Suppress CVE-2023-35116 as it is a false-positive per issue jeremylon…

…g/DependencyCheck#5779
turing85 · Aug 28, 2023 · d2f37a8 · d2f37a8
1 parent 7d49ba1
commit d2f37a8
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 2 deletions.
diff --git a/pom.xml b/pom.xml
@@ -115,8 +115,6 @@
         <version>${quarkus.platform.version}</version>
         <configuration>
           <skip>${quarkus-maven-plugin.skip}</skip>
-          <!-- TODO: Remove when https://github.com/quarkusio/quarkus/pull/34454 is available -->
-          <skipOriginalJarRename>true</skipOriginalJarRename>
         </configuration>
         <executions>
           <execution>
@@ -147,6 +145,7 @@
           <failBuildOnCVSS>0</failBuildOnCVSS>
           <formats>${dependency-check-maven.formats}</formats>
           <skip>${dependency-check-maven.skip}</skip>
+          <suppressionFile>src/test/resources/owasp-dependency-check.xml</suppressionFile>
         </configuration>
         <executions>
           <execution>

diff --git a/src/test/resources/owasp-dependency-check.xml b/src/test/resources/owasp-dependency-check.xml
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+    <suppress>
+        <notes>False-Positive per issue https://github.com/jeremylong/DependencyCheck/issues/5779</notes>
+        <cve>CVE-2023-35116</cve>
+    </suppress>
+</suppressions>