Add suppression for graalvm compiler (helidon-io#9048)

spericas · Jul 29, 2024 · fb7f95c · fb7f95c
1 parent 2360d3d
commit fb7f95c
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/etc/dependency-check-suppression.xml b/etc/dependency-check-suppression.xml
@@ -113,6 +113,16 @@
    <vulnerabilityName>CVE-2024-20932</vulnerabilityName>
 </suppress>
 
+<!-- This low priority CVE does not apply to our use of the graalvm sdk.
+-->
+<suppress>
+   <notes><![CDATA[
+   file name: graal-sdk-22.3.0.jar
+   ]]></notes>
+   <packageUrl regex="true">^pkg:maven/org\.graalvm\.sdk/graal-sdk@.*$</packageUrl>
+   <vulnerabilityName>CVE-2024-21138</vulnerabilityName>
+</suppress>
+
 <!-- 
     This CVE is being disputed by the Jackson project and the community seems in agreement that this
     CVE should be rejected. We are suppressing this for now to reduce noise in our scan and will