
        ]]></notes>
        <gav regex="true">com.typesafe.netty:netty-http-pipelining:.*</gav>
-        <cpe>cpe:/a:netty_project:netty:1.1.4</cpe>
+        <cpe>cpe:/a:netty_project:netty</cpe>
+    </suppress>
+    <suppress base="true">
+        <notes><![CDATA[
+        JVM instrumentation to Ganglia
+        ]]></notes>
+        <gav regex="true">info\.ganglia\.gmetric4j:gmetric4j:.*</gav>
+        <cpe>cpe:/a:ganglia:ganglia</cpe>
+    </suppress>
+    <suppress base="true">
+        <notes><![CDATA[
+        A reporter for Metrics which announces measurements to a Ganglia cluster
+        ]]></notes>
+        <gav regex="true">io\.dropwizard\.metrics:metrics-ganglia:.*</gav>
+        <cpe>cpe:/a:ganglia:ganglia</cpe>
+    </suppress>
+    <suppress base="true">
+        <notes><![CDATA[
+        drop wizard false positives
+        ]]></notes>
+        <gav regex="true">io\.dropwizard:dropwizard-jetty:.*</gav>
+        <cpe>cpe:/a:jetty:jetty</cpe>
+    </suppress>
+    <suppress base="true">
+        <notes><![CDATA[
+        drop wizard false positives
+        ]]></notes>
+        <gav regex="true">io\.dropwizard\.metrics:metrics-jetty:.*</gav>
+        <cpe>cpe:/a:jetty:jetty</cpe>
+    </suppress>
+    <suppress base="true">
+        <notes><![CDATA[
+        drop wizard false positives
+        ]]></notes>
+        <gav regex="true">org\.eclipse\.jetty\.toolchain\.setuid:jetty-setuid-java:.*</gav>
+        <cpe>cpe:/a:jetty:jetty</cpe>
+    </suppress>
+    <suppress base="true">
+        <notes><![CDATA[
+        drop wizard false positives
+        ]]></notes>
+        <gav regex="true">org\.eclipse\.jetty:jetty-io:.*</gav>
+        <cpe>cpe:/a:jetty:jetty</cpe>
+    </suppress>
+    <suppress base="true">
+        <notes><![CDATA[
+        drop wizard false positives
+        ]]></notes>
+        <gav regex="true">org\.eclipse\.jetty\.http2:http2-hpack:.*</gav>
+        <cpe>cpe:/a:jetty:jetty</cpe>
+    </suppress>
+    <suppress base="true">
+        <notes><![CDATA[
+        drop wizard false positives
+        ]]></notes>
+        <gav regex="true">io\.dropwizard\.metrics:metrics-httpclient:.*</gav>
+        <cpe>cpe:/a:apache:httpclient</cpe>
+    </suppress>
+    <suppress base="true">
+        <notes><![CDATA[
+        false positive in drop wizard
+        ]]></notes>
+        <filePath regex="true">.*\.(jar|ear|war|pom)</filePath>
+        <cpe>cpe:/a:tiger:tiger</cpe>
+    </suppress>
+    <suppress base="true">
+        <notes><![CDATA[
+        php cpe
+        ]]></notes>
+        <filePath regex="true">.*\.(jar|exe|dll|ear|war|pom)</filePath>
+        <cpe>cpe:/a:class:class</cpe>
    </suppress>
 </suppressions>