As usual, this would’ve been much easier to give help if you included your current config.
You could do something like
apply plugin: 'org.owasp.dependencycheck'
configurations {
suppressions { transitive = false }
}
dependencies {
suppressions 'foo:my-suppressions:1.0'
}
dependencyCheckAnalyze {
suppressionFiles = zipTree(configurations.supressions.singleFile).matching {
include 'path/to/suppressions.xml'
}
}
Some Gradle purists (including myself) would move the unzipping to another task so that the dependency download is done in the execution phase rather than the configuration phase in my example above