[struts] branch master updated: Suppresses some false positives on OWASP Dependency Check

Sun, 26 Nov 2017 23:19:40 -0800 

This is an automated email from the ASF dual-hosted git repository.

lukaszlenart pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/struts.git


The following commit(s) were added to refs/heads/master by this push:
     new 5ef7687  Suppresses some false positives on OWASP Dependency Check
5ef7687 is described below

commit 5ef76872595f00a0d7623e590f012a451615db65
Author: Lukasz Lenart <[email protected]>
AuthorDate: Mon Nov 27 08:19:15 2017 +0100

    Suppresses some false positives on OWASP Dependency Check
---
 pom.xml                         |  3 +++
 src/etc/project-suppression.xml | 19 +++++++++++++++++++
 2 files changed, 22 insertions(+)

diff --git a/pom.xml b/pom.xml
index 222a2d1..5843f02 100644
--- a/pom.xml
+++ b/pom.xml
@@ -273,6 +273,9 @@
                     <artifactId>dependency-check-maven</artifactId>
                     <version>3.0.1</version>
                     <configuration>
+                        <suppressionFiles>
+                            
<suppressionFile>src/etc/project-suppression.xml</suppressionFile>
+                        </suppressionFiles>
                         <failBuildOnCVSS>8</failBuildOnCVSS>
                         <skipProvidedScope>true</skipProvidedScope>
                         <skipRuntimeScope>true</skipRuntimeScope>
diff --git a/src/etc/project-suppression.xml b/src/etc/project-suppression.xml
new file mode 100644
index 0000000..2c2ac0b
--- /dev/null
+++ b/src/etc/project-suppression.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<suppressions 
xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd";>
+    <suppress>
+        <notes><![CDATA[
+        This suppresses false positives identified on Struts Annotations.
+        ]]></notes>
+        <gav 
regex="true">org\.apache\.struts:struts\-annotations\:1\.0\.6</gav>
+        <cpe>cpe:/a:apache:struts:1.0.6</cpe>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[
+        This suppresses false positives identified on Struts 1.
+        ]]></notes>
+        <gav regex="true">org\.apache\.struts\:struts\-*:1\.3\.8</gav>
+        <cpe>cpe:/a:apache:struts:1.3.8</cpe>
+        <cpe>cpe:/a:apache:tiles:1.3.8</cpe>
+        <cpe>cpe:/a:apache:struts:1.3.8</cpe>
+    </suppress>
+</suppressions>
\ No newline at end of file

-- 
To stop receiving notification emails like this one, please contact
['"[email protected]" <[email protected]>'].

Reply via email to