hs.hsadmin.ng/etc/owasp-dependency-check-suppression.xml

<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
    <suppress>
        <notes><![CDATA[
           Internal tooling, not exposed to the Internet.
       ]]></notes>
        <packageUrl regex="true">^pkg:maven/org\.pitest/pitest\-command\-line@.*$</packageUrl>
        <cpe>cpe:/a:line:line</cpe>
    </suppress>
    <suppress>
        <notes><![CDATA[
          file name: logback-core-1.5.12.jar
          A successful attack requires the user to have write access to a configuration file or environment vars.
        ]]></notes>
        <packageUrl regex="true">^pkg:maven/ch\.qos\.logback/logback-core@.*$</packageUrl>
        <cpe>cpe:/a:qos:logback</cpe>
        <cve>CVE-2024-12798</cve>
    </suppress>

</suppressions>
add OWASP dependencyCheck 2022-08-04 12:26:41 +02:00			`<?xml version="1.0" encoding="UTF-8"?>`
			`<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">`
SpringBoot, Gradle, Java etc. version upgrades and add OWASP API key via gradle.properties 2024-01-03 09:24:14 +01:00			`<suppress>`
			`<notes><![CDATA[`
			`Internal tooling, not exposed to the Internet.`
			`]]></notes>`
			`<packageUrl regex="true">^pkg:maven/org\.pitest/pitest\-command\-line@.*$</packageUrl>`
			`<cpe>cpe:/a:line:line</cpe>`
			`</suppress>`
fix allowed licenses, do version upgrades upgrade and improve test coverage (#112) Co-authored-by: Michael Hoennig <michael@hoennig.de> Reviewed-on: https://dev.hostsharing.net/hostsharing/hs.hsadmin.ng/pulls/112 Reviewed-by: Marc Sandlus <marc.sandlus@hostsharing.net> 2024-10-10 09:31:43 +02:00			`<suppress>`
			`<notes><![CDATA[`
dependency-versions-upgrade and exclusion (#144) Co-authored-by: Michael Hoennig <michael@hoennig.de> Reviewed-on: https://dev.hostsharing.net/hostsharing/hs.hsadmin.ng/pulls/144 Reviewed-by: Marc Sandlus <marc.sandlus@hostsharing.net> 2025-01-09 09:28:30 +01:00			`file name: logback-core-1.5.12.jar`
			`A successful attack requires the user to have write access to a configuration file or environment vars.`
fix allowed licenses, do version upgrades upgrade and improve test coverage (#112) Co-authored-by: Michael Hoennig <michael@hoennig.de> Reviewed-on: https://dev.hostsharing.net/hostsharing/hs.hsadmin.ng/pulls/112 Reviewed-by: Marc Sandlus <marc.sandlus@hostsharing.net> 2024-10-10 09:31:43 +02:00			`]]></notes>`
dependency-versions-upgrade and exclusion (#144) Co-authored-by: Michael Hoennig <michael@hoennig.de> Reviewed-on: https://dev.hostsharing.net/hostsharing/hs.hsadmin.ng/pulls/144 Reviewed-by: Marc Sandlus <marc.sandlus@hostsharing.net> 2025-01-09 09:28:30 +01:00			`<packageUrl regex="true">^pkg:maven/ch\.qos\.logback/logback-core@.*$</packageUrl>`
			`<cpe>cpe:/a:qos:logback</cpe>`
			`<cve>CVE-2024-12798</cve>`
fix allowed licenses, do version upgrades upgrade and improve test coverage (#112) Co-authored-by: Michael Hoennig <michael@hoennig.de> Reviewed-on: https://dev.hostsharing.net/hostsharing/hs.hsadmin.ng/pulls/112 Reviewed-by: Marc Sandlus <marc.sandlus@hostsharing.net> 2024-10-10 09:31:43 +02:00			`</suppress>`
dependency-versions-upgrade and exclusion (#144) Co-authored-by: Michael Hoennig <michael@hoennig.de> Reviewed-on: https://dev.hostsharing.net/hostsharing/hs.hsadmin.ng/pulls/144 Reviewed-by: Marc Sandlus <marc.sandlus@hostsharing.net> 2025-01-09 09:28:30 +01:00
add OWASP dependencyCheck 2022-08-04 12:26:41 +02:00			`</suppressions>`