fix(pom): skipping missing modules

[liorj-orca]

Following the issue described at aquasecurity/trivy#3747 where for the case where you run :
trivy fs pom.xml
with the following pom.xml:

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
    <dependencies>
        <dependency>
            <groupId>org.apache.hive</groupId>
            <artifactId>hive-exec</artifactId>
            <version>2.3.3</version>
        </dependency>
    </dependencies>
</project>

you get zero results due to a parser error of one of the dependencies in the pom.
The following PR suggests skipping those missing modules.

[CLAassistant]

All committers have signed the CLA.

[liorj-orca]

@knqyf263 could you review this please?

[DmitriyLewen]

Hello @liorj-orca
Thanks for your work!

I added 1 comment.

Can you also add test for this case?

Regards, Dmitriy

[liorj-orca]

Hi @DmitriyLewen, I changed the log level to debug.
regarding the test, I noticed there was already a test with the same "issue" that I had to change its expected output - let me know if you would like me to add another dedicated test specifically for that as I believe the test now covers both cases.

[DmitriyLewen]

Hello @liorj-orca
Thanks for you work!

let me know if you would like me to add another dedicated test specifically for that as I believe the test now covers both cases.

Good solution!
I think that's enough.

PR currently looks good to me.

[liorj-orca]

@DmitriyLewen what else needs to be done so we could merge this and update trivy go.mod so the change would be populated?

[DmitriyLewen]

Hello @liorj-orca
We then need @knqyf263 to look at that PR and merge it.

[DmitriyLewen]

Hello @liorj-orca
We merged this PR.

Can you open new PR in Trivy and update go-dep-parser version? (please use b0acf2e for your PR)
Some recommendations about PRs here.