suppression.xml

<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
   
   <!-- Example suppression for false positives -->
   <!-- 
   <suppress>
      <notes>False positive - this is a test dependency only used in development</notes>
      <gav>com.example:test-library:1.0.0</gav>
      <cve>CVE-2023-1234</cve>
   </suppress>
   -->
   
   <!-- Example suppression for acceptable risk -->
   <!-- 
   <suppress>
      <notes>Acceptable risk - low severity, no direct exposure</notes>
      <gav>com.example:low-risk-lib:2.0.0</gav>
      <cve>CVE-2023-5678</cve>
   </suppress>
   -->
   
   <!-- Example suppression for specific CVE across all versions -->
   <!-- 
   <suppress>
      <notes>Known issue being tracked, acceptable for now</notes>
      <cve>CVE-2023-9999</cve>
   </suppress>
   -->
   
</suppressions>