nifi/nifi-dependency-check-maven/suppressions.xml

<?xml version="1.0" encoding="UTF-8"?>
<!--
  Licensed to the Apache Software Foundation (ASF) under one or more
  contributor license agreements. See the NOTICE file distributed with
  this work for additional information regarding copyright ownership.
  The ASF licenses this file to You under the Apache License, Version 2.0
  (the "License"); you may not use this file except in compliance with
  the License. You may obtain a copy of the License at
  http://www.apache.org/licenses/LICENSE-2.0
  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  See the License for the specific language governing permissions and
  limitations under the License.
-->
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
    <suppress>
        <notes>NiFi packages contain other project names, which can cause incorrect identification</notes>
        <packageUrl regex="true">^pkg:maven/org\.apache\.nifi.*$</packageUrl>
        <cpe regex="true">^cpe:.*$</cpe>
    </suppress>
    <suppress>
        <notes>Meta MX HTTP Client is incorrectly identified as Netty</notes>
        <packageUrl regex="true">^pkg:maven/com\.metamx/http\-client@.*$</packageUrl>
        <cpe>cpe:/a:netty:netty</cpe>
    </suppress>
    <suppress>
        <notes>Testcontainers MySQL is incorrectly identified with MySQL server</notes>
        <packageUrl regex="true">^pkg:maven/org\.testcontainers/mysql@.*$</packageUrl>
        <cpe>cpe:/a:mysql:mysql</cpe>
    </suppress>
    <suppress>
        <notes>StumbleUpon Async is incorrectly identified as the JavaScript Async library</notes>
        <packageUrl regex="true">^pkg:maven/com\.stumbleupon/async@.*$</packageUrl>
        <cve>CVE-2021-43138</cve>
    </suppress>
    <suppress>
        <notes>HBase Async is incorrectly identified as the JavaScript Async library</notes>
        <packageUrl regex="true">^pkg:maven/org\.hbase/asynchbase@.*$</packageUrl>
        <cve>CVE-2021-43138</cve>
    </suppress>
    <suppress>
        <notes>Jetty SSLEngine is incorrectly identified with Jetty Server</notes>
        <packageUrl regex="true">^pkg:maven/org\.mortbay\.jetty/jetty\-sslengine@.*$</packageUrl>
        <cpe regex="true">^cpe:.*$</cpe>
    </suppress>
    <suppress>
        <notes>MySQL Binary Log Connector is incorrectly identified as MySQL server</notes>
        <packageUrl regex="true">^pkg:maven/com\.github\.shyiko/mysql\-binlog\-connector\-java@.*$</packageUrl>
        <cpe>cpe:/a:mysql:mysql</cpe>
    </suppress>
    <suppress>
        <notes>Testcontainers MariaDB is incorrectly identified with MariaDB server</notes>
        <packageUrl regex="true">^pkg:maven/org\.testcontainers/mariadb@.*$</packageUrl>
        <cpe>cpe:/a:mariadb:mariadb</cpe>
    </suppress>
    <suppress>
        <notes>Twill ZooKeeper is incorrectly identified with ZooKeeper server</notes>
        <packageUrl regex="true">^pkg:maven/org\.apache\.twill/twill\-zookeeper@.*$</packageUrl>
        <cpe>cpe:/a:apache:zookeeper</cpe>
    </suppress>
</suppressions>