Replies: 1 comment 2 replies
-
Hello @sakky016 We have added several fixes for jar files. Regards, Dmitriy |
Beta Was this translation helpful? Give feedback.
2 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Description
I am running trivy to collect JAVA packages. For some JAR files, package name is reported differently on multiple runs. E.g:
Jar file: usr/local/tomcat/webapps/ROOT/WEB-INF/lib/boilerpipe-1.2.0-xwiki.jar
"Name": "com.syncthemall:boilerpipe"
"Version": "1.2.0-xwiki"
For most of the runs, the package name that get reported is com.syncthemall:boilerpipe. But sometimes I get below result:
Jar file: usr/local/tomcat/webapps/ROOT/WEB-INF/lib/boilerpipe-1.2.0-xwiki.jar
"Name": "de.l3s.boilerpipe::boilerpipe"
"Version": "1.2.0-xwiki"
Desired Behavior
Multiple runs should give consistent results, i.e same package name.
Actual Behavior
Most runs give package name as
com.syncthemall:boilerpipe
. On some runs, the reported package name isde.l3s.boilerpipe::boilerpipe
.Reproduction Steps
Target
Container Image
Scanner
Vulnerability
Output Format
JSON
Mode
Standalone
Debug Output
Operating System
Oracle Linux Server 7.9
Version
Checklist
trivy image --reset
Beta Was this translation helpful? Give feedback.
All reactions