Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to make Dependency Track to suppress certain VULs? #2579

Closed
2 tasks done
qianwch opened this issue Mar 8, 2023 · 2 comments
Closed
2 tasks done

How to make Dependency Track to suppress certain VULs? #2579

qianwch opened this issue Mar 8, 2023 · 2 comments
Labels
duplicate This issue or pull request already exists

Comments

@qianwch
Copy link

qianwch commented Mar 8, 2023

Current Behavior

I am using docker version of dependency track.
Some VULs are definitely false, for an example CVE-2022-28111.
So we need to configure Dependency Track to ignore such VULs, then we could get less false notifications.
I have tried to use /data/.dependency-track/dependency-check/suppressions.xml or /data/.dependency-track/suppressions.xml file:

<?xml version="1.0" encoding="UTF-8"?>
<suppressions>
<suppress>
   <notes><![CDATA[
    Ignored CVEs
   ]]></notes>
  <cve>CVE-2022-22965</cve>
  <cve>GHSA-36p3-wjmg-h94x</cve>
  <cve>sonatype-2022-1764</cve>
  <cve>CVE-2022-28111</cve>
  <cve>GHSA-w559-623p-vfg8</cve>
</suppress>
</suppressions>

But no luck! I have searched a lot, but still no clue.

Proposed Behavior

The VULs could be ignored.

Checklist
@qianwch qianwch added the enhancement New feature or request label Mar 8, 2023
@nscuro
Copy link
Member

nscuro commented Mar 8, 2023

Duplicate of #1495

@nscuro nscuro marked this as a duplicate of #1495 Mar 8, 2023
@nscuro nscuro closed this as not planned Won't fix, can't repro, duplicate, stale Mar 8, 2023
@nscuro nscuro added duplicate This issue or pull request already exists and removed enhancement New feature or request labels Mar 8, 2023
@github-actions
Copy link
Contributor

github-actions bot commented Apr 8, 2023

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Apr 8, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
duplicate This issue or pull request already exists
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nscuro @qianwch