Skip to content

feat(java): use remote repositories from settings.xml for pom.xml files #7807

New issue
New issue
Open
#9708
Open
feat(java): use remote repositories from settings.xml for pom.xml files#7807
#9708
Assignees
ricardo-kh
Labels
help wantedDenotes an issue that needs help from a contributor. Must meet "help wanted" guidelines.kind/featureCategorizes issue or PR as related to a new feature.
@DmitriyLewen

Description

@DmitriyLewen
DmitriyLewen
opened on Oct 29, 2024

Description

We currently get repositories from pom.xml files + maven central:

trivy/pkg/dependency/parser/java/pom/parse.go

Lines 339 to 342 in 57e24aa

// Update remoteRepositories
pomReleaseRemoteRepos, pomSnapshotRemoteRepos := pom.repositories(p.servers)
p.releaseRemoteRepos = lo.Uniq(append(pomReleaseRemoteRepos, p.releaseRemoteRepos...))
p.snapshotRemoteRepos = lo.Uniq(append(pomSnapshotRemoteRepos, p.snapshotRemoteRepos...))

But settings.xml file may also contain remote repositories.
We need to add logic to get repositories from this file.
See more details in #7175

Discussed in #7175

Metadata

Metadata

Assignees

Labels

help wantedDenotes an issue that needs help from a contributor. Must meet "help wanted" guidelines.kind/featureCategorizes issue or PR as related to a new feature.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions