Skip to content

Commit

Permalink
Add false positive suppression for dependency check
Browse files Browse the repository at this point in the history 
 -- CVE-2024-43591 is not applicable
 -- Update azure libraries
  • Loading branch information
@usmansaleem
usmansaleem committed Oct 17, 2024
1 parent af3ee4e commit ea531cd
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 3 deletions.
11 changes: 11 additions & 0 deletions gradle/owasp-suppression.xml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,17 @@
<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
<!-- See https://jeremylong.github.io/DependencyCheck/general/suppression.html for examples -->
<suppress>
<notes><![CDATA[
FALSE POSITIVE
file name: azure-json-1.1.0.jar
As per https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43591
this vulnerability is applicable on Azure Service Connector and Azure CLI.
We are not using these libraries in our code.
]]></notes>
<packageUrl regex="true">^pkg:maven/com\.azure/azure-json@.*$</packageUrl>
<cve>CVE-2024-43591</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: azure-identity-1.13.1.jar
Expand Down
6 changes: 3 additions & 3 deletions gradle/versions.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -128,9 +128,9 @@ dependencyManagement {
dependency 'com.github.arteam:simple-json-rpc-server:1.3'
dependency 'com.github.arteam:simple-json-rpc-client:1.3'

dependency 'com.azure:azure-security-keyvault-secrets:4.8.4'
dependency 'com.azure:azure-security-keyvault-keys:4.8.5'
dependency 'com.azure:azure-identity:1.13.1'
dependency 'com.azure:azure-security-keyvault-secrets:4.8.7'
dependency 'com.azure:azure-security-keyvault-keys:4.8.8'
dependency 'com.azure:azure-identity:1.14.0'

dependency 'com.zaxxer:HikariCP:5.1.0'
dependency 'org.postgresql:postgresql:42.7.3'
Expand Down

0 comments on commit ea531cd

Please sign in to comment.