Skip to content

jar parsing does not use pom.xml when pom.properties is missing #4260

New issue
New issue
Closed
Closed
jar parsing does not use pom.xml when pom.properties is missing#4260
Assignees
kzantow
Labels
bugSomething isn't workingchangelog-ignoreDon't include this issue in the release changelog
@douglasclarke

Description

@douglasclarke
douglasclarke
opened on Oct 7, 2025

What happened:

scanning of an io.micronaut jar file does not report correct group-id, uses MANIFEST.MF

What you expected to happen:

the archive_parser should consider the pom.xml ahead of the MANIFEST.MF

Steps to reproduce the issue:

Scan any jar file with only a pom.xml and no pom.properties and have the correct maven coordinates identified

Anything else we need to know?:

I have a potential fix douglasclarke#8

Environment:

  • Output of syft version:
  • OS (e.g: cat /etc/os-release or similar):

Metadata

Metadata

Assignees

Labels

bugSomething isn't workingchangelog-ignoreDon't include this issue in the release changelog

Type

No type

Projects

OSS

Status

Done

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions