From 63f6baf260eb9daa866c805fb48ea3931ecbf6b4 Mon Sep 17 00:00:00 2001
From: Arvind Krishnakumar
 <61501885+arvindkrishnakumar-okta@users.noreply.github.com>
Date: Mon, 19 Sep 2022 17:01:10 -0500
Subject: [PATCH] suppress false positive cve

---
 src/owasp/owasp-suppression.xml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/owasp/owasp-suppression.xml b/src/owasp/owasp-suppression.xml
index b834d26ea..97470d59f 100644
--- a/src/owasp/owasp-suppression.xml
+++ b/src/owasp/owasp-suppression.xml
@@ -26,5 +26,12 @@
         <cve>CVE-2016-1000027</cve>
     </suppress>
 
+    <!-- False positive, see https://github.com/jeremylong/DependencyCheck/issues/4839 -->
+    <suppress base="true">
+        <notes><![CDATA[ FP per issue #4839 ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.yaml/snakeyaml@.*$</packageUrl>
+        <cve>CVE-2022-38752</cve>
+    </suppress>
+
 </suppressions>