purl is not deterministic in java-archive cataloger #3521
Labels
bug
Something isn't working
Comments
|
@TimBrown1611 can you confirm that this is still happening? There has been some work in Syft to make the JAR/WAR cataloging more deterministic. If it is still happening, can you share some links to public Maven packages that we should install to reproduce it, or give us some more details? I think what you mean above is that sometimes the group ID for If you find that this is still happening, please let us know! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What happened:
when i scan a file (.war) I get different results each scan.
please find below:
pkg:maven/org.glassfish.jaxb/[email protected]
pkg:maven/com.sun.xml.bind/[email protected]
What you expected to happen:
same result each time
Steps to reproduce the issue:
the file is too big to share here, however please let me know what other details i can provide to help and investigate it.
Anything else we need to know?:
it impacts the number of results I get from syft.
Environment:
syft version: 1.17.0cat /etc/os-releaseor similar): macThe text was updated successfully, but these errors were encountered: