- <?xml version="1.0" encoding="UTF-8"?>
- <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
- <suppress>
- <!-- this suppresses opentelemetry instrumentation modules and artifacts which get misidentified
- as real dependencies like dubbo and prometheus -->
- <packageUrl regex="true">^pkg:maven/io\.opentelemetry[./].*</packageUrl>
- <vulnerabilityName regex="true">^CVE-.*</vulnerabilityName>
- </suppress>
- <suppress>
- <!-- detected CVEs are for otel go and python -->
- <packageUrl regex="true">^pkg:maven/com\.google\.cloud\.opentelemetry/detector-resources-support@.*</packageUrl>
- <vulnerabilityName>CVE-2023-43810</vulnerabilityName>
- <vulnerabilityName>CVE-2023-45142</vulnerabilityName>
- <vulnerabilityName>CVE-2023-47108</vulnerabilityName>
- </suppress>
- </suppressions>
|
