github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-18 09:37:38 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
da20fb29220d24083466b84c07ba4db9809aa6f7
DependencyCheck/dependency-check-core/src/main/resources/dependencycheck-base-suppression.xml
Jeremy Long da20fb2922 added velocity-tools to base suppression as it should not be reported as struts 
Former-commit-id: 4649d95a091def05ae249da42aa7d6f845b14d59
2014-08-30 07:48:02 -04:00

27 lines
1.1 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://www.owasp.org/index.php/OWASP_Dependency_Check_Suppression">
<suppress>
<notes><![CDATA[
This suppresses false positives identified on spring security.
]]></notes>
<gav regex="true">org\.springframework\.security:spring.*</gav>
<cpe>cpe:/a:mod_security:mod_security</cpe>
<cpe>cpe:/a:springsource:spring_framework</cpe>
<cpe>cpe:/a:vmware:springsource_spring_framework</cpe>
</suppress>
<suppress>
<notes><![CDATA[
This suppreses additional false positives for the xstream library that occur because spring has a copy of this library.
com.springsource.com.thoughtworks.xstream-1.3.1.jar
]]></notes>
<gav regex="true">com\.thoughtworks\.xstream:xstream:.*</gav>
<cpe>cpe:/a:springsource:spring_framework</cpe>
</suppress>
<suppress>
<notes><![CDATA[
Suppresses false positives on velocity tools.
]]></notes>
<gav regex="true">org.apache.velocity:velocity-tools:.*</gav>
<cpe>cpe:/a:apache:struts</cpe>
</suppress>
</suppressions>
Reference in New Issue View Git Blame Copy Permalink