Xeol doesn't detect EOL in Java library #424
Description
What happened:
I started to play with the tool so I added to my project an old log4j 1.x which for sure is EOL but the tool says something like:
"no EOL software has been found"
What you expected to happen:
I'd expect it would raise an error
How to reproduce it (as minimally and precisely as possible):
Just add to your project the EOL lib, I'm using Gradle as a build tool:
implementation("log4j:log4j:1.2.17")
and run the tool. I tried scanning current directory, also a docker image as well as I did something like:
syft --quiet scan docker:my-image:some-tag -o json | xeol -f
Anything else we need to know?:
Environment:
- Output of
xeol version:
Application: xeol
Version: 0.10.1
BuildDate: 2024-10-22T22:01:30Z
GitCommit: Homebrew
GitDescription: Homebrew
Platform: darwin/arm64
GoVersion: go1.23.2
Compiler: gc
Syft Version: v1.10.0
Supported DB Schema: 1
- OS (e.g:
cat /etc/os-releaseor similar):
24.0.0 Darwin Kernel Version 24.0.0: Tue Sep 24 23:39:07 PDT 2024; root:xnu-11215.1.12~1/RELEASE_ARM64_T6000 arm64