trivy icon indicating copy to clipboard operation
trivy copied to clipboard
Published 3 weeks ago verified publisher icon aquasecurity

bug(pom): incorrect inheritance of properties from pom fields for nested parents.

Open DmitriyLewen opened this issue 6 months ago • 0 comments

Description

Trivy fills fields from pom.xml file as properties (e.g. project.version, project.parent.version, etc.) But when there are nested parents - Trivy takes incorrect values.

Example

  • Current logic - Trivy detects parent.version in parent2 (empty value) and uses this value for other pom files (parent1, scanned pom.xml).
  • Correct logic - use first non empty value (1.0.0 from scanned pom.xml file).

See test example here - https://github.com/DmitriyLewen/trivy/commit/3f5f6975e26496f1ffb28c09ae069215cbab7d62#r160365412

Discussed in https://github.com/aquasecurity/trivy/discussions/9039

DmitriyLewen avatar Jun 24 '25 11:06 DmitriyLewen