pom.xml exclusion with space in group id dosent work #7581

tamirsinai · 2024-09-24T08:22:09Z

tamirsinai
Sep 24, 2024

Description

hey,
when i run trivy fs . on my pom.xml:

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>

    <groupId>test3</groupId>
    <artifactId>test2</artifactId>
    <version>1.0-SNAPSHOT</version>
    <name>test1</name>
    <packaging>pom</packaging>

    <properties>
        <java.version>17</java.version>
        <spring-cloud.version>2023.0.0</spring-cloud.version>
        <aws-secretsmanager-jdbc.version>1.0.11</aws-secretsmanager-jdbc.version>
        <aws-java-sdk-secretsmanager>1.12.679</aws-java-sdk-secretsmanager>
    </properties>
    <dependencies>
        <!--        Spring boot dependencies -->

        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-starter-openfeign</artifactId>
            <version>4.1.1</version>
            <exclusions>
                <exclusion>
                    <groupId> org.bouncycastle</groupId>
                    <artifactId>bcprov-jdk18on</artifactId>
                </exclusion>
                <exclusion>
                    <groupId>org.aspectj</groupId>
                    <artifactId>aspectjweaver</artifactId>
                </exclusion>
            </exclusions>
        </dependency>

        <dependency>
            <groupId>com.fasterxml.jackson.core</groupId>
            <artifactId>jackson-databind</artifactId>
            <version>2.15.1</version>
        </dependency>


        <dependency>
            <groupId>org.apache.commons</groupId>
            <artifactId>commons-collections4</artifactId>
            <version>4.4</version>
        </dependency>

        <dependency>
            <groupId>com.amazonaws.secretsmanager</groupId>
            <artifactId>aws-secretsmanager-jdbc</artifactId>
            <version>${aws-secretsmanager-jdbc.version}</version>
            <exclusions>
                <exclusion>
                    <groupId>org.jacoco</groupId>
                    <artifactId>org.jacoco.agent</artifactId>
                </exclusion>
            </exclusions>
        </dependency>

        <dependency>
            <groupId>com.amazonaws</groupId>
            <artifactId>aws-java-sdk-secretsmanager</artifactId>
            <version>${aws-java-sdk-secretsmanager}</version>
        </dependency>

        <dependency>
            <groupId>com.fasterxml.jackson.datatype</groupId>
            <artifactId>jackson-datatype-jsr310</artifactId>
            <version>2.14.2</version>
        </dependency>

        <dependency>
            <groupId>commons-io</groupId>
            <artifactId>commons-io</artifactId>
            <version>2.15.1</version>
        </dependency>

        <dependency>
            <groupId>org.jetbrains</groupId>
            <artifactId>annotations</artifactId>
            <version>24.1.0</version>
        </dependency>

        <dependency>
            <groupId>javax.validation</groupId>
            <artifactId>validation-api</artifactId>
            <version>2.0.1.Final</version>
        </dependency>
        <!-- End of Other Project dependencies-->
    </dependencies>
    <dependencyManagement>
        <dependencies>
            <dependency>
                <groupId>org.springframework.cloud</groupId>
                <artifactId>spring-cloud-dependencies</artifactId>
                <version>${spring-cloud.version}</version>
                <type>pom</type>
                <scope>import</scope>
            </dependency>
            <dependency>
                <groupId>org.yaml</groupId>
                <artifactId>snakeyaml</artifactId>
                <version>2.2</version>
            </dependency>
            <dependency>
                <groupId>commons-fileupload</groupId>
                <artifactId>commons-fileupload</artifactId>
                <version>1.5</version>
            </dependency>
            <dependency>
                <groupId>org.jboss.resteasy</groupId>
                <artifactId>resteasy-client</artifactId>
                <version>6.2.6.Final</version>
            </dependency>

            <dependency>
                <groupId>org.jboss.resteasy</groupId>
                <artifactId>resteasy-multipart-provider</artifactId>
                <version>6.2.6.Final</version>
            </dependency>
            <dependency>
                <groupId>org.jboss.resteasy</groupId>
                <artifactId>resteasy-jaxb-provider</artifactId>
                <version>6.2.6.Final</version>
            </dependency>
            <dependency>
                <groupId>org.jboss.resteasy</groupId>
                <artifactId>resteasy-jackson2-provider</artifactId>
                <version>6.2.6.Final</version>
            </dependency>
            <dependency>
                <groupId>org.apache.commons</groupId>
                <artifactId>commons-text</artifactId>
                <version>1.11.0</version>
            </dependency>
            <dependency>
                <groupId>commons-beanutils</groupId>
                <artifactId>commons-beanutils</artifactId>
                <version>1.9.4</version>
            </dependency>
        </dependencies>
    </dependencyManagement>

</project>

it detects CVE on artifactId bcprov-jdk18on.
but when i remove the space letter, the CVE wont show like it should be.
looks like trivy dosent trim the string and cause confuses with the CVE.

Desired Behavior

ignore space letter in exclusion artifactId so trivy wont detect the CVE

Actual Behavior

because of the space letter trivy detects CVE on the dependency

Reproduction Steps

in the same folder of the pom.xml, run `trivy fs .`

Target

Filesystem

Scanner

Vulnerability

Output Format

None

Mode

None

Debug Output

▶ trivy fs . --debug                                                                                                                                                                                 
2024-09-24T11:18:01+03:00       DEBUG   Default config file "file_path=trivy.yaml" not found, using built in values
2024-09-24T11:18:01+03:00       DEBUG   Cache dir       dir="/Users/tamirsinai/Library/Caches/trivy"
2024-09-24T11:18:01+03:00       DEBUG   Cache dir       dir="/Users/tamirsinai/Library/Caches/trivy"
2024-09-24T11:18:01+03:00       DEBUG   Parsed severities       severities=[UNKNOWN LOW MEDIUM HIGH CRITICAL]
2024-09-24T11:18:01+03:00       DEBUG   Ignore statuses statuses=[]
2024-09-24T11:18:01+03:00       DEBUG   DB update was skipped because the local DB is the latest
2024-09-24T11:18:01+03:00       DEBUG   DB info schema=2 updated_at=2024-09-24T06:14:03.075540497Z next_update=2024-09-24T12:14:03.075540226Z downloaded_at=2024-09-24T07:54:28.437046Z
2024-09-24T11:18:01+03:00       DEBUG   [pkg] Package types     types=[os library]
2024-09-24T11:18:01+03:00       DEBUG   [pkg] Package relationships     relationships=[unknown root direct indirect]
2024-09-24T11:18:01+03:00       INFO    [vuln] Vulnerability scanning is enabled
2024-09-24T11:18:01+03:00       INFO    [secret] Secret scanning is enabled
2024-09-24T11:18:01+03:00       INFO    [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-09-24T11:18:01+03:00       INFO    [secret] Please see also https://aquasecurity.github.io/trivy/v0.55/docs/scanner/secret#recommendation for faster secret detection
2024-09-24T11:18:01+03:00       DEBUG   Enabling misconfiguration scanners      scanners=[azure-arm cloudformation dockerfile helm kubernetes terraform terraformplan-json terraformplan-snapshot]
2024-09-24T11:18:01+03:00       DEBUG   Initializing scan cache...      type="memory"
2024-09-24T11:18:01+03:00       DEBUG   [secret] No secret config detected      config_path="trivy-secret.yaml"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.springframework.cloud" artifact_id="spring-cloud-dependencies" version="2023.0.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Start parent      artifact="org.springframework.cloud:spring-cloud-dependencies-parent:4.1.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Exit parent       artifact="org.springframework.cloud:spring-cloud-dependencies-parent:4.1.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.springframework.cloud" artifact_id="spring-cloud-commons-dependencies" version="4.1.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Start parent      artifact="org.springframework.cloud:spring-cloud-dependencies-parent:4.1.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Exit parent       artifact="org.springframework.cloud:spring-cloud-dependencies-parent:4.1.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.springframework.cloud" artifact_id="spring-cloud-netflix-dependencies" version="4.1.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Start parent      artifact="org.springframework.cloud:spring-cloud-dependencies-parent:4.1.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Exit parent       artifact="org.springframework.cloud:spring-cloud-dependencies-parent:4.1.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.springframework.cloud" artifact_id="spring-cloud-stream-dependencies" version="4.1.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Start parent      artifact="org.springframework.cloud:spring-cloud-dependencies-parent:4.1.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Exit parent       artifact="org.springframework.cloud:spring-cloud-dependencies-parent:4.1.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.springframework.cloud" artifact_id="spring-cloud-task-dependencies" version="3.1.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Start parent      artifact="org.springframework.cloud:spring-cloud-dependencies-parent:4.1.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Exit parent       artifact="org.springframework.cloud:spring-cloud-dependencies-parent:4.1.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.springframework.cloud" artifact_id="spring-cloud-circuitbreaker-dependencies" version="3.1.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Start parent      artifact="org.springframework.cloud:spring-cloud-dependencies-parent:4.1.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Exit parent       artifact="org.springframework.cloud:spring-cloud-dependencies-parent:4.1.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="io.github.resilience4j" artifact_id="resilience4j-bom" version="2.1.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.springframework.cloud" artifact_id="spring-cloud-config-dependencies" version="4.1.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Start parent      artifact="org.springframework.cloud:spring-cloud-dependencies-parent:4.1.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Exit parent       artifact="org.springframework.cloud:spring-cloud-dependencies-parent:4.1.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.springframework.cloud" artifact_id="spring-cloud-function-dependencies" version="4.1.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Start parent      artifact="org.springframework.cloud:spring-cloud-dependencies-parent:4.1.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Exit parent       artifact="org.springframework.cloud:spring-cloud-dependencies-parent:4.1.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.springframework.cloud" artifact_id="spring-cloud-gateway-dependencies" version="4.1.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Start parent      artifact="org.springframework.cloud:spring-cloud-dependencies-parent:4.1.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Exit parent       artifact="org.springframework.cloud:spring-cloud-dependencies-parent:4.1.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.springframework.cloud" artifact_id="spring-cloud-consul-dependencies" version="4.1.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Start parent      artifact="org.springframework.cloud:spring-cloud-dependencies-parent:4.1.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Exit parent       artifact="org.springframework.cloud:spring-cloud-dependencies-parent:4.1.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.springframework.cloud" artifact_id="spring-cloud-vault-dependencies" version="4.1.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Start parent      artifact="org.springframework.cloud:spring-cloud-dependencies-parent:4.1.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Exit parent       artifact="org.springframework.cloud:spring-cloud-dependencies-parent:4.1.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.springframework.cloud" artifact_id="spring-cloud-zookeeper-dependencies" version="4.1.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Start parent      artifact="org.springframework.cloud:spring-cloud-dependencies-parent:4.1.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Exit parent       artifact="org.springframework.cloud:spring-cloud-dependencies-parent:4.1.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.springframework.cloud" artifact_id="spring-cloud-bus-dependencies" version="4.1.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Start parent      artifact="org.springframework.cloud:spring-cloud-dependencies-parent:4.1.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Exit parent       artifact="org.springframework.cloud:spring-cloud-dependencies-parent:4.1.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.springframework.cloud" artifact_id="spring-cloud-contract-dependencies" version="4.1.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Start parent      artifact="org.springframework.cloud:spring-cloud-dependencies-parent:4.1.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Exit parent       artifact="org.springframework.cloud:spring-cloud-dependencies-parent:4.1.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.springframework.cloud" artifact_id="spring-cloud-openfeign-dependencies" version="4.1.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Start parent      artifact="org.springframework.cloud:spring-cloud-dependencies-parent:4.1.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Exit parent       artifact="org.springframework.cloud:spring-cloud-dependencies-parent:4.1.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="io.github.openfeign" artifact_id="feign-bom" version="13.1"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.springframework.cloud" artifact_id="spring-cloud-kubernetes-dependencies" version="3.1.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Start parent      artifact="org.springframework.cloud:spring-cloud-dependencies-parent:4.1.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Exit parent       artifact="org.springframework.cloud:spring-cloud-dependencies-parent:4.1.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="io.fabric8" artifact_id="kubernetes-client-bom" version="6.9.2"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.springframework.boot" artifact_id="spring-boot-starter-data-rest" version=""
2024-09-24T11:18:01+03:00       DEBUG   [pom] Repository error  err="Version missing for org.springframework.boot:spring-boot-starter-data-rest"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.springframework.boot" artifact_id="spring-boot-starter-web" version=""
2024-09-24T11:18:01+03:00       DEBUG   [pom] Repository error  err="Version missing for org.springframework.boot:spring-boot-starter-web"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.springframework.cloud" artifact_id="spring-cloud-starter-openfeign" version="4.1.1"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Start parent      artifact="org.springframework.cloud:spring-cloud-openfeign:4.1.1"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Start parent      artifact="org.springframework.cloud:spring-cloud-build:4.1.1"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Exit parent       artifact="org.springframework.cloud:spring-cloud-build:4.1.1"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Exit parent       artifact="org.springframework.cloud:spring-cloud-openfeign:4.1.1"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.springframework.cloud" artifact_id="spring-cloud-build-dependencies" version="4.1.1"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Start parent      artifact="org.springframework.boot:spring-boot-dependencies:3.2.4"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Exit parent       artifact="org.springframework.boot:spring-boot-dependencies:3.2.4"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.assertj" artifact_id="assertj-bom" version="3.24.2"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="io.zipkin.brave" artifact_id="brave-bom" version="5.16.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="io.zipkin.reporter2" artifact_id="zipkin-reporter-bom" version="2.16.3"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="com.datastax.oss" artifact_id="java-driver-bom" version="4.17.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="io.dropwizard.metrics" artifact_id="metrics-bom" version="4.2.25"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Start parent      artifact="io.dropwizard.metrics:metrics-parent:4.2.25"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Exit parent       artifact="io.dropwizard.metrics:metrics-parent:4.2.25"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.glassfish.jaxb" artifact_id="jaxb-bom" version="4.0.5"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Start parent      artifact="org.eclipse.ee4j:project:1.0.9"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Exit parent       artifact="org.eclipse.ee4j:project:1.0.9"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.apache.groovy" artifact_id="groovy-bom" version="4.0.20"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.infinispan" artifact_id="infinispan-bom" version="14.0.27.Final"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Start parent      artifact="org.infinispan:infinispan-build-configuration-parent:14.0.27.Final"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Start parent      artifact="org.jboss:jboss-parent:39"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Exit parent       artifact="org.jboss:jboss-parent:39"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Exit parent       artifact="org.infinispan:infinispan-build-configuration-parent:14.0.27.Final"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="com.fasterxml.jackson" artifact_id="jackson-bom" version="2.15.4"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Adding repository id="sonatype-nexus-snapshots" url="https://oss.sonatype.org/content/repositories/snapshots"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Start parent      artifact="com.fasterxml.jackson:jackson-parent:2.15"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Adding repository id="sonatype-nexus-snapshots" url="https://oss.sonatype.org/content/repositories/snapshots"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Start parent      artifact="com.fasterxml:oss-parent:50"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Adding repository id="sonatype-nexus-snapshots" url="https://oss.sonatype.org/content/repositories/snapshots"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Exit parent       artifact="com.fasterxml:oss-parent:50"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Exit parent       artifact="com.fasterxml.jackson:jackson-parent:2.15"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.glassfish.jersey" artifact_id="jersey-bom" version="3.1.5"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Start parent      artifact="org.eclipse.ee4j:project:1.0.8"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Exit parent       artifact="org.eclipse.ee4j:project:1.0.8"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.eclipse.jetty.ee10" artifact_id="jetty-ee10-bom" version="12.0.7"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.eclipse.jetty" artifact_id="jetty-bom" version="12.0.7"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.junit" artifact_id="junit-bom" version="5.10.2"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.jetbrains.kotlin" artifact_id="kotlin-bom" version="1.9.23"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.jetbrains.kotlinx" artifact_id="kotlinx-coroutines-bom" version="1.7.3"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.jetbrains.kotlinx" artifact_id="kotlinx-serialization-bom" version="1.6.3"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.apache.logging.log4j" artifact_id="log4j-bom" version="2.21.1"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Start parent      artifact="org.apache.logging:logging-parent:10.1.1"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Start parent      artifact="org.apache:apache:30"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Exit parent       artifact="org.apache:apache:30"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Exit parent       artifact="org.apache.logging:logging-parent:10.1.1"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="io.micrometer" artifact_id="micrometer-bom" version="1.12.4"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="io.micrometer" artifact_id="micrometer-tracing-bom" version="1.2.4"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.mockito" artifact_id="mockito-bom" version="5.7.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="io.netty" artifact_id="netty-bom" version="4.1.107.Final"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Start parent      artifact="org.sonatype.oss:oss-parent:7"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Adding repository id="sonatype-nexus-snapshots" url="https://oss.sonatype.org/content/repositories/snapshots"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Exit parent       artifact="org.sonatype.oss:oss-parent:7"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="com.squareup.okhttp3" artifact_id="okhttp-bom" version="4.12.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="io.opentelemetry" artifact_id="opentelemetry-bom" version="1.31.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="com.oracle.database.jdbc" artifact_id="ojdbc-bom" version="21.9.0.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="io.prometheus" artifact_id="simpleclient_bom" version="0.16.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Start parent      artifact="io.prometheus:parent:0.16.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Exit parent       artifact="io.prometheus:parent:0.16.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="com.querydsl" artifact_id="querydsl-bom" version="5.0.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="io.projectreactor" artifact_id="reactor-bom" version="2023.0.4"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="io.rest-assured" artifact_id="rest-assured-bom" version="5.3.2"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="io.rsocket" artifact_id="rsocket-bom" version="1.1.3"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.seleniumhq.selenium" artifact_id="selenium-bom" version="4.14.1"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.springframework.amqp" artifact_id="spring-amqp-bom" version="3.1.3"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.springframework.batch" artifact_id="spring-batch-bom" version="5.1.1"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.springframework.data" artifact_id="spring-data-bom" version="2023.1.4"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.springframework" artifact_id="spring-framework-bom" version="6.1.5"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.springframework.integration" artifact_id="spring-integration-bom" version="6.2.3"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.springframework.pulsar" artifact_id="spring-pulsar-bom" version="1.0.4"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.springframework.restdocs" artifact_id="spring-restdocs-bom" version="3.0.1"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.springframework.security" artifact_id="spring-security-bom" version="6.2.3"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.springframework.session" artifact_id="spring-session-bom" version="3.2.2"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.springframework.ws" artifact_id="spring-ws-bom" version="4.0.10"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.testcontainers" artifact_id="testcontainers-bom" version="1.19.7"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.postgresql" artifact_id="postgresql" version=""
2024-09-24T11:18:01+03:00       DEBUG   [pom] Repository error  err="Version missing for org.postgresql:postgresql"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.springframework.boot" artifact_id="spring-boot-starter-actuator" version=""
2024-09-24T11:18:01+03:00       DEBUG   [pom] Repository error  err="Version missing for org.springframework.boot:spring-boot-starter-actuator"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="com.fasterxml.jackson.core" artifact_id="jackson-databind" version="2.15.1"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Adding repository id="sonatype-nexus-snapshots" url="https://oss.sonatype.org/content/repositories/snapshots"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Start parent      artifact="com.fasterxml.jackson:jackson-base:2.15.1"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Start parent      artifact="com.fasterxml.jackson:jackson-bom:2.15.1"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Adding repository id="sonatype-nexus-snapshots" url="https://oss.sonatype.org/content/repositories/snapshots"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Start parent      artifact="com.fasterxml.jackson:jackson-parent:2.15"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Exit parent       artifact="com.fasterxml.jackson:jackson-parent:2.15"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Exit parent       artifact="com.fasterxml.jackson:jackson-bom:2.15.1"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Exit parent       artifact="com.fasterxml.jackson:jackson-base:2.15.1"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.junit" artifact_id="junit-bom" version="5.9.2"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.apache.commons" artifact_id="commons-collections4" version="4.4"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Start parent      artifact="org.apache.commons:commons-parent:48"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Start parent      artifact="org.apache:apache:21"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Exit parent       artifact="org.apache:apache:21"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Exit parent       artifact="org.apache.commons:commons-parent:48"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.apache.commons" artifact_id="commons-lang3" version=""
2024-09-24T11:18:01+03:00       DEBUG   [pom] Repository error  err="Version missing for org.apache.commons:commons-lang3"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.projectlombok" artifact_id="lombok" version=""
2024-09-24T11:18:01+03:00       DEBUG   [pom] Repository error  err="Version missing for org.projectlombok:lombok"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="com.amazonaws.secretsmanager" artifact_id="aws-secretsmanager-jdbc" version="1.0.11"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="com.amazonaws" artifact_id="aws-java-sdk-secretsmanager" version="1.12.679"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Start parent      artifact="com.amazonaws:aws-java-sdk-pom:1.12.679"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Exit parent       artifact="com.amazonaws:aws-java-sdk-pom:1.12.679"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="com.fasterxml.jackson.datatype" artifact_id="jackson-datatype-jsr310" version="2.14.2"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Start parent      artifact="com.fasterxml.jackson.module:jackson-modules-java8:2.14.2"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Adding repository id="sonatype-nexus-snapshots" url="https://oss.sonatype.org/content/repositories/snapshots"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Start parent      artifact="com.fasterxml.jackson:jackson-base:2.14.2"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Start parent      artifact="com.fasterxml.jackson:jackson-bom:2.14.2"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Adding repository id="sonatype-nexus-snapshots" url="https://oss.sonatype.org/content/repositories/snapshots"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Start parent      artifact="com.fasterxml.jackson:jackson-parent:2.14"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Adding repository id="sonatype-nexus-snapshots" url="https://oss.sonatype.org/content/repositories/snapshots"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Start parent      artifact="com.fasterxml:oss-parent:48"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Adding repository id="sonatype-nexus-snapshots" url="https://oss.sonatype.org/content/repositories/snapshots"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Exit parent       artifact="com.fasterxml:oss-parent:48"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Exit parent       artifact="com.fasterxml.jackson:jackson-parent:2.14"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Exit parent       artifact="com.fasterxml.jackson:jackson-bom:2.14.2"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Exit parent       artifact="com.fasterxml.jackson:jackson-base:2.14.2"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Exit parent       artifact="com.fasterxml.jackson.module:jackson-modules-java8:2.14.2"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="commons-io" artifact_id="commons-io" version="2.15.1"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Start parent      artifact="org.apache.commons:commons-parent:65"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Start parent      artifact="org.apache:apache:31"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Exit parent       artifact="org.apache:apache:31"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Exit parent       artifact="org.apache.commons:commons-parent:65"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.junit" artifact_id="junit-bom" version="5.10.1"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.jetbrains" artifact_id="annotations" version="24.1.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="javax.validation" artifact_id="validation-api" version="2.0.1.Final"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.springframework.boot" artifact_id="spring-boot-starter-log4j2" version=""
2024-09-24T11:18:01+03:00       DEBUG   [pom] Repository error  err="Version missing for org.springframework.boot:spring-boot-starter-log4j2"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.springframework.cloud" artifact_id="spring-cloud-starter" version="4.1.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Start parent      artifact="org.springframework.cloud:spring-cloud-commons-parent:4.1.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Start parent      artifact="org.springframework.cloud:spring-cloud-build:4.1.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Exit parent       artifact="org.springframework.cloud:spring-cloud-build:4.1.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Exit parent       artifact="org.springframework.cloud:spring-cloud-commons-parent:4.1.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.springframework.cloud" artifact_id="spring-cloud-build-dependencies" version="4.1.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Start parent      artifact="org.springframework.boot:spring-boot-dependencies:3.2.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Exit parent       artifact="org.springframework.boot:spring-boot-dependencies:3.2.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="io.dropwizard.metrics" artifact_id="metrics-bom" version="4.2.22"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Start parent      artifact="io.dropwizard.metrics:metrics-parent:4.2.22"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Exit parent       artifact="io.dropwizard.metrics:metrics-parent:4.2.22"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.glassfish.jaxb" artifact_id="jaxb-bom" version="4.0.4"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Start parent      artifact="org.eclipse.ee4j:project:1.0.8"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Exit parent       artifact="org.eclipse.ee4j:project:1.0.8"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.apache.groovy" artifact_id="groovy-bom" version="4.0.15"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.infinispan" artifact_id="infinispan-bom" version="14.0.21.Final"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Start parent      artifact="org.infinispan:infinispan-build-configuration-parent:14.0.21.Final"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Start parent      artifact="org.jboss:jboss-parent:39"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Exit parent       artifact="org.jboss:jboss-parent:39"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Exit parent       artifact="org.infinispan:infinispan-build-configuration-parent:14.0.21.Final"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="com.fasterxml.jackson" artifact_id="jackson-bom" version="2.15.3"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Adding repository id="sonatype-nexus-snapshots" url="https://oss.sonatype.org/content/repositories/snapshots"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Start parent      artifact="com.fasterxml.jackson:jackson-parent:2.15"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Exit parent       artifact="com.fasterxml.jackson:jackson-parent:2.15"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.glassfish.jersey" artifact_id="jersey-bom" version="3.1.3"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Start parent      artifact="org.eclipse.ee4j:project:1.0.8"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Exit parent       artifact="org.eclipse.ee4j:project:1.0.8"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.eclipse.jetty.ee10" artifact_id="jetty-ee10-bom" version="12.0.3"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.eclipse.jetty" artifact_id="jetty-bom" version="12.0.3"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.jetbrains.kotlin" artifact_id="kotlin-bom" version="1.9.20"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.jetbrains.kotlinx" artifact_id="kotlinx-serialization-bom" version="1.6.1"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="io.micrometer" artifact_id="micrometer-bom" version="1.12.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="io.micrometer" artifact_id="micrometer-tracing-bom" version="1.2.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="io.netty" artifact_id="netty-bom" version="4.1.101.Final"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Start parent      artifact="org.sonatype.oss:oss-parent:7"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Exit parent       artifact="org.sonatype.oss:oss-parent:7"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="com.oracle.database.jdbc" artifact_id="ojdbc-bom" version="23.3.0.23.09"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="io.projectreactor" artifact_id="reactor-bom" version="2023.0.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.springframework.amqp" artifact_id="spring-amqp-bom" version="3.1.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.springframework.batch" artifact_id="spring-batch-bom" version="5.1.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.springframework.data" artifact_id="spring-data-bom" version="2023.1.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.springframework" artifact_id="spring-framework-bom" version="6.1.1"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.springframework.integration" artifact_id="spring-integration-bom" version="6.2.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.springframework.security" artifact_id="spring-security-bom" version="6.2.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.springframework.session" artifact_id="spring-session-bom" version="3.2.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.springframework.ws" artifact_id="spring-ws-bom" version="4.0.8"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.testcontainers" artifact_id="testcontainers-bom" version="1.19.3"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.springframework.cloud" artifact_id="spring-cloud-openfeign-core" version="4.1.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Start parent      artifact="org.springframework.cloud:spring-cloud-openfeign:4.1.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Start parent      artifact="org.springframework.cloud:spring-cloud-build:4.1.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Exit parent       artifact="org.springframework.cloud:spring-cloud-build:4.1.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Exit parent       artifact="org.springframework.cloud:spring-cloud-openfeign:4.1.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.springframework" artifact_id="spring-web" version="6.1.5"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.springframework.cloud" artifact_id="spring-cloud-commons" version="4.1.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Start parent      artifact="org.springframework.cloud:spring-cloud-commons-parent:4.1.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Exit parent       artifact="org.springframework.cloud:spring-cloud-commons-parent:4.1.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="io.github.openfeign" artifact_id="feign-core" version="13.1"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Start parent      artifact="io.github.openfeign:parent:13.1"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Exit parent       artifact="io.github.openfeign:parent:13.1"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="io.github.openfeign" artifact_id="feign-slf4j" version="13.1"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Start parent      artifact="io.github.openfeign:parent:13.1"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Exit parent       artifact="io.github.openfeign:parent:13.1"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="com.fasterxml.jackson.core" artifact_id="jackson-annotations" version="2.15.1"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Adding repository id="sonatype-nexus-snapshots" url="https://oss.sonatype.org/content/repositories/snapshots"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Start parent      artifact="com.fasterxml.jackson:jackson-parent:2.15"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Exit parent       artifact="com.fasterxml.jackson:jackson-parent:2.15"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="com.fasterxml.jackson.core" artifact_id="jackson-core" version="2.15.1"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Start parent      artifact="com.fasterxml.jackson:jackson-base:2.15.1"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Exit parent       artifact="com.fasterxml.jackson:jackson-base:2.15.1"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="com.amazonaws.secretsmanager" artifact_id="aws-secretsmanager-caching-java" version="1.0.2"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="com.amazonaws" artifact_id="aws-java-sdk-core" version="1.12.679"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Start parent      artifact="com.amazonaws:aws-java-sdk-pom:1.12.679"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Exit parent       artifact="com.amazonaws:aws-java-sdk-pom:1.12.679"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="com.amazonaws" artifact_id="jmespath-java" version="1.12.679"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Start parent      artifact="com.amazonaws:aws-java-sdk-pom:1.12.679"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Exit parent       artifact="com.amazonaws:aws-java-sdk-pom:1.12.679"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.springframework.boot" artifact_id="spring-boot-starter" version="3.2.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.springframework.cloud" artifact_id="spring-cloud-context" version="4.1.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Start parent      artifact="org.springframework.cloud:spring-cloud-commons-parent:4.1.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Exit parent       artifact="org.springframework.cloud:spring-cloud-commons-parent:4.1.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.springframework.security" artifact_id="spring-security-rsa" version="1.1.1"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.springframework.boot" artifact_id="spring-boot-autoconfigure" version="3.2.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.springframework.boot" artifact_id="spring-boot-starter-aop" version="3.2.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="io.github.openfeign.form" artifact_id="feign-form-spring" version="3.8.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Start parent      artifact="io.github.openfeign.form:parent:3.8.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Exit parent       artifact="io.github.openfeign.form:parent:3.8.0"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="commons-fileupload" artifact_id="commons-fileupload" version="1.5"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Start parent      artifact="org.apache.commons:commons-parent:56"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Start parent      artifact="org.apache:apache:29"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Exit parent       artifact="org.apache:apache:29"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Exit parent       artifact="org.apache.commons:commons-parent:56"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.junit" artifact_id="junit-bom" version="5.9.1"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.springframework" artifact_id="spring-beans" version="6.1.5"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.springframework" artifact_id="spring-core" version="6.1.5"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="io.micrometer" artifact_id="micrometer-observation" version="1.12.4"
2024-09-24T11:18:01+03:00       DEBUG   [pom] Resolving...      group_id="org.springframework.security" artifact_id="spring-security-crypto" version="6.2.0"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Resolving...      group_id="org.slf4j" artifact_id="slf4j-api" version="2.0.9"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Start parent      artifact="org.slf4j:slf4j-parent:2.0.9"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Start parent      artifact="org.slf4j:slf4j-bom:2.0.9"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Exit parent       artifact="org.slf4j:slf4j-bom:2.0.9"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Exit parent       artifact="org.slf4j:slf4j-parent:2.0.9"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Resolving...      group_id="commons-logging" artifact_id="commons-logging" version="1.1.3"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Start parent      artifact="org.apache.commons:commons-parent:28"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Start parent      artifact="org.apache:apache:13"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Exit parent       artifact="org.apache:apache:13"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Exit parent       artifact="org.apache.commons:commons-parent:28"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Resolving...      group_id="commons-codec" artifact_id="commons-codec" version="1.15"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Start parent      artifact="org.apache.commons:commons-parent:52"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Start parent      artifact="org.apache:apache:23"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Exit parent       artifact="org.apache:apache:23"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Exit parent       artifact="org.apache.commons:commons-parent:52"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Resolving...      group_id="org.apache.httpcomponents" artifact_id="httpclient" version="4.5.13"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Start parent      artifact="org.apache.httpcomponents:httpcomponents-client:4.5.13"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Start parent      artifact="org.apache.httpcomponents:httpcomponents-parent:11"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Start parent      artifact="org.apache:apache:21"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Exit parent       artifact="org.apache:apache:21"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Exit parent       artifact="org.apache.httpcomponents:httpcomponents-parent:11"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Exit parent       artifact="org.apache.httpcomponents:httpcomponents-client:4.5.13"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Resolving...      group_id="com.fasterxml.jackson.dataformat" artifact_id="jackson-dataformat-cbor" version="2.12.6"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Start parent      artifact="com.fasterxml.jackson.dataformat:jackson-dataformats-binary:2.12.6"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Adding repository id="sonatype-nexus-snapshots" url="https://oss.sonatype.org/content/repositories/snapshots"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Start parent      artifact="com.fasterxml.jackson:jackson-base:2.12.6"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Start parent      artifact="com.fasterxml.jackson:jackson-bom:2.12.6"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Adding repository id="sonatype-nexus-snapshots" url="https://oss.sonatype.org/content/repositories/snapshots"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Start parent      artifact="com.fasterxml.jackson:jackson-parent:2.12"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Adding repository id="sonatype-nexus-snapshots" url="https://oss.sonatype.org/content/repositories/snapshots"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Start parent      artifact="com.fasterxml:oss-parent:41"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Adding repository id="sonatype-nexus-snapshots" url="https://oss.sonatype.org/content/repositories/snapshots"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Exit parent       artifact="com.fasterxml:oss-parent:41"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Exit parent       artifact="com.fasterxml.jackson:jackson-parent:2.12"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Exit parent       artifact="com.fasterxml.jackson:jackson-bom:2.12.6"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Exit parent       artifact="com.fasterxml.jackson:jackson-base:2.12.6"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Exit parent       artifact="com.fasterxml.jackson.dataformat:jackson-dataformats-binary:2.12.6"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Resolving...      group_id="joda-time" artifact_id="joda-time" version="2.8.1"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Resolving...      group_id="org.springframework.boot" artifact_id="spring-boot" version="3.2.0"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Resolving...      group_id="org.springframework.boot" artifact_id="spring-boot-starter-logging" version="3.2.0"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Resolving...      group_id="jakarta.annotation" artifact_id="jakarta.annotation-api" version="2.1.1"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Start parent      artifact="org.eclipse.ee4j:project:1.0.7"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Exit parent       artifact="org.eclipse.ee4j:project:1.0.7"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Resolving...      group_id="org.yaml" artifact_id="snakeyaml" version="2.2"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Resolving...      group_id="org.bouncycastle" artifact_id="bcprov-jdk18on" version="1.74"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Resolving...      group_id="org.springframework" artifact_id="spring-aop" version="6.1.1"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Resolving...      group_id="io.github.openfeign.form" artifact_id="feign-form" version="3.8.0"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Start parent      artifact="io.github.openfeign.form:parent:3.8.0"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Exit parent       artifact="io.github.openfeign.form:parent:3.8.0"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Resolving...      group_id="org.springframework" artifact_id="spring-jcl" version="6.1.5"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Resolving...      group_id="io.micrometer" artifact_id="micrometer-commons" version="1.12.4"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Resolving...      group_id="org.apache.httpcomponents" artifact_id="httpcore" version="4.4.13"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Start parent      artifact="org.apache.httpcomponents:httpcomponents-core:4.4.13"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Start parent      artifact="org.apache.httpcomponents:httpcomponents-parent:11"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Exit parent       artifact="org.apache.httpcomponents:httpcomponents-parent:11"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Exit parent       artifact="org.apache.httpcomponents:httpcomponents-core:4.4.13"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Resolving...      group_id="org.springframework" artifact_id="spring-context" version="6.1.1"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Resolving...      group_id="ch.qos.logback" artifact_id="logback-classic" version="1.4.11"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Start parent      artifact="ch.qos.logback:logback-parent:1.4.11"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Exit parent       artifact="ch.qos.logback:logback-parent:1.4.11"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Resolving...      group_id="org.apache.logging.log4j" artifact_id="log4j-to-slf4j" version="2.21.1"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Start parent      artifact="org.apache.logging.log4j:log4j:2.21.1"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Start parent      artifact="org.apache.logging.log4j:log4j-bom:2.21.1"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Exit parent       artifact="org.apache.logging.log4j:log4j-bom:2.21.1"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Resolving...      group_id="org.ow2.asm" artifact_id="asm-bom" version="9.5"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Start parent      artifact="org.ow2:ow2:1.5.1"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Exit parent       artifact="org.ow2:ow2:1.5.1"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Resolving...      group_id="org.codehaus.groovy" artifact_id="groovy-bom" version="3.0.19"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Resolving...      group_id="com.fasterxml.jackson" artifact_id="jackson-bom" version="2.15.2"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Adding repository id="sonatype-nexus-snapshots" url="https://oss.sonatype.org/content/repositories/snapshots"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Start parent      artifact="com.fasterxml.jackson:jackson-parent:2.15"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Exit parent       artifact="com.fasterxml.jackson:jackson-parent:2.15"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Resolving...      group_id="jakarta.platform" artifact_id="jakarta.jakartaee-bom" version="9.1.0"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Start parent      artifact="jakarta.platform:jakartaee-api-parent:9.1.0"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Start parent      artifact="org.eclipse.ee4j:project:1.0.7"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Exit parent       artifact="org.eclipse.ee4j:project:1.0.7"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Exit parent       artifact="jakarta.platform:jakartaee-api-parent:9.1.0"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Resolving...      group_id="org.eclipse.jetty" artifact_id="jetty-bom" version="9.4.53.v20231009"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Resolving...      group_id="org.junit" artifact_id="junit-bom" version="5.10.0"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Resolving...      group_id="io.fabric8" artifact_id="kubernetes-client-bom" version="5.12.4"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Resolving...      group_id="org.mockito" artifact_id="mockito-bom" version="4.11.0"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Resolving...      group_id="io.netty" artifact_id="netty-bom" version="4.1.97.Final"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Start parent      artifact="org.sonatype.oss:oss-parent:7"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Exit parent       artifact="org.sonatype.oss:oss-parent:7"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Resolving...      group_id="org.springframework" artifact_id="spring-framework-bom" version="5.3.29"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Exit parent       artifact="org.apache.logging.log4j:log4j:2.21.1"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Resolving...      group_id="org.slf4j" artifact_id="jul-to-slf4j" version="2.0.9"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Start parent      artifact="org.slf4j:slf4j-parent:2.0.9"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Exit parent       artifact="org.slf4j:slf4j-parent:2.0.9"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Resolving...      group_id="org.springframework" artifact_id="spring-expression" version="6.1.1"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Resolving...      group_id="ch.qos.logback" artifact_id="logback-core" version="1.4.11"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Start parent      artifact="ch.qos.logback:logback-parent:1.4.11"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Exit parent       artifact="ch.qos.logback:logback-parent:1.4.11"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Resolving...      group_id="org.apache.logging.log4j" artifact_id="log4j-api" version="2.21.1"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Start parent      artifact="org.apache.logging.log4j:log4j:2.21.1"
2024-09-24T11:18:02+03:00       DEBUG   [pom] Exit parent       artifact="org.apache.logging.log4j:log4j:2.21.1"
2024-09-24T11:18:02+03:00       DEBUG   OS is not detected.
2024-09-24T11:18:02+03:00       DEBUG   Detected OS: unknown
2024-09-24T11:18:02+03:00       INFO    Number of language-specific files       num=1
2024-09-24T11:18:02+03:00       INFO    [pom] Detecting vulnerabilities...
2024-09-24T11:18:02+03:00       DEBUG   [pom] Scanning packages for vulnerabilities     file_path="pom.xml"
2024-09-24T11:18:02+03:00       DEBUG   [vex] VEX filtering is disabled

pom.xml (pom)

Total: 7 (UNKNOWN: 0, LOW: 1, MEDIUM: 3, HIGH: 3, CRITICAL: 0)

┌─────────────────────────────────┬────────────────┬──────────┬────────┬───────────────────┬────────────────────────┬────────────────────────────────────────────────────────────┐
│             Library             │ Vulnerability  │ Severity │ Status │ Installed Version │     Fixed Version      │                           Title                            │
├─────────────────────────────────┼────────────────┼──────────┼────────┼───────────────────┼────────────────────────┼────────────────────────────────────────────────────────────┤
│ ch.qos.logback:logback-classic  │ CVE-2023-6378  │ HIGH     │ fixed  │ 1.4.11            │ 1.3.12, 1.4.12, 1.2.13 │ logback: serialization vulnerability in logback receiver   │
│                                 │                │          │        │                   │                        │ https://avd.aquasec.com/nvd/cve-2023-6378                  │
├─────────────────────────────────┤                │          │        │                   │                        │                                                            │
│ ch.qos.logback:logback-core     │                │          │        │                   │                        │                                                            │
│                                 │                │          │        │                   │                        │                                                            │
├─────────────────────────────────┼────────────────┼──────────┤        ├───────────────────┼────────────────────────┼────────────────────────────────────────────────────────────┤
│ org.bouncycastle:bcprov-jdk18on │ CVE-2024-29857 │ MEDIUM   │        │ 1.74              │ 1.78                   │ org.bouncycastle: Importing an EC certificate with crafted │
│                                 │                │          │        │                   │                        │ F2m parameters may lead to...                              │
│                                 │                │          │        │                   │                        │ https://avd.aquasec.com/nvd/cve-2024-29857                 │
│                                 ├────────────────┤          │        │                   │                        ├────────────────────────────────────────────────────────────┤
│                                 │ CVE-2024-30171 │          │        │                   │                        │ bc-java: BouncyCastle vulnerable to a timing variant of    │
│                                 │                │          │        │                   │                        │ Bleichenbacher (Marvin Attack)                             │
│                                 │                │          │        │                   │                        │ https://avd.aquasec.com/nvd/cve-2024-30171                 │
│                                 ├────────────────┤          │        │                   │                        ├────────────────────────────────────────────────────────────┤
│                                 │ CVE-2024-30172 │          │        │                   │                        │ org.bouncycastle:bcprov-jdk18on: Infinite loop in ED25519  │
│                                 │                │          │        │                   │                        │ verification in the ScalarUtil class                       │
│                                 │                │          │        │                   │                        │ https://avd.aquasec.com/nvd/cve-2024-30172                 │
│                                 ├────────────────┼──────────┤        │                   │                        ├────────────────────────────────────────────────────────────┤
│                                 │ CVE-2024-34447 │ LOW      │        │                   │                        │ org.bouncycastle: Use of Incorrectly-Resolved Name or      │
│                                 │                │          │        │                   │                        │ Reference                                                  │
│                                 │                │          │        │                   │                        │ https://avd.aquasec.com/nvd/cve-2024-34447                 │
├─────────────────────────────────┼────────────────┼──────────┤        ├───────────────────┼────────────────────────┼────────────────────────────────────────────────────────────┤
│ org.springframework:spring-web  │ CVE-2024-22262 │ HIGH     │        │ 6.1.5             │ 5.3.34, 6.0.19, 6.1.6  │ springframework: URL Parsing with Host Validation          │
│                                 │                │          │        │                   │                        │ https://avd.aquasec.com/nvd/cve-2024-22262                 │
└─────────────────────────────────┴────────────────┴──────────┴────────┴───────────────────┴────────────────────────┴────────────────────────────────────────────────────────────┘

tamir/dan/test2                                                                                                                                                                                        
▶

Operating System

macos

Version

Version: 0.55.1
Vulnerability DB:
  Version: 2
  UpdatedAt: 2024-09-24 06:14:03.075540497 +0000 UTC
  NextUpdate: 2024-09-24 12:14:03.075540226 +0000 UTC
  DownloadedAt: 2024-09-24 07:54:28.437046 +0000 UTC
Java DB:
  Version: 1
  UpdatedAt: 2024-08-20 01:05:23.967239003 +0000 UTC
  NextUpdate: 2024-08-23 01:05:23.967238833 +0000 UTC
  DownloadedAt: 2024-08-20 12:49:11.009138 +0000 UTC
Check Bundle:
  Digest: sha256:47361022572537534c4953a9ab7618d1284b5d7eee0d8fc9b1f2aa5aa3c95e02
  DownloadedAt: 2024-05-30 12:18:06.420214 +0000 UTC

Checklist

Run trivy clean --all
Read the troubleshooting

DmitriyLewen · 2024-10-01T07:37:58Z

DmitriyLewen
Oct 1, 2024
Maintainer

Hello @tamirsinai
Thanks for your report!

mvn doesn't work with this pom.xml file:

[ERROR] The build could not read 1 project -> [Help 1]
[ERROR]   
[ERROR]   The project test3:test2:1.0-SNAPSHOT (/Users/dmitriy/work/tmp/7581/pom.xml) has 8 errors
[ERROR]     'dependencies.dependency.version' for org.springframework.boot:spring-boot-starter-data-rest:jar is missing. @ line 22, column 21
[ERROR]     'dependencies.dependency.version' for org.springframework.boot:spring-boot-starter-web:jar is missing. @ line 26, column 21
[ERROR]     'dependencies.dependency.version' for org.postgresql:postgresql:jar is missing. @ line 51, column 21
[ERROR]     'dependencies.dependency.version' for org.springframework.boot:spring-boot-starter-test:jar is missing. @ line 57, column 21
[ERROR]     'dependencies.dependency.version' for org.springframework.boot:spring-boot-starter-actuator:jar is missing. @ line 62, column 21
[ERROR]     'dependencies.dependency.version' for org.apache.commons:commons-lang3:jar is missing. @ line 82, column 21
[ERROR]     'dependencies.dependency.version' for org.projectlombok:lombok:jar is missing. @ line 87, column 21
[ERROR]     'dependencies.dependency.version' for org.springframework.boot:spring-boot-starter-log4j2:jar is missing. @ line 133, column 21
[ERROR] 
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR] 
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/ProjectBuildingException

can you update your pom file so we can compare mvn and our logic to find errors?

Regards, Dmitriy

5 replies

tamirsinai Oct 1, 2024
Author

@DmitriyLewen sorry for that, fixed my post with the edited pom.xml
thanks.

DmitriyLewen Oct 2, 2024
Maintainer

Hello @tamirsinai
I found problem:

                <exclusion>
                    <groupId> org.bouncycastle</groupId>
                    <artifactId>bcprov-jdk18on</artifactId>
                </exclusion>

groupId contains extra space prefix.

without this prefix Trivy works correctly:

➜ trivy -q fs ./pom.xml                 

pom.xml (pom)

Total: 4 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 3, CRITICAL: 0)

┌────────────────────────────────┬────────────────┬──────────┬────────┬───────────────────┬────────────────────────┬──────────────────────────────────────────────────────────┐
│            Library             │ Vulnerability  │ Severity │ Status │ Installed Version │     Fixed Version      │                          Title                           │
├────────────────────────────────┼────────────────┼──────────┼────────┼───────────────────┼────────────────────────┼──────────────────────────────────────────────────────────┤
│ ch.qos.logback:logback-classic │ CVE-2023-6378  │ HIGH     │ fixed  │ 1.4.11            │ 1.3.12, 1.4.12, 1.2.13 │ logback: serialization vulnerability in logback receiver │
│                                │                │          │        │                   │                        │ https://avd.aquasec.com/nvd/cve-2023-6378                │
├────────────────────────────────┤                │          │        │                   │                        │                                                          │
│ ch.qos.logback:logback-core    │                │          │        │                   │                        │                                                          │
│                                │                │          │        │                   │                        │                                                          │
├────────────────────────────────┼────────────────┤          │        ├───────────────────┼────────────────────────┼──────────────────────────────────────────────────────────┤
│ org.springframework:spring-web │ CVE-2024-22262 │          │        │ 6.1.5             │ 5.3.34, 6.0.19, 6.1.6  │ springframework: URL Parsing with Host Validation        │
│                                │                │          │        │                   │                        │ https://avd.aquasec.com/nvd/cve-2024-22262               │
│                                ├────────────────┼──────────┤        │                   ├────────────────────────┼──────────────────────────────────────────────────────────┤
│                                │ CVE-2024-38809 │ MEDIUM   │        │                   │ 5.3.38, 6.0.23, 6.1.12 │ org.springframework:spring-web: Spring Framework DoS via │
│                                │                │          │        │                   │                        │ conditional HTTP request                                 │
│                                │                │          │        │                   │                        │ https://avd.aquasec.com/nvd/cve-2024-38809               │
└────────────────────────────────┴────────────────┴──────────┴────────┴───────────────────┴────────────────────────┴──────────────────────────────────────────────────────────┘

tamirsinai Oct 6, 2024
Author

Hey @DmitriyLewen thanks for your response
i detected this problem also, and asked you if maybe you should trim the string or this is the functinalty you want?
thanks.

DmitriyLewen Oct 7, 2024
Maintainer

despite the fact that mvn works correctly, this case looks more like an mistake/typo.
@knqyf263 wdyt? Do we need to trim each field of pom.xml files?

knqyf263 Oct 7, 2024
Maintainer

I don't think it is necessary to deal with user mistakes as it is impossible to handle them on the Trivy side, but if Maven works as you say, then the user will think that the problem is in Trivy, so it is better to do the same with Maven.

DmitriyLewen · 2024-10-07T07:46:08Z

DmitriyLewen
Oct 7, 2024
Maintainer

Created #7658 for this issue.

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

pom.xml exclusion with space in group id dosent work #7581

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Replies: 2 comments 5 replies

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

Select a reply

pom.xml exclusion with space in group id dosent work #7581

tamirsinai Sep 24, 2024

Description

Desired Behavior

Actual Behavior

Reproduction Steps

Target

Scanner

Output Format

Mode

Debug Output

Operating System

Version

Checklist

Replies: 2 comments · 5 replies

DmitriyLewen Oct 1, 2024 Maintainer

tamirsinai Oct 1, 2024 Author

DmitriyLewen Oct 2, 2024 Maintainer

tamirsinai Oct 6, 2024 Author

DmitriyLewen Oct 7, 2024 Maintainer

knqyf263 Oct 7, 2024 Maintainer

DmitriyLewen Oct 7, 2024 Maintainer

tamirsinai
Sep 24, 2024

Replies: 2 comments 5 replies

DmitriyLewen
Oct 1, 2024
Maintainer

tamirsinai Oct 1, 2024
Author

DmitriyLewen Oct 2, 2024
Maintainer

tamirsinai Oct 6, 2024
Author

DmitriyLewen Oct 7, 2024
Maintainer

knqyf263 Oct 7, 2024
Maintainer

DmitriyLewen
Oct 7, 2024
Maintainer