feat(java): add test scope support for pom.xml files
#7414
Conversation
|
Yeah. You are right. Thanks! Add info about scopes in e3cfe72 |
There was a problem hiding this comment.
I think the table also needs to be updated like npm.
trivy/docs/docs/coverage/language/java.md
Line 18 in e3cfe72
|
You are right again. |
docs/docs/coverage/language/java.md
Outdated
| | Artifact | Internet access | Dev dependencies | [Dependency graph][dependency-graph] | Position | [Detection Priority][detection-priority] | | ||
| |------------------|:---------------------:|:------------------:|:------------------------------------:|:--------:|:----------------------------------------:| | ||
| | JAR/WAR/PAR/EAR | Trivy Java DB | Include | - | - | Not needed | | ||
| | pom.xml | Maven repository [^1] | [Include](#scopes) | ✓ | ✓[^7] | - | |
There was a problem hiding this comment.
You changed from "Exclude" to "Include", but IMO, it should describe the default behavior. Actually, Node.js says "Excluded" although it supports --include-dev-deps. If you think "Include" is better, we need to change Node.js and other ecosystems for consistency.
| | pom.xml | Maven repository [^1] | [Include](#scopes) | ✓ | ✓[^7] | - | | |
| | pom.xml | Maven repository [^1] | [Exclude](#scopes) | ✓ | ✓[^7] | - | |
There was a problem hiding this comment.
Hmm…
This is a very controversial situation, but I would probably agree with you that we should specify the default behavior in this table.
Updated in 117555f
…asecurity#7414)" This reverts commit 2d97700.
Description
Add
testscope support and mark these dependencies asDev.To show these deps - use
--include-dev-depsflag.Related issues
Devdependencies withtestscope frompom.xmlfiles #7384Checklist