feat: package and utilize generated suppression file

core/pom.xml

@@ -100,6 +100,26 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
             </testResource>
         </testResources>
         <plugins>
+            <plugin>
+                <groupId>org.codehaus.mojo</groupId>
+                <artifactId>exec-maven-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <phase>process-resources</phase>
+                        <goals>
+                            <goal>exec</goal>
+                        </goals>
+                    </execution>
+                </executions>
+                <configuration>
+                    <executable>wget</executable>
+                    <arguments>
+                        <argument>-O</argument>
+                        <argument>${project.build.directory}/classes/generated-suppressions.xml</argument>
+                        <argument>https://dependency-check.github.io/DependencyCheck/suppressions/publishedSuppressions.xml</argument>
+                    </arguments>
+                </configuration>
+            </plugin>
             <plugin>
                 <groupId>org.jsonschema2pojo</groupId>
                 <artifactId>jsonschema2pojo-maven-plugin</artifactId>

core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractSuppressionAnalyzer.java

@@ -68,6 +68,10 @@ public abstract class AbstractSuppressionAnalyzer extends AbstractAnalyzer {
      * The file name of the base suppression XML file.
      */
     private static final String BASE_SUPPRESSION_FILE = "dependencycheck-base-suppression.xml";
+    /**
+     * The file name of the generated suppression XML file.
+     */
+    private static final String GENERATED_SUPPRESSION_FILE = "generated-suppressions.xml";
     /**
      * The key used to store and retrieve the suppression files.
      */
@@ -195,17 +199,28 @@ private void loadSuppressionBaseData(final Engine engine) throws SuppressionPars
      * @throws SuppressionParseException thrown if the XML cannot be parsed.
      */
     private void loadPackagedSuppressionBaseData(final SuppressionParser parser, final Engine engine) throws SuppressionParseException {
+        loadPackagedSuppressionBaseData(BASE_SUPPRESSION_FILE, parser, engine);
+        loadPackagedSuppressionBaseData(GENERATED_SUPPRESSION_FILE, parser, engine);
+    }
+    /**
+     * Loads the base suppression rules packaged with the application.
+     *
+     * @param parser The suppression parser to use
+     * @param engine a reference the dependency-check engine
+     * @throws SuppressionParseException thrown if the XML cannot be parsed.
+     */
+    private void loadPackagedSuppressionBaseData(final String packagedFileName, final SuppressionParser parser, final Engine engine) throws SuppressionParseException {
         List<SuppressionRule> ruleList = null;
         final URL jarLocation = AbstractSuppressionAnalyzer.class.getProtectionDomain().getCodeSource().getLocation();
         String suppressionFileLocation = jarLocation.getFile();
         if (suppressionFileLocation.endsWith(".jar")) {
-            suppressionFileLocation = "jar:file:" + suppressionFileLocation + "!/" + BASE_SUPPRESSION_FILE;
+            suppressionFileLocation = "jar:file:" + suppressionFileLocation + "!/" + packagedFileName;
         } else if (suppressionFileLocation.startsWith("nested:") && suppressionFileLocation.endsWith(".jar!/")) {
             // suppressionFileLocation -> nested:/app/app.jar/!BOOT-INF/lib/dependency-check-core-<version>.jar!/
             // goal->                 jar:nested:/app/app.jar/!BOOT-INF/lib/dependency-check-core-<version>.jar!/dependencycheck-base-suppression.xml
-            suppressionFileLocation = "jar:" + suppressionFileLocation + BASE_SUPPRESSION_FILE;
+            suppressionFileLocation = "jar:" + suppressionFileLocation + packagedFileName;
         } else {
-            suppressionFileLocation = "file:" + suppressionFileLocation + BASE_SUPPRESSION_FILE;
+            suppressionFileLocation = "file:" + suppressionFileLocation + packagedFileName;
         }
         URL baseSuppresssionURL = null;
         try {

pom.xml

@@ -187,6 +187,11 @@ Copyright (c) 2012 - Jeremy Long
         <defaultGoal>clean install</defaultGoal>
         <pluginManagement>
             <plugins>
+                <plugin>
+                    <groupId>org.codehaus.mojo</groupId>
+                    <artifactId>exec-maven-plugin</artifactId>
+                    <version>3.6.2</version>
+                </plugin>
                 <plugin>
                     <groupId>org.jsonschema2pojo</groupId>
                     <artifactId>jsonschema2pojo-maven-plugin</artifactId>