@ symbol for OWASP supression packageUrl

Question

The documentation in https://jeremylong.github.io/DependencyCheck/general/suppression.html shows how you have the option of matching package url for suppressing a false positive. Where does the '@' come from? Intuitively, I can infer that there will be a version number afterwards, but visiting both https://mvnrepository.com/artifact/org.eclipse.jetty/jetty-server/11.0.9 and https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-server/11.0.9/ gives me no clues as to what string it's actually matching against. Is this packageUrl format specific to the dependency check plugin?

<suppress>
        <notes><![CDATA[
        This suppresses a CVE identified by OSS Index using the vulnerability name and packageUrl.
        ]]></notes>
        <packageUrl regex="true">^pkg:maven/org\.eclipse\.jetty/jetty-server@.*$</packageUrl>
        <vulnerabilityName>CVE-2017-7656</vulnerabilityName>
    </suppress>

Thanks!