admin/aquasecurity-trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2026-02-12 03:33:17 +08:00
Code Issues Packages Projects Releases Wiki Activity

Deployed b8362321a to dev with MkDocs 1.3.0 and mike 1.1.2

Browse Source
This commit is contained in:
knqyf263
2024-09-30 15:14:47 +00:00
parent 50aecdd15e
commit 1d6f84e1d6
5 changed files with 28 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
dev/docs/coverage/language/java/index.html
View File

@@ -1943,6 +1943,13 @@ You're not viewing the latest version.
remote repositories
</a>
</li>
<li class="md-nav__item">
<a href="#empty-dependency-version" class="md-nav__link">
empty dependency version
</a>
</li>
<li class="md-nav__item">
@@ -4128,6 +4135,13 @@ You're not viewing the latest version.
remote repositories
</a>
</li>
<li class="md-nav__item">
<a href="#empty-dependency-version" class="md-nav__link">
empty dependency version
</a>
</li>
<li class="md-nav__item">
@@ -4331,6 +4345,17 @@ The vulnerability database will be downloaded anyway.</p>
<p class="admonition-title">Warning</p>
<p>Trivy may skip some dependencies (that were not found on your local machine) when the <code>--offline-scan</code> flag is passed.</p>
</div>
<h3 id="empty-dependency-version">empty dependency version</h3>
<p>There are cases when Trivy cannot determine the version of dependencies:</p>
<ul>
<li>Unable to determine the version from the parent because the parent is not reachable;</li>
<li>The dependency uses a <a href="https://maven.apache.org/pom.html#dependency-version-requirement-specification">hard requirement</a> with more than one version.</li>
</ul>
<p>In these cases, Trivy uses an empty version for the dependency.</p>
<div class="admonition warning">
<p class="admonition-title">Warning</p>
<p>Trivy doesn't detect child dependencies for dependencies without a version.</p>
</div>
<h3 id="maven-invoker-plugin">maven-invoker-plugin</h3>
<p>Typically, the integration tests directory (<code>**/[src|target]/it/*/pom.xml</code>) of <a href="https://maven.apache.org/plugins/maven-invoker-plugin/usage.html">maven-invoker-plugin</a> doesn't contain actual <code>pom.xml</code> files and should be skipped to avoid noise.</p>
<p>Trivy marks dependencies from these files as the development dependencies and skip them by default.