POM data should be derived from pom.xml when available

anchore / grype

A vulnerability scanner for container images and filesystems

Apache License 2.0

8.88k stars 575 forks source link

POM data should be derived from pom.xml when available #2217

Open wagoodman opened 4 weeks ago

wagoodman commented 4 weeks ago

Today we derive the artifact ID and group ID from pom.properties and not pom.xml --we should be looking in both locations for accurate information here.