Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(java/pom): ignore unsupported requirements #1514

Merged
merged 2 commits into from
Dec 24, 2021
Merged

fix(java/pom): ignore unsupported requirements #1514

merged 2 commits into from
Dec 24, 2021

Conversation

knqyf263
Copy link
Collaborator

@knqyf263 knqyf263 commented Dec 24, 2021
edited

Description

Trivy currently supports only the first two requirements in pom.xml. Other requirements should be skipped at the moment.

✅ 1.0: Soft requirement for 1.0
✅ [1.0]: Hard requirement for 1.0
❌ (,1.0]: Hard requirement for any version <= 1.0.
❌ [1.2,1.3]: Hard requirement for any version between 1.2 and 1.3 inclusive.
❌ [1.0,2.0): 1.0 <= x < 2.0; Hard requirement for any version between 1.0 inclusive and 2.0 exclusive.
❌ [1.5,): Hard requirement for any version greater than or equal to 1.5.
❌ (,1.0],[1.2,): Hard requirement for any version less than or equal to 1.0 than or greater than or equal to 1.2, but not 1.1. Multiple requirements are separated by commas.
❌ (,1.1),(1.1,): Hard requirement for any version except 1.1; for example because 1.1 has a critical vulnerability.

Example

        <dependency>
            <groupId>com.fasterxml.jackson.dataformat</groupId>
            <artifactId>jackson-dataformat-xml</artifactId>
            <version>(,2.8.0]</version>
        </dependency>

Blockers

References

@knqyf263 knqyf263 self-assigned this Dec 24, 2021
@knqyf263 knqyf263 requested a review from afdesk December 24, 2021 18:19
@knqyf263 knqyf263 marked this pull request as ready for review December 24, 2021 21:09
@knqyf263 knqyf263 merged commit 42f795f into main Dec 24, 2021
@knqyf263 knqyf263 deleted the pom_unsupported_requirements branch December 24, 2021 21:37
liamg pushed a commit that referenced this pull request Jun 7, 2022
@knqyf263
fix(java/pom): ignore unsupported requirements (#1514)
afe3e54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@afdesk afdesk afdesk approved these changes

Assignees

@knqyf263 knqyf263

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@knqyf263 @afdesk