From b5d30cb007f5b124d06a95c2487e4c3490224b26 Mon Sep 17 00:00:00 2001
From: Lauri Tulmin <ltulmin@splunk.com>
Date: Mon, 9 Jun 2025 09:48:37 +0300
Subject: [PATCH 1/2] Suppress false positive OWASP failures

---
 buildscripts/dependency-check-suppressions.xml | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/buildscripts/dependency-check-suppressions.xml b/buildscripts/dependency-check-suppressions.xml
index af431800c05b..8cba75c87ef0 100644
--- a/buildscripts/dependency-check-suppressions.xml
+++ b/buildscripts/dependency-check-suppressions.xml
@@ -13,4 +13,16 @@
     <vulnerabilityName>CVE-2023-45142</vulnerabilityName>
     <vulnerabilityName>CVE-2023-47108</vulnerabilityName>
   </suppress>
+  <suppress>
+    <!-- detected CVE is for a different project https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17046 -->
+    <packageUrl>pkg:maven/codes.rafael.asmjdkbridge/asm-jdk-bridge@0.0.9</packageUrl>
+    <vulnerabilityName>CVE-2018-17046</vulnerabilityName>
+  </suppress>
+  <suppress>
+    <!-- detected CVEs are json-java not groovy-json, https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45688
+      https://nvd.nist.gov/vuln/detail/cve-2023-5072 -->
+    <packageUrl>pkg:maven/org.codehaus.groovy/groovy-json@3.0.25</packageUrl>
+    <vulnerabilityName>CVE-2022-45688</vulnerabilityName>
+    <vulnerabilityName>CVE-2023-5072</vulnerabilityName>
+  </suppress>
 </suppressions>

From 09e584e78a0000f37bde6a695bdc2d786b6be46a Mon Sep 17 00:00:00 2001
From: Lauri Tulmin <tulmin@gmail.com>
Date: Mon, 9 Jun 2025 13:59:15 +0300
Subject: [PATCH 2/2] Apply suggestions from code review

Co-authored-by: Jay DeLuca <jaydeluca4@gmail.com>
---
 buildscripts/dependency-check-suppressions.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/buildscripts/dependency-check-suppressions.xml b/buildscripts/dependency-check-suppressions.xml
index 8cba75c87ef0..49d116d5550a 100644
--- a/buildscripts/dependency-check-suppressions.xml
+++ b/buildscripts/dependency-check-suppressions.xml
@@ -14,12 +14,12 @@
     <vulnerabilityName>CVE-2023-47108</vulnerabilityName>
   </suppress>
   <suppress>
-    <!-- detected CVE is for a different project https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17046 -->
+    <!-- detected CVE is for a different project https://www.cve.org/CVERecord?id=CVE-2018-17046 -->
     <packageUrl>pkg:maven/codes.rafael.asmjdkbridge/asm-jdk-bridge@0.0.9</packageUrl>
     <vulnerabilityName>CVE-2018-17046</vulnerabilityName>
   </suppress>
   <suppress>
-    <!-- detected CVEs are json-java not groovy-json, https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45688
+    <!-- detected CVEs are json-java not groovy-json, https://www.cve.org/CVERecord?id=CVE-2022-45688
       https://nvd.nist.gov/vuln/detail/cve-2023-5072 -->
     <packageUrl>pkg:maven/org.codehaus.groovy/groovy-json@3.0.25</packageUrl>
     <vulnerabilityName>CVE-2022-45688</vulnerabilityName>