You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What happened:
Ran a directory scan containing an effective-pom on a spring boot project. Only 4 results (from the top-level <dependencies>) were returned.
What you expected to happen:
All dependencies at the root level and transitive dependencies nested in <dependencyManagement> to be present in syft output
Syft does not download additional pom.xml information (e.g. parent POMs, transitive dependency POMs)
Syft does not honor the dependencyManagement section
Within the same POM, Syft should still honor dependencyManagement, which essentially are dependency groupId, artifactId, and version, where if a dependency appears in the dependency section without a version, it should be inferred from the dependencyManagement section.
What happened:
Ran a directory scan containing an effective-pom on a spring boot project. Only 4 results (from the top-level
<dependencies>
) were returned.What you expected to happen:
All dependencies at the root level and transitive dependencies nested in
<dependencyManagement>
to be present in syft outputSteps to reproduce the issue:
Anything else we need to know?:
Environment:
syft version
: 0.75.0cat /etc/os-release
or similar): ubuntu 20.04.6The text was updated successfully, but these errors were encountered: