[FP]: Checkstyle CVEs reported against detekt 2's checkstyle-reporter

[xcq1]

Package URl

pkg:maven/dev.detekt/detekt-report-checkstyle@2.0.0-alpha.2

CPE

cpe:2.3:a:checkstyle:checkstyle:2.0.0.2:*:*:*:*:*:*:*

CVE

No response

ODC Integration

{"label" => "Gradle Plugin"}

ODC Version

12.2.0

Description

After switching to detekt 2, I'm seeing 2019 checkstyle CVEs reported for the detekt checkstyle report dependency (which appears to be bundled in their gradle plugin by default).

[github-actions]

Maven Coordinates

<dependency>
  <groupId>dev.detekt</groupId>
  <artifactId>detekt-report-checkstyle</artifactId>
  <version>2.0.0-alpha.2</version>
</dependency>

Suppression rule:

<suppress base="true">
    <notes><![CDATA[
    FP per issue #8397
    ]]></notes>
    <packageUrl regex="true">^pkg:maven/dev\.detekt/detekt-report-checkstyle@.*$</packageUrl>
    <cpe>cpe:/a:checkstyle:checkstyle</cpe>
</suppress>

Link to test results: https://github.com/dependency-check/DependencyCheck/actions/runs/23847535410

[chadlwilson]

approved

[github-actions]

Suppress rule has been added to the generatedSuppressions branch.