Skip to content

Commit a7c89ed

Browse files
halibobo1205halibobo1205
committed
add suppressions
1 parent ee27d30 commit a7c89ed

2 files changed

Lines changed: 14 additions & 0 deletions

File tree

.github/workflows/dependency-check.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -48,6 +48,7 @@ jobs:
4848
args: >
4949
--failOnCVSS 7
5050
--enableRetired
51+
--suppression suppressions.xml
5152
- name: Generate timestamp
5253
run: echo "BUILD_TIMESTAMP=$(date -u +"%Y%m%d-%H%M%S")" >> $GITHUB_ENV
5354
- name: Get Repository Name

suppressions.xml

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
<?xml version="1.0" encoding="UTF-8"?>
2+
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.4.xsd">
3+
<suppress>
4+
<notes><![CDATA[file name: java-tron-1.0.0.zip: grpc-netty-1.75.0.jar]]></notes>
5+
<sha1>6edfe492eef2a4e41e247f984d7e1f062fe2f47d</sha1>
6+
<cve>CVE-2019-20444</cve>
7+
</suppress>
8+
<suppress>
9+
<notes><![CDATA[file name: plugins-1.0.0.zip: leveldbjni-all-1.18.2.jar]]></notes>
10+
<packageUrl regex="true">^pkg:maven/io\.github\.tronprotocol/leveldbjni-all@.*$</packageUrl>
11+
<cve>CVE-2018-10906</cve>
12+
</suppress>
13+
</suppressions>

0 commit comments

Comments
 (0)