Avoid noise from non-prod libraries

chadlwilson · chadlwilson · commit cb0b90357536 · 2023-09-27T13:13:11.000+08:00
diff --git a/build-config/dependency-check-suppressions.xml b/build-config/dependency-check-suppressions.xml
@@ -1,15 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
 
-  <suppress>
-    <notes><![CDATA[
-    Recce doesn't use the H2 console so is not affected by these apparent vulnerabilities.
-    ]]></notes>
-    <packageUrl regex="true">^pkg:maven/com\.h2database/h2@.*$</packageUrl>
-    <cve>CVE-2018-14335</cve>
-    <cve>CVE-2022-45868</cve>
-  </suppress>
-
   <suppress>
     <notes><![CDATA[
     This is a false positive "noise" CVE: https://github.com/FasterXML/jackson-databind/issues/3972
diff --git a/build.gradle.kts b/build.gradle.kts
@@ -167,8 +167,7 @@ dependencies {
 dependencyCheck {
     failBuildOnCVSS = 1f
     suppressionFile = "build-config/dependency-check-suppressions.xml"
-    scanConfigurations = listOf("runtimeClasspath", "testRuntimeClasspath")
-    skipTestGroups = false
+    scanConfigurations = listOf("runtimeClasspath")
     analyzers.assemblyEnabled = false // Unneeded, and creates warning noise
 }
 

Original file line number	Diff line number	Diff line change
`@@ -167,8 +167,7 @@ dependencies {`
`167`	`167`	`dependencyCheck {`
`168`	`168`	`failBuildOnCVSS = 1f`
`169`	`169`	`suppressionFile = "build-config/dependency-check-suppressions.xml"`
`170`		`- scanConfigurations = listOf("runtimeClasspath", "testRuntimeClasspath")`
`171`		`- skipTestGroups = false`
	`170`	`+ scanConfigurations = listOf("runtimeClasspath")`
`172`	`171`	`analyzers.assemblyEnabled = false // Unneeded, and creates warning noise`
`173`	`172`	`}`
`174`	`173`