Skip to content

Commit

Permalink
Fall back to searching maven central using groupIDFromJavaMetadata
Browse files Browse the repository at this point in the history
  • Loading branch information
coheigea committed Nov 7, 2023
1 parent 9eac737 commit 4c362ee
Showing 1 changed file with 18 additions and 0 deletions.
18 changes: 18 additions & 0 deletions syft/pkg/cataloger/java/archive_parser.go
Original file line number Diff line number Diff line change
Expand Up @@ -250,6 +250,24 @@ func (j *archiveParser) parseLicenses(manifest *pkg.JavaManifest) ([]pkg.License
}
}

// If we didn't find any liceneses in the archive so far, we'll try again in Maven Central using groupIDFromJavaMetadata
if len(licenses) == 0 && j.cfg.UseNetwork {
var groupID = name
if gID := groupIDFromJavaMetadata(name, pkg.JavaArchive{Manifest: manifest}); gID != "" {
groupID = gID
}
pomLicenses, err := recursivelyFindLicensesFromParentPom(groupID, name, version, j.cfg)
if err != nil {
log.Tracef("unable to get parent pom from Maven central: %v", err)
}
if len(pomLicenses) > 0 {
pkgLicenses := pkg.NewLicensesFromLocation(j.location, pomLicenses...)
if pkgLicenses != nil {
licenses = append(licenses, pkgLicenses...)
}
}
}

return licenses, name, version, nil
}

Expand Down

0 comments on commit 4c362ee

Please sign in to comment.