Skip to content
This repository has been archived by the owner on Apr 11, 2024. It is now read-only.

Commit

Permalink
Update dependency check to v8 (#1008)
Browse files Browse the repository at this point in the history 
* Update build.gradle

* update cve suppressions

* update cve suppressions - 22044

* update cve suppressions - 22044

* update cve suppressions - 22044

* updating suppressions
  • Loading branch information
@StevensonSi
StevensonSi committed Feb 6, 2023
1 parent 43aaee9 commit da86497
Show file tree
Hide file tree
Showing 2 changed files with 38 additions and 1 deletion.
2 changes: 1 addition & 1 deletion build.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ plugins {
id 'uk.gov.hmcts.java' version '0.12.12'
id 'org.springframework.boot' version '2.3.5.RELEASE'
id 'com.github.ben-manes.versions' version '0.39.0'
id 'org.owasp.dependencycheck' version '6.2.2'
id 'org.owasp.dependencycheck' version '8.0.2'
id 'org.sonarqube' version '3.3'
id "info.solidsoft.pitest" version '1.7.0'
}
Expand Down
37 changes: 37 additions & 0 deletions config/owasp/suppressions.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,4 +70,41 @@
]]></notes>
<cve>CVE-2022-45143</cve>
</suppress>
<suppress until = "2023-03-08">
<notes><![CDATA[
file name: bcprov-jdk15on-1.64.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.bouncycastle/bcprov\-jdk15on@.*$</packageUrl>
<vulnerabilityName>CVE-2020-15522</vulnerabilityName>
</suppress>
<suppress until="2023-03-08">
<notes><![CDATA[
file name: spring-cloud-netflix-ribbon-2.2.9.RELEASE.jar
file name: spring-cloud-netflix-hystrix-2.2.9.RELEASE.jar
file name: spring-cloud-netflix-archaius-2.2.9.RELEASE.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.springframework\.cloud/spring\-cloud\-.*netflix.*@.*$</packageUrl>
<cve>CVE-2021-22053</cve>
</suppress>
<suppress until="2023-03-08">
<notes><![CDATA[
file name: spring-security-crypto-5.7.1.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$</packageUrl>
<cve>CVE-2022-31692</cve>
</suppress>
<suppress until="2023-03-08">
<notes><![CDATA[
file name: spring-security-crypto-5.7.1.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$</packageUrl>
<cve>CVE-2022-31690</cve>
</suppress>
<suppress until = "2023-03-08">
<notes><![CDATA[
file name: spring-cloud-openfeign-core-2.2.9.RELEASE.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org.springframework\.cloud/spring-cloud-.*openfeign.*@.*$</packageUrl>
<cve>CVE-2021-22044</cve>
</suppress>
</suppressions>

0 comments on commit da86497

Please sign in to comment.