arkajnag23

Results 25 comments of arkajnag23

Syft outputs devDependencies for package-lock.json files

@tgerla Very useful feature; Desperately asking to support this, as when delivering regulatory governance data, development dependencies shouldn't be shared; Even the json output contains some information about scope, then...

how to exclude dependencies that have test scope from the generated sbom in a java project.

@prabhu Do we have these options available in API? If yes, how can we do that?

feat(java): use remote repositories from `settings.xml` for `pom.xml` files

I am not sure, if this query of mine is related or not; but I am finding myself stuck in a situation where I need some support from Trivy to...

feat(java): use remote repositories from `settings.xml` for `pom.xml` files

@DmitriyLewen our pipeline creates a temp settings file and a temp repository when running the builds as its ec2 instances, hence looking for an option of providing maven settings is

feat(java): use remote repositories from `settings.xml` for `pom.xml` files

@DmitriyLewen is there any way where we can set the settings file path??

Support to exclude scope for Maven Projects like compile, runtime, provided or test in Syft

Yes @kzantow this sounds good with the second approach... It's not only scope exclusion, but providing support to exclude groups or artifacts IDs , is a great benefit to Maven...

Unable to extract and archiving Read Error

Also, encountered below error stack trace: Unable to extract /tmp/jar-deps-pWNKTT/731100000-jar-with-dependencies.jar. Skipping. Error: Malicious entry: / at ZipEntry.validateName (/opt/cdxgen/node_modules/.pnpm/[email protected]/node_modules/node-stream-zip/node_stream_zip.js:898:19) at FsRead.readEntriesCallback [as callback] (/opt/cdxgen/node_modules/.pnpm/[email protected]/node_modules/node-stream-zip/node_stream_zip.js:349:27) at FsRead.readCallback (/opt/cdxgen/node_modules/.pnpm/[email protected]/node_modules/node-stream-zip/node_stream_zip.js:996:25) at FSReqCallback.wrapper [as oncomplete]...

Unable to extract and archiving Read Error

@prabhu Even before trying to fetch the files from temp directories, the files are deleted. Do we have any retention period till how long these files should be available?

Unable to extract and archiving Read Error

Also, there are errors like: **Falling back to parsing pom.xml files. Only direct dependencies would get included! Multiple errors occurred while building this project with maven. The SBOM is therefore...

Unable to extract and archiving Read Error

> Another valid error. Can you share this problematic jar? @prabhu As the jar is internal, it wouldn't be possible to share. What is expected to be verified or debugged...