Apache OFBiz and Apache Tomcat 8.0.33
I use OWASP Dependency Check to check OFBiz 3rd parties libs. We use Tomcat embedded in OFBiz. When I recently upgraded to Tomcat 8.0.33 (from 7.0.68) I found that all Tomcat libs we use needed 2 or 3 suppressions. Please see the link ("Here is the last suppress file") to our suppress.xml file at https://cwiki.apache.org/confluence/display/OFBIZ/About+OWASP+Dependency+Check.
Would there be a way to avoid that, with only one suppression for the whole Tomcat libs for instance?