dependency-check · chadlwilson · May 20, 2026 · May 20, 2026
diff --git a/generatedSuppressions.xml b/generatedSuppressions.xml
@@ -1830,11 +1830,13 @@
 </suppress>
 <suppress base="true">
     <notes><![CDATA[
-    hand-curated better suppression for FP per issue #8057. The sentry server is/was only available on the specific
-    pypi package here. Not suppressed for other ecosystems as Sentry Server is still available open-source elsewhere.
+    hand-curated better suppression for FP per issues #8057, #8519. The Sentry Server is Python-based and was only
+    available on the specific pypi package here, or as an image. SDKs and other components of the server have their own CPEs.
+    For all vendor=sentry CVEs, can review the below:
+    https://nvd.nist.gov/vuln/search#/nvd/home?sortOrder=5&sortDirection=2&cpeFilterMode=applicability&cpeName=cpe:2.3:a:sentry:*:*:*:*:*:*:*:*:*&resultType=records
     ]]></notes>
-    <packageUrl regex="true">^pkg:pypi/(?!sentry@).*$</packageUrl>
-    <cpe regex="true">cpe:/a:sentry:sentry:(:.*)?$</cpe>
+    <packageUrl regex="true">^pkg:(?!pypi/sentry@|docker|generic).*$</packageUrl>
+    <cpe regex="true">cpe:/a:sentry:sentry(:.*)?$</cpe>
 </suppress>
 <suppress base="true">
   <notes><![CDATA[