From 4c362eea640bef511ae69d505ccebfa5cf590819 Mon Sep 17 00:00:00 2001
From: Colm O hEigeartaigh <coheigea@apache.org>
Date: Tue, 7 Nov 2023 05:29:10 +0000
Subject: [PATCH] Fall back to searching maven central using
 groupIDFromJavaMetadata

---
 syft/pkg/cataloger/java/archive_parser.go | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/syft/pkg/cataloger/java/archive_parser.go b/syft/pkg/cataloger/java/archive_parser.go
index 109ea5bbcd7d..7d18f5abb90f 100644
--- a/syft/pkg/cataloger/java/archive_parser.go
+++ b/syft/pkg/cataloger/java/archive_parser.go
@@ -250,6 +250,24 @@ func (j *archiveParser) parseLicenses(manifest *pkg.JavaManifest) ([]pkg.License
 		}
 	}
 
+	// If we didn't find any liceneses in the archive so far, we'll try again in Maven Central using groupIDFromJavaMetadata
+	if len(licenses) == 0 && j.cfg.UseNetwork {
+		var groupID = name
+		if gID := groupIDFromJavaMetadata(name, pkg.JavaArchive{Manifest: manifest}); gID != "" {
+			groupID = gID
+		}
+		pomLicenses, err := recursivelyFindLicensesFromParentPom(groupID, name, version, j.cfg)
+		if err != nil {
+			log.Tracef("unable to get parent pom from Maven central: %v", err)
+		}
+		if len(pomLicenses) > 0 {
+			pkgLicenses := pkg.NewLicensesFromLocation(j.location, pomLicenses...)
+			if pkgLicenses != nil {
+				licenses = append(licenses, pkgLicenses...)
+			}
+		}
+	}
+
 	return licenses, name, version, nil
 }