fix(fp): extend Sentry server CPE suppression to other ecosystems

[chadlwilson]

Description of Change

This is an extension of earlier PR #8058 to suppress for other ecosystems - excluding docker, generic.

There are hundreds of sentry packages across various ecossytems, from maven to composer, cargo, npm, rubygems, go and swift. The self-hosted server is Python (and typescript) based and used to be distributed on the previously excluded Python package, but is now distributed as docker images with pre-compiled Python: https://github.com/getsentry/sentry/blob/master/self-hosted/Dockerfile

This is all a bit of a minefield, but it should be relatively safe to extend the suppression as suggested here, while still matching for folks against the self-hosted instance (even though we don't support discovering docker dependencies right now).

Related issues

• fixes [FP]: io.sentry:sentry matched to getsentry:sentry CPE #8519

Have test cases been added to cover the new functionality?

yes/no

[Copilot]

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

Updates a hand-curated suppression to reduce false positives for Sentry Server CVEs by refining the notes and the suppression match patterns.

Changes:

• Expanded the suppression notes with additional issue context and an NVD query link.
• Modified the packageUrl regex to broaden/adjust which ecosystems are affected by the suppression.
• Adjusted the cpe regex to match cpe:/a:sentry:sentry with optional suffix.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.