I am trying to suppress certain vulnerabilities via a suppression.xml file. I am following the instructions of the assignment prompt by adding in the complete xml documentation to copy and paste into my suppression file. I am getting an error of "InitializationException: Warn initializing the suppression analyzer: Failed to load suppression.xml, caused by org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=14, Column=6: The processing instruction target matching "[xX][mM][lL]" is not allowed.." I do not know why this error is happening. I am fairly new to software security as well.
<suppressions
xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
<suppress>
<notes><![CDATA[
file name: spring-boot-2.2.4.RELEASE.jar
]]></notes>
<packageUrl regex="true">
^pkg:maven/org\.springframework\.boot/spring\-boot@.*$
</packageUrl>
<cve>CVE-2022-27772</cve>
</suppress>
</suppressions>
<suppressions
xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
<suppress>
<notes><![CDATA[
file name: logback-core-1.2.3.jar
]]></notes>
<packageUrl regex="true">
^pkg:maven/ch\.qos\.logback/logback\-core@.*$
</packageUrl>
<cve>CVE-2021-42550</cve>
</suppress>
</suppressions>
The linked screenshot shows that the top elements are provided twice.
You should only declare that once.
Your suppressions look fine. However, all
<supress>tags should be provided sequentially and within the<suppression>tags in the XML file.Try changing your suppression.xml to something like this:
Also: Where did the
</element>tag come from? That can be completely removed.