anchore / grype

A vulnerability scanner for container images and filesystems
Apache License 2.0
8.7k stars 569 forks source link

POM data should be derived from pom.xml when available #2217

Open wagoodman opened 3 days ago

wagoodman commented 3 days ago

Today we derive the artifact ID and group ID from pom.properties and not pom.xml --we should be looking in both locations for accurate information here.