Support dev dependencies in pom.xml #7346

metametadata · 2024-08-15T23:01:54Z

metametadata
Aug 15, 2024

Description

Vuln scanning of pom.xml should be able to scan dev dependencies too.

E.g. --include-dev-deps existing flag can be used to specify such behaviour.

Currently it's stated in https://aquasecurity.github.io/trivy/v0.54/docs/coverage/language/java/ that pom.xml dev deps will be excluded.

Target

Filesystem

Scanner

Vulnerability

knqyf263 · 2024-08-21T03:07:07Z

knqyf263
Aug 21, 2024
Maintainer

Do you mean <scope>test</scope> should be included with --include-dev-deps?

3 replies

metametadata Aug 21, 2024
Author

Yes.

knqyf263 Aug 26, 2024
Maintainer

It makes sense to me.
@DmitriyLewen What do you think? If it sounds reasonable to you, please convert it into an issue.

DmitriyLewen Aug 26, 2024
Maintainer

yeah. It is good idea.

DmitriyLewen · 2024-08-26T05:58:15Z

DmitriyLewen
Aug 26, 2024
Maintainer

Created #7384

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Support dev dependencies in pom.xml #7346

{{title}}

Replies: 2 comments 3 replies

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

Select a reply

Support dev dependencies in pom.xml #7346

metametadata Aug 15, 2024

Description

Target

Scanner

Replies: 2 comments · 3 replies

knqyf263 Aug 21, 2024 Maintainer

metametadata Aug 21, 2024 Author

knqyf263 Aug 26, 2024 Maintainer

DmitriyLewen Aug 26, 2024 Maintainer

DmitriyLewen Aug 26, 2024 Maintainer

metametadata
Aug 15, 2024

Replies: 2 comments 3 replies

knqyf263
Aug 21, 2024
Maintainer

metametadata Aug 21, 2024
Author

knqyf263 Aug 26, 2024
Maintainer

DmitriyLewen Aug 26, 2024
Maintainer

DmitriyLewen
Aug 26, 2024
Maintainer