fix: Avoid FPs when Composer product name has php (#7486)

aikebah · web-flow · commit e12fadd918b7 · 2025-03-01T23:06:19.000+01:00
diff --git a/core/src/main/resources/dependencycheck-base-suppression.xml b/core/src/main/resources/dependencycheck-base-suppression.xml
@@ -361,10 +361,28 @@
     <suppress base="true">
         <notes><![CDATA[
         FP per #2972
+        hyphenated PHP library vendor names
         ]]></notes>
         <packageUrl regex="true">^pkg:composer/php\-.*$</packageUrl>
         <cpe>cpe:/a:php:php</cpe>
     </suppress>
+    <suppress base="true">
+        <notes><![CDATA[
+        FP per #2972 + #7444
+        hyphenated PHP library product names (prefix)
+        ]]></notes>
+        <packageUrl regex="true">^pkg:composer/[^/]+/php[\-_].*$</packageUrl>
+        <cpe>cpe:/a:php:php</cpe>
+    </suppress>
+    <suppress base="true">
+        <notes><![CDATA[
+        FP per #2972 + #7444
+        hyphenated PHP library product names (suffix)
+        including number suffix, e.g., `symfony/polyfill-php80`
+        ]]></notes>
+        <packageUrl regex="true">^pkg:composer/[^/]+/.*[\-_]php[0-9]*@.*$</packageUrl>
+        <cpe>cpe:/a:php:php</cpe>
+    </suppress>
     <suppress base="true">
         <notes><![CDATA[
         FP per #2957
