Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refactor Java metadata: use top-level maven metadata & deprecate scope from PomProperties #3377

Open
kzantow opened this issue Oct 23, 2024 · 0 comments
Open

Refactor Java metadata: use top-level maven metadata & deprecate scope from PomProperties #3377

kzantow opened this issue Oct 23, 2024 · 0 comments
Labels
bug Something isn't working
Milestone
Syft 2.0

Comments

@kzantow
Copy link
Contributor

kzantow commented Oct 23, 2024

Today, when scanning a source repository, including resolving packages from Maven pom.xml, Syft uses the metadata type pkg.JavaArchive, which is not really representative of what was scanned. These could perhaps use JavaPomProject as the top-level metadata.

Additionally, the dependency scope is being captured in JavaPomProperties, which is not the correct spot for this information -- it should be part of the relationship, but this is not being tracked as any part of the relationship today.
@kzantow kzantow added the bug Something isn't working label Oct 23, 2024
@kzantow kzantow added this to the Syft 2.0 milestone Oct 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
OSS
Status: No status
Milestone
Syft 2.0
Development

No branches or pull requests
1 participant
@kzantow