diff --git a/dependencySuppression.xml b/dependencySuppression.xml
new file mode 100644
index 0000000..8fa6429
--- /dev/null
+++ b/dependencySuppression.xml
@@ -0,0 +1,16 @@
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+	<suppress>
+		<notes><![CDATA[
+			Spring Boot devs say this is not a problem
+		]]></notes>
+		<packageUrl regex="true">^pkg:maven/org\.springframework/spring\-web@.*$</packageUrl>
+		<cve>CVE-2016-1000027</cve>
+	</suppress>
+	<suppress>
+		<notes><![CDATA[
+			False positive, CVE only affects plugins and devtools are not included in production builds
+		]]></notes>
+		<packageUrl regex="true">^pkg:maven/org\.springframework\.boot/spring-boot-devtools@.*$</packageUrl>
+		<cve>CVE-2022-31691</cve>
+</suppress>
+</suppressions>
diff --git a/pom.xml b/pom.xml
index 679a775..1dbdd2f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -71,7 +71,6 @@
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-devtools</artifactId>
 			<optional>true</optional>
-			<scope>runtime</scope>
 		</dependency>
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
@@ -342,6 +341,9 @@
 						<nvdApiServerId>nvd</nvdApiServerId>
 						<failBuildOnCVSS>7</failBuildOnCVSS>
 						<ossIndexServerId>ossindex</ossIndexServerId>
+						<suppressionFiles>
+							<suppressionFile>${project.basedir}/dependencySuppression.xml</suppressionFile>
+						</suppressionFiles>
 					</configuration>
 				</plugin>
 			</plugins>