diff --git a/buildSrc/src/main/kotlin/otel.java-conventions.gradle.kts b/buildSrc/src/main/kotlin/otel.java-conventions.gradle.kts
index 8e7211d0a..e65c69538 100644
--- a/buildSrc/src/main/kotlin/otel.java-conventions.gradle.kts
+++ b/buildSrc/src/main/kotlin/otel.java-conventions.gradle.kts
@@ -192,6 +192,7 @@ afterEvaluate {
 
 dependencyCheck {
   scanConfigurations = mutableListOf("runtimeClasspath")
+  suppressionFile = "buildscripts/dependency-check-suppressions.xml"
   failBuildOnCVSS = 7.0f // fail on high or critical CVE
   nvd.apiKey = System.getenv("NVD_API_KEY")
   nvd.delay = 3500 // until next dependency check release (https://github.com/jeremylong/DependencyCheck/pull/6333)
diff --git a/buildscripts/dependency-check-suppressions.xml b/buildscripts/dependency-check-suppressions.xml
new file mode 100644
index 000000000..a808ebe9f
--- /dev/null
+++ b/buildscripts/dependency-check-suppressions.xml
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+  <suppress>
+    <!-- this package is misidentified by OWASP as an Android app named "Wire" -->
+    <packageUrl regex="true">^pkg:maven/com\.squareup\.wire/wire-runtime-jvm@.*$</packageUrl>
+    <cpe>cpe:/a:wire:wire</cpe>
+  </suppress>
+  <suppress>
+    <!-- this package is misidentified by OWASP as Prometheus server -->
+    <packageUrl regex="true">^pkg:maven/io\.opentelemetry/opentelemetry-exporter-prometheus@.*$</packageUrl>
+    <cpe>cpe:/a:prometheus:prometheus</cpe>
+  </suppress>
+</suppressions>