diff --git a/.github/workflows/dependency-check.yml b/.github/workflows/dependency-check.yml
index 14ba0ccbf8..53c649c0ca 100644
--- a/.github/workflows/dependency-check.yml
+++ b/.github/workflows/dependency-check.yml
@@ -67,3 +67,11 @@ jobs:
## ‼️ Dependency Check findings ‼️
One or more high/critical findings have been found during dependency check. Please check the depenency report:
https://github.com/catenax-ng/tx-traceability-foss/actions/runs/${{ github.run_id }}
+
+ - name: add PR comment
+ uses: mshick/add-pr-comment@v2
+ if: success()
+ with:
+ message: |
+ ## ✅ No Dependency Check findings were found
+
diff --git a/CHANGELOG.md b/CHANGELOG.md
index e209131e98..bd72f654dc 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -25,6 +25,8 @@ to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
- handling for invalid LocalDate string provided in filterCriteria for date related filtering
- support for filtering join tables for Specification searchCriteria
- added PR comment in case of HIGH/CRITICAL dependency check findings
+- Functionality to indicate that no Dependency Check findings occur in a PR
+- Badge to show successful Dependency Check status
### Changed
- Updated user manual to reflect the table column settings feature
@@ -42,6 +44,7 @@ to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
- changed assetAsBuilt filtering manufacturerId to businessPartner
- IRS-Client-Lib from 1.2.1-SNAPSHOT to 1.4.0
- Decoupled dependency check in a separate GitHub action
+- Mitigated Dependency Check findings
### Removed
- Removed &filterOperator=AND from filtering requests
diff --git a/README.md b/README.md
index fc3a43c613..ec4ad0eb48 100644
--- a/README.md
+++ b/README.md
@@ -8,6 +8,7 @@
[![VeraCode Backend](https://github.com/eclipse-tractusx/traceability-foss/actions/workflows/veracode_backend.yml/badge.svg)](https://github.com/eclipse-tractusx/traceability-foss/actions/workflows/veracode_backend.yml)
[![VeraCode Frontend](https://github.com/eclipse-tractusx/traceability-foss/actions/workflows/veracode_frontend.yml/badge.svg)](https://github.com/eclipse-tractusx/traceability-foss/actions/workflows/veracode_frontend.yml)
[![Eclipse DASH IP Check](https://github.com/eclipse-tractusx/traceability-foss/actions/workflows/eclipse-dash.yml/badge.svg)](https://github.com/eclipse-tractusx/traceability-foss/actions/workflows/eclipse-dash.yml)
+[![[BE] Dependency check](https://github.com/catenax-ng/tx-traceability-foss/actions/workflows/dependency-check.yml/badge.svg)](https://github.com/catenax-ng/tx-traceability-foss/actions/workflows/dependency-check.yml)
## Trace-X is a system for tracking parts along the supply chain.
#### A high level of transparency across the supplier network enables faster intervention based on a recorded event in the supply chain. This saves costs by seamlessly tracking parts and creates trust through clearly defined and secure data access by the companies and persons involved in the process.
diff --git a/dependency_check/suppressions.xml b/dependency_check/suppressions.xml
index 1ba696e733..9ce5eb4df6 100644
--- a/dependency_check/suppressions.xml
+++ b/dependency_check/suppressions.xml
@@ -39,4 +39,43 @@ SPDX-License-Identifier: Apache-2.0
91e1628251cf3ca90093ce9d0fe67e5b7dab3850
CVE-2023-33201
+
+
+ ^pkg:maven/org\.eclipse\.jetty.*@.*$
+ CVE-2023-36478
+ CVE-2023-44487
+
+
+
+ ^pkg:maven/org\.eclipse\.edc/jetty\-core@.*$
+ CVE-2017-7657
+ CVE-2017-7658
+ CVE-2009-5045
+ CVE-2009-5045
+ CVE-2017-7656
+ CVE-2017-9735
+ CVE-2022-2048
+ CVE-2023-44487
+
+
+
+
+ ^pkg:maven/org\.eclipse\.jetty\.toolchain/jetty\-jakarta\-websocket\-api@.*$
+
+ CVE-2017-7657
+ CVE-2017-7658
+ CVE-2009-5045
+ CVE-2017-7656
+ CVE-2017-9735
+ CVE-2022-2048
+ CVE-2020-27216
+
+
+
diff --git a/tx-backend/pom.xml b/tx-backend/pom.xml
index 984fa009c5..5c9b701c1a 100644
--- a/tx-backend/pom.xml
+++ b/tx-backend/pom.xml
@@ -171,6 +171,26 @@ SPDX-License-Identifier: Apache-2.0
org.springframework.boot
spring-boot-starter-web
+
+
+ org.apache.tomcat.embed
+ tomcat-embed-core
+
+
+ org.apache.tomcat.embed
+ tomcat-embed-websocket
+
+
+
+
+ org.apache.tomcat.embed
+ tomcat-embed-core
+ 10.1.15
+
+
+ org.apache.tomcat.embed
+ tomcat-embed-websocket
+ 10.1.15
org.springframework.cloud
@@ -402,12 +422,6 @@ SPDX-License-Identifier: Apache-2.0
1.1.0
test
-
-
- org.eclipse.jetty
- jetty-http
- 11.0.17
-
diff --git a/tx-models/pom.xml b/tx-models/pom.xml
index f76c8955fc..dfa3edc6f3 100644
--- a/tx-models/pom.xml
+++ b/tx-models/pom.xml
@@ -52,6 +52,26 @@ SPDX-License-Identifier: Apache-2.0
org.springframework.boot
spring-boot-starter-web
+
+
+ org.apache.tomcat.embed
+ tomcat-embed-core
+
+
+ org.apache.tomcat.embed
+ tomcat-embed-websocket
+
+
+
+
+ org.apache.tomcat.embed
+ tomcat-embed-core
+ 10.1.15
+
+
+ org.apache.tomcat.embed
+ tomcat-embed-websocket
+ 10.1.15