Fix/suppress dependency audit issues

2 files changed, 18 insertions, 0 deletions

diff --git a/android/e2e/build.gradle.kts b/android/e2e/build.gradle.kts
index 07e80769db..4804dfba70 100644
--- a/android/e2e/build.gradle.kts
+++ b/android/e2e/build.gradle.kts
@@ -100,6 +100,7 @@ configure<org.owasp.dependencycheck.gradle.extension.DependencyCheckExtension> {
     // path. The alternative would be to suppress specific CVEs, however that could potentially
     // result in suppressed CVEs in project compilation class path.
     skipConfigurations = listOf("lintClassPath")
+    suppressionFile = "$projectDir/e2e-suppression.xml"
 }
 
 dependencies {
@@ -109,5 +110,6 @@ dependencies {
     implementation(Dependencies.AndroidX.testRules)
     implementation(Dependencies.AndroidX.testUiAutomator)
     implementation(Dependencies.androidVolley)
+    implementation(Dependencies.junit)
     implementation(Dependencies.Kotlin.stdlib)
 }
diff --git a/android/e2e/e2e-suppression.xml b/android/e2e/e2e-suppression.xml
new file mode 100644
index 0000000000..a3be14e7b4
--- /dev/null
+++ b/android/e2e/e2e-suppression.xml
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+    <suppress>
+        <notes><![CDATA[
+        This CVE only affect Multiplatform Gradle Projects, which this project is not.
+        ]]></notes>
+        <cve>CVE-2022-24329</cve>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[
+        This CVE is a false positive as the description refers to a GO library (github.com/containers/storage).
+        ]]></notes>
+        <packageUrl regex="true">^pkg:maven/androidx\.test\.services/storage@.*$</packageUrl>
+        <cve>CVE-2021-20291</cve>
+    </suppress>
+</suppressions>