Uses proper suppresses to exclude vulnerable Oval transitive dependencies

commit: 677f769bb71b6bdd08e271937e5b89a14c995d24 [log] [tgz]
author: Lukasz Lenart <lukaszlenart@apache.org> Mon May 18 07:57:11 2020 +0200
committer: Lukasz Lenart <lukaszlenart@apache.org> Mon May 18 07:57:28 2020 +0200
tree: 85843ebf47823a351e94666844a4f5ec5ca4e271
parent: 1f98c86104fb8d7fa54353da40381a8a0fe8d43f [diff]
diff --git a/src/etc/project-suppression.xml b/src/etc/project-suppression.xml
index f00cc85..35b6e53 100644
--- a/src/etc/project-suppression.xml
+++ b/src/etc/project-suppression.xml

@@ -150,7 +150,22 @@
     </suppress>
     <suppress>
         <notes><![CDATA[file name: oval-1.90.jar]]></notes>
-        <packageUrl regex="true">^pkg:maven/net\.sf\.oval/oval@1\.90$</packageUrl>
-        <vulnerabilityName>Vulnerable transitive dependencies</vulnerabilityName>
+        <packageUrl regex="true">^pkg:maven/net\.sf\.oval/oval@.*$</packageUrl>
+        <cpe>cpe:/a:apache:groovy</cpe>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[file name: oval-1.90.jar]]></notes>
+        <packageUrl regex="true">^pkg:maven/net\.sf\.oval/oval@.*$</packageUrl>
+        <cpe>cpe:/a:apache:log4j</cpe>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[file name: oval-1.90.jar]]></notes>
+        <packageUrl regex="true">^pkg:maven/net\.sf\.oval/oval@.*$</packageUrl>
+        <cpe>cpe:/a:jruby:jruby</cpe>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[file name: oval-1.90.jar]]></notes>
+        <packageUrl regex="true">^pkg:maven/net\.sf\.oval/oval@.*$</packageUrl>
+        <cpe>cpe:/a:xstream_project:xstream</cpe>
     </suppress>
 </suppressions>
\ No newline at end of file
commit	677f769bb71b6bdd08e271937e5b89a14c995d24	[log] [tgz]
author	Lukasz Lenart <lukaszlenart@apache.org>	Mon May 18 07:57:11 2020 +0200
committer	Lukasz Lenart <lukaszlenart@apache.org>	Mon May 18 07:57:28 2020 +0200
tree	85843ebf47823a351e94666844a4f5ec5ca4e271
parent	1f98c86104fb8d7fa54353da40381a8a0fe8d43f [diff]