internal/manifest/maven.go: transitive dependency support when scanning Maven pom.xml (this is the same as what is required by guided remediation)
Instead of having multiple places of deps.dev clients, we probably should consolidate them into one place (for example pkg/depsdev) and make all the places to depend on that package.
Also, currently in pkg/depsdev/license.go, responses from deps.dev are already processed to specific data structures, maybe we should keep the responses as what they were and process them in the caller depending on what we need.
Currently there are multiple places that we make a
deps.dev
client:Instead of having multiple places of
deps.dev
clients, we probably should consolidate them into one place (for examplepkg/depsdev
) and make all the places to depend on that package.Also, currently in pkg/depsdev/license.go, responses from
deps.dev
are already processed to specific data structures, maybe we should keep the responses as what they were and process them in the caller depending on what we need.