We have a set of old jar files which contains well known CVEs and we have a project for removing these libraries. Besides that, we have other CVEs and I want the teams to focus on these ones and forget the other ones. So I'd need to exclude these jar files (or the CVEs triggered by these jar files) in Sonar.
When I look at Sonar doc, I don't find the way to exclude CVEs. It's easy to exclude java or css rules, but CVEs don't have ids so I cant' figure out how to exclude them.
Similarly, it's easy to exclude source files from the analysis, but I don't find a way to say "don't care about this jar file".
Any help appreciated...