diff --git a/syft/pkg/cataloger/java/parse_pom_xml.go b/syft/pkg/cataloger/java/parse_pom_xml.go index 621e0fa40..1f7b932b6 100644 --- a/syft/pkg/cataloger/java/parse_pom_xml.go +++ b/syft/pkg/cataloger/java/parse_pom_xml.go @@ -63,6 +63,11 @@ func newPackageFromPom(dep gopom.Dependency) *pkg.Package { Type: pkg.JavaPkg, // TODO: should we differentiate between packages from jar/war/zip versus packages from a pom.xml that were not installed yet? MetadataType: pkg.JavaMetadataType, FoundBy: javaPomCataloger, + Metadata: pkg.JavaMetadata{ + PomProperties: &pkg.PomProperties{ + GroupID: dep.GroupID, + }, + }, } p.Metadata = pkg.JavaMetadata{PURL: packageURL(*p)} diff --git a/syft/pkg/cataloger/java/parse_pom_xml_test.go b/syft/pkg/cataloger/java/parse_pom_xml_test.go index bae7f7449..e314716f4 100644 --- a/syft/pkg/cataloger/java/parse_pom_xml_test.go +++ b/syft/pkg/cataloger/java/parse_pom_xml_test.go @@ -26,7 +26,7 @@ func Test_parserPomXML(t *testing.T) { Type: pkg.JavaPkg, MetadataType: pkg.JavaMetadataType, Metadata: pkg.JavaMetadata{ - PURL: "pkg:maven/joda-time/joda-time@2.9.2", + PURL: "pkg:maven/com.joda/joda-time@2.9.2", }, }, { diff --git a/syft/pkg/cataloger/java/test-fixtures/pom/pom.xml b/syft/pkg/cataloger/java/test-fixtures/pom/pom.xml index 4ab76d1d9..6dec1a75a 100644 --- a/syft/pkg/cataloger/java/test-fixtures/pom/pom.xml +++ b/syft/pkg/cataloger/java/test-fixtures/pom/pom.xml @@ -1,6 +1,5 @@ - + 4.0.0 org.anchore @@ -16,7 +15,7 @@ - joda-time + com.joda joda-time 2.9.2