chore: add suppressions and support for maven local (#16)

re: moderneinc/dependency-vulnerability-reports#709
openrewrite · Aug 12, 2024 · f494272 · f494272
1 parent 8ca92e7
commit f494272
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 0 deletions.
diff --git a/settings.gradle.kts b/settings.gradle.kts
@@ -1,5 +1,12 @@
 rootProject.name = "rewrite-third-party"
 
+pluginManagement {
+    repositories {
+        mavenLocal()
+        gradlePluginPortal()
+    }
+}
+
 plugins {
     id("com.gradle.enterprise") version "latest.release"
     id("com.gradle.common-custom-user-data-gradle-plugin") version "1.12.1"

diff --git a/suppressions.xml b/suppressions.xml
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+    <suppress until="2024-09-25Z">
+        <notes><![CDATA[
+   file name: quarkus-update-recipes-1.0.19.jar
+       sev: HIGH
+         reason: False positive. Reference only
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/io\.quarkus/quarkus-update-recipes@.*$</packageUrl>
+        <cpe>cpe:/a:quarkus:quarkus</cpe>
+    </suppress>
+    <suppress until="2024-09-25Z">
+        <notes><![CDATA[
+   file name: testng-7.5.jar
+       sev: HIGH
+         reason: False positive. Reference only
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.testng/testng@.*$</packageUrl>
+        <vulnerabilityName>CVE-2022-4065</vulnerabilityName>
+    </suppress>
+</suppressions>