17 lines
855 B
XML
17 lines
855 B
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
|
|
<suppress>
|
|
<!-- this suppresses opentelemetry instrumentation modules and artifacts which get misidentified
|
|
as real dependencies like dubbo and prometheus -->
|
|
<packageUrl regex="true">^pkg:maven/io\.opentelemetry[./].*</packageUrl>
|
|
<vulnerabilityName regex="true">^CVE-.*</vulnerabilityName>
|
|
</suppress>
|
|
<suppress>
|
|
<!-- detected CVEs are for otel go and python -->
|
|
<packageUrl regex="true">^pkg:maven/com\.google\.cloud\.opentelemetry/detector-resources-support@.*</packageUrl>
|
|
<vulnerabilityName>CVE-2023-43810</vulnerabilityName>
|
|
<vulnerabilityName>CVE-2023-45142</vulnerabilityName>
|
|
<vulnerabilityName>CVE-2023-47108</vulnerabilityName>
|
|
</suppress>
|
|
</suppressions>
|