sonarqube/sonar-application/dependency-check-suppressions.xml

<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd">
  <!--
  TODO : Remove this snippet when sonar-plugin-api-deps is removed
  -->
  <suppress>
    <notes><![CDATA[
   file name: sonar-core-6.7-SNAPSHOT.jar: sonar-plugin-api-deps.jar/META-INF/maven/org.apache.commons/commons-email/pom.xml
   ]]></notes>
    <gav regex="true">^org\.apache\.commons:commons-email:.*$</gav>
    <cpe>cpe:/a:apache:commons_email</cpe>
  </suppress>
  <suppress>
    <notes><![CDATA[
   file name: sonar-core-6.7-SNAPSHOT.jar: sonar-plugin-api-deps.jar/META-INF/maven/ch.qos.logback/logback-core/pom.xml
   ]]></notes>
    <gav regex="true">^ch\.qos\.logback:logback-core:.*$</gav>
    <cpe>cpe:/a:logback:logback</cpe>
  </suppress>
  <suppress>
    <notes><![CDATA[
   file name: sonar-core-6.7-SNAPSHOT.jar: sonar-plugin-api-deps.jar/META-INF/maven/ch.qos.logback/logback-classic/pom.xml
   ]]></notes>
    <gav regex="true">^ch\.qos\.logback:logback-classic:.*$</gav>
    <cpe>cpe:/a:logback:logback</cpe>
  </suppress>
  <!--
  End of TODO
  -->

  <!-- False positive -->

  <!-- Protobuf (issue on C++ side) -->
  <suppress>
    <notes><![CDATA[
   file name: sonar-scanner-engine-shaded-6.7-SNAPSHOT.jar/META-INF/maven/com.google.protobuf/protobuf-java/pom.xml
   file name: sonar-csharp-plugin-6.4.1.3596.jar: protobuf-java-3.1.0.jar
   ]]></notes>
    <gav regex="true">^com\.google\.protobuf:protobuf-java:.*$</gav>
    <cpe>cpe:/a:google:protobuf</cpe>
  </suppress>
  <suppress>
    <notes><![CDATA[
   file name: sonar-csharp-plugin-6.4.1.3596.jar: SonarAnalyzer-6.4.1.3596.zip: Google.Protobuf.dll
   ]]></notes>
    <filePath regex="true">^.*Google.Protobuf.dll$</filePath>
    <cve>CVE-2015-5237</cve>
  </suppress>

  <!-- Tomcat -->
  <suppress>
    <notes><![CDATA[
   file name: tomcat-annotations-api-8.5.23.jar
   ]]></notes>
    <gav regex="true">^org\.apache\.tomcat:tomcat-annotations-api:.*$</gav>
    <cpe>cpe:/a:apache:tomcat</cpe>
    <cpe>cpe:/a:apache_software_foundation:tomcat</cpe>
    <cpe>cpe:/a:apache_tomcat:apache_tomcat</cpe>
  </suppress>


  <!-- MsSQL -->
  <suppress>
    <notes><![CDATA[
   file name: mssql-jdbc-6.2.2.jre8.jar
   ]]></notes>
    <gav regex="true">^com\.microsoft\.sqlserver:mssql-jdbc:.*$</gav>
    <cpe>cpe:/a:microsoft:sql_server:6.2.2.jre8</cpe>
    <cpe>cpe:/a:microsoft:project_server:6.2.2.jre8</cpe>
    <cpe>cpe:/a:microsoft:server:6.2.2.jre8</cpe>
  </suppress>

  <!-- MySQL Driver -->
  <suppress>
    <notes><![CDATA[
   file name: mysql-connector-java-5.1.44.jar
   ]]></notes>
    <gav regex="true">^mysql:mysql-connector-java:.*$</gav>
    <cpe>cpe:/a:oracle:mysql_connectors</cpe>
    <cpe>cpe:/a:mysql:mysql:5.1.44</cpe>
    <cpe>cpe:/a:oracle:connector/j:5.1.44</cpe>
    <cpe>cpe:/a:oracle:mysql:5.1.44</cpe>
    <cpe>cpe:/a:sun:mysql_connector/j:5.1.44</cpe>
  </suppress>

  <!-- Flex plugin -->
  <suppress>
    <notes><![CDATA[
   file name: sonar-flex-plugin-2.3.jar/META-INF/maven/org.sonarsource.flex/flex-checks/pom.xml
   ]]></notes>
    <gav regex="true">^org\.sonarsource\.flex:flex-checks:.*$</gav>
    <cpe>cpe:/a:flex_project:flex</cpe>
  </suppress>
  <suppress>
    <notes><![CDATA[
   file name: sonar-flex-plugin-2.3.jar
   ]]></notes>
    <gav regex="true">^org\.sonarsource\.flex:sonar-flex-plugin:.*$</gav>
    <cpe>cpe:/a:flex_project:flex</cpe>
  </suppress>

  <!-- PHP plugin -->
  <suppress>
    <notes><![CDATA[
   file name: sonar-php-plugin-2.10.0.2087.jar
   ]]></notes>
    <gav regex="true">^org\.sonarsource\.php:sonar-php-plugin:.*$</gav>
    <cpe>cpe:/a:php:php</cpe>
  </suppress>
  <suppress>
    <notes><![CDATA[
   file name: php-checks-2.10.0.2087.jar
   ]]></notes>
    <gav regex="true">^org\.sonarsource\.php:php-checks:.*$</gav>
    <cpe>cpe:/a:php:php</cpe>
  </suppress>
  <suppress>
    <notes><![CDATA[
   file name: php-frontend-2.10.0.2087.jar
   ]]></notes>
    <gav regex="true">^org\.sonarsource\.php:php-frontend:.*$</gav>
    <cpe>cpe:/a:php:php</cpe>
  </suppress>

  <!-- Python plugin -->
  <suppress>
    <notes><![CDATA[
   file name: sonar-python-plugin-1.8.0.1496.jar
   ]]></notes>
    <gav regex="true">^org\.sonarsource\.python:sonar-python-plugin:.*$</gav>
    <cpe>cpe:/a:python:python</cpe>
    <cpe>cpe:/a:python_software_foundation:python</cpe>
  </suppress>
  <suppress>
    <notes><![CDATA[
   file name: sonar-python-plugin-1.8.0.1496.jar/META-INF/maven/org.sonarsource.python/python-checks/pom.xml
   ]]></notes>
    <gav regex="true">^org\.sonarsource\.python:python-checks:.*$</gav>
    <cpe>cpe:/a:python:python</cpe>
    <cpe>cpe:/a:python_software_foundation:python</cpe>
  </suppress>

  <!-- Git plugin -->
  <suppress>
    <notes><![CDATA[
   file name: sonar-scm-git-plugin-1.3.0.869.jar
   ]]></notes>
    <gav regex="true">^org\.sonarsource\.scm\.git:sonar-scm-git-plugin:.*$</gav>
    <cpe>cpe:/a:git:git</cpe>
    <cpe>cpe:/a:git_project:git</cpe>
    <cpe>cpe:/a:git-scm:git</cpe>
  </suppress>

  <!-- SVN plugin -->
  <suppress>
    <notes><![CDATA[
   file name: sonar-scm-svn-plugin-1.6.0.860.jar
   ]]></notes>
    <gav regex="true">^org\.sonarsource\.scm\.svn:sonar-scm-svn-plugin:.*$</gav>
    <cpe>cpe:/a:subversion:subversion</cpe>
  </suppress>
  <suppress>
    <notes><![CDATA[
   file name: sonar-scm-svn-plugin-1.6.0.860.jar: sqljet-1.1.10.jar
   ]]></notes>
    <gav regex="true">^org\.tmatesoft\.sqljet:sqljet:.*$</gav>
    <cpe>cpe:/a:sqlite:sqlite</cpe>
  </suppress>

  <!-- Squid plugin -->
  <suppress>
    <notes><![CDATA[
   file name: sonar-xml-plugin-1.4.3.1027.jar: xml-squid-1.4.3.1027.jar
   ]]></notes>
    <gav regex="true">^org\.sonarsource\.xml:xml-squid:.*$</gav>
    <cpe>cpe:/a:squid:squid</cpe>
  </suppress>
</suppressions>