NSP analyzer suppressions

[Marcello Teodori]

Hello, how can I add a suppression for a vulnerability found on a node package via NSP?

I am using the maven plugin and I get:

One or more dependencies were identified with known vulnerabilities in Activiti Admin:

package.json?jquery (jquery:2.0.3) : 328

The report doesn't show the suppression xml snippet I can copy from and there are no CVE/CPE I can refer to.

Thanks for any input

[Steve Springett]

Currently, suppressions for NSP are not supported, but will be in a future release. 

Unlike use of the NVD, false positives are much less common when using NSP. What is common however, are transitive dependencies in tests and jQuery is a common culprit. These are not false positives but I agree that many orgs would like to suppress them.

If you find a true false positive from NSP, please create an issue on GitHub.

— Steve

--
You received this message because you are subscribed to the Google Groups "Dependency Check" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dependency-che...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Marcello Teodori]

thanks, for the time being I am just skipping the NSP check as I have a mixed java/javascript maven project and can deal with the frontend vulnerabilities later