Skip to content

Add Support for ".pom" file parsing in Maven ecosystem #471

New issue
New issue
Open
#544
Open
Add Support for ".pom" file parsing in Maven ecosystem#471
#544
Labels
detector:mavenThe Maven detectorstatus:requirementsFull requirements are not yet known, so implementation should not be started
@siyadava-sindhu

Description

@siyadava-sindhu
siyadava-sindhu
opened on Mar 10, 2023

More context w.r.t above request:

  • Recently we have observed that in AndroidBuildTools repo (which helps to download 3rd party packages for OMR from web and add to office-feed , so that OMR products can use them since OMR repo has offline-build) , packages defined in ‘maven’ ecosystem are not getting detected by ComponentGovernance tool, and on further debugging its observed that AndroidBuildTools repo uses “.pom” files for maven dependencies info & CG support only ‘pom.xml’ file for Maven ecosystem.
  • To ensure Repos which uses ".pom" config file for maven ecosystem, raising this new request on 'parsing .pom file' so that we'll be security-compliant in these repos too.(eg:AndroidBuildTools)

Metadata

Metadata

Assignees

No one assigned

    Labels

    detector:mavenThe Maven detectorstatus:requirementsFull requirements are not yet known, so implementation should not be started

    Type

    No type

    Projects

    Component Detection - Detector Improvements

    Status

    In review

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions