Closed cuixq closed 1 month ago
Attention: Patch coverage is 97.95918%
with 1 lines
in your changes are missing coverage. Please review.
Project coverage is 65.06%. Comparing base (
804589a
) to head (dc901f4
). Report is 3 commits behind head on main.
Files | Patch % | Lines |
---|---|---|
internal/manifest/maven.go | 97.95% | 1 Missing :warning: |
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
Issue https://github.com/google/osv-scanner/issues/35
In this PR, the new Maven extractor invokes Maven resolver to compute the transitive dependencies of a Maven pom.xml.
Since managed dependencies are not actually being depended on, they are not in the resolved dependency graph, and thus they are not included in the scan results.