syft icon indicating copy to clipboard operation
syft copied to clipboard
verified publisher icon anchore

feat: add support for detecting packages in JARs

Open patrickpichler opened this issue 3 months ago • 4 comments

Description

Support for detection of packages present in a JAR has been added. It can be enabeld via the DetectContainedPackages config flag.

  • Fixes #4187

Type of change

  • [x] New feature (non-breaking change which adds functionality)
  • [ ] Documentation (updates the documentation)

Checklist:

  • [x] I have added unit tests that cover changed behavior
  • [x] I have tested my code in common scenarios and confirmed there are no regressions
  • [x] I have added comments to my code, particularly in hard-to-understand sections

patrickpichler avatar Sep 08 '25 14:09 patrickpichler

@wagoodman regarding the opt-in cataloger configuration, is there anything required besides https://github.com/anchore/syft/pull/4199/files#diff-88a14afdc0253cb83b54f7ebb8960a48aecc90a2c9288be359c15f599c38ea1fR267 https://github.com/anchore/syft/pull/4199/files ?

patrickpichler avatar Oct 03 '25 13:10 patrickpichler

Ahh Looks like this one got hit with some conflicts from some other Java work we had in flight. Let me see if I can help fix these up this week to get this across the line.

spiffcs avatar Oct 14 '25 05:10 spiffcs

@spiffcs all merge conflicts should have been resolved 🙂

patrickpichler avatar Oct 28 '25 10:10 patrickpichler

@spiffcs is there anything blocking this PR from being reviewed? 😅

patrickpichler avatar Nov 24 '25 07:11 patrickpichler