Typically there's a way to suppress specific warnings in systems like these. In your company's situation, I would look at moving away from a scanning system if it didn't allow overrides like this.
So far this is the best approach I've found. The scanning tools rarely include that ability but if you build tooling around them you can maintain exclusion lists, for particular vulnerabilities, library/version pairs, etc.
Unfortunately it does mean there's no getting around having someone manually deal with false positives.
Unfortunately it does mean there's no getting around having someone manually deal with false positives.