c4153ecbfb
* add pmd and owasp dependency check through -P owasp profile * suppress full stack trace in log * revert to spring 2.2.0 as 2.2.4 failed in travis * added owasp dependency check maven configuration details to vulenerable lesson page 7
41 lines
1.4 KiB
XML
41 lines
1.4 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
|
|
<suppress base="true">
|
|
<notes><![CDATA[
|
|
This suppresses false positives identified on spring framework.
|
|
]]></notes>
|
|
<cpe>cpe:/a:pivotal_software:spring_framework</cpe>
|
|
<cve>CVE-2020-5398</cve>
|
|
</suppress>
|
|
<suppress base="true">
|
|
<notes><![CDATA[
|
|
This suppresses false positives identified on spring framework.
|
|
]]></notes>
|
|
<cpe>cpe:/a:redhat:undertow</cpe>
|
|
<cve>CVE-2019-14888</cve>
|
|
</suppress>
|
|
<suppress base="true">
|
|
<notes><![CDATA[
|
|
This suppresses false positives identified on spring framework.
|
|
]]></notes>
|
|
<cpe>cpe:/a:pivotal_software:spring_security</cpe>
|
|
<cve>CVE-2018-1258</cve>
|
|
</suppress>
|
|
<suppress base="true">
|
|
<cpe>cpe:/a:jruby:jruby</cpe>
|
|
<cve>CVE-2018-1000613</cve>
|
|
<cve>CVE-2018-1000180</cve>
|
|
<cve>CVE-2017-18640</cve>
|
|
<cve>CVE-2011-4838</cve>
|
|
</suppress>
|
|
<suppress base="true"><!-- vulnerable components lesson -->
|
|
<cpe>cpe:/a:xstream_project:xstream</cpe>
|
|
<cve>CVE-2017-7957</cve>
|
|
<cve>CVE-2016-3674</cve>
|
|
</suppress>
|
|
<suppress base="true"><!-- webgoat-server -->
|
|
<cpe>cpe:/a:postgresql:postgresql</cpe>
|
|
<cve>CVE-2018-10936</cve>
|
|
</suppress>
|
|
</suppressions>
|