feat(java): support pom.xml (fanal#346)

2025-12-20 22:33:53 -08:00 · 2021-12-23 14:27:27 +02:00
parent 88094b1142
commit 91d4d9e385
12 changed files with 225 additions and 55 deletions
--- a/analyzer/all/import.go
+++ b/analyzer/all/import.go
@@ -6,6 +6,7 @@ import (
 	_ "github.com/aquasecurity/fanal/analyzer/language/golang/binary"
 	_ "github.com/aquasecurity/fanal/analyzer/language/golang/mod"
 	_ "github.com/aquasecurity/fanal/analyzer/language/java/jar"
+	_ "github.com/aquasecurity/fanal/analyzer/language/java/pom"
 	_ "github.com/aquasecurity/fanal/analyzer/language/nodejs/npm"
 	_ "github.com/aquasecurity/fanal/analyzer/language/nodejs/pkg"
 	_ "github.com/aquasecurity/fanal/analyzer/language/nodejs/yarn"
--- a/analyzer/analyzer_test.go
+++ b/analyzer/analyzer_test.go
@@ -472,6 +472,7 @@ func TestAnalyzer_AnalyzerVersions(t *testing.T) {
 				"pip":        1,
 				"pipenv":     1,
 				"poetry":     1,
+				"pom":        1,
 				"redhat":     1,
 				"rpm":        1,
 				"suse":       1,
@@ -508,6 +509,7 @@ func TestAnalyzer_AnalyzerVersions(t *testing.T) {
 				"pip":        1,
 				"pipenv":     1,
 				"poetry":     1,
+				"pom":        1,
 				"redhat":     1,
 				"rpm":        1,
 				"suse":       1,
--- a/analyzer/const.go
+++ b/analyzer/const.go
@@ -40,6 +40,7 @@ const (

 	// Java
 	TypeJar Type = "jar"
+	TypePom Type = "pom"

 	// Node.js
 	TypeNpmPkgLock Type = "npm"
@@ -84,14 +85,14 @@ var (
 	}

 	// TypeLanguages has all language analyzers
-	TypeLanguages = []Type{TypeBundler, TypeGemSpec, TypeCargo, TypeComposer, TypeJar,
+	TypeLanguages = []Type{TypeBundler, TypeGemSpec, TypeCargo, TypeComposer, TypeJar, TypePom,
 		TypeNpmPkgLock, TypeNodePkg, TypeYarn, TypeNuget, TypePythonPkg, TypePip, TypePipenv,
 		TypePoetry, TypeGoBinary, TypeGoMod,
 	}

 	// TypeLockfiles has all lock file analyzers
 	TypeLockfiles = []Type{TypeBundler, TypeNpmPkgLock, TypeYarn,
-		TypePip, TypePipenv, TypePoetry, TypeGoMod,
+		TypePip, TypePipenv, TypePoetry, TypeGoMod, TypePom,
 	}

 	// TypeIndividualPkgs has all analyzers for individual packages
--- a/analyzer/language/java/pom/pom.go
+++ b/analyzer/language/java/pom/pom.go
@@ -0,0 +1,41 @@
+package pom
+
+import (
+	"context"
+	"os"
+	"path/filepath"
+
+	"github.com/aquasecurity/go-dep-parser/pkg/java/pom"
+
+	"github.com/aquasecurity/fanal/analyzer"
+	"github.com/aquasecurity/fanal/analyzer/language"
+	"github.com/aquasecurity/fanal/types"
+)
+
+func init() {
+	analyzer.RegisterAnalyzer(&pomAnalyzer{})
+}
+
+const version = 1
+
+// pomAnalyzer analyzes pom.xml
+type pomAnalyzer struct{}
+
+func (a pomAnalyzer) Analyze(_ context.Context, target analyzer.AnalysisTarget) (*analyzer.AnalysisResult, error) {
+	// TODO: support offline mode
+	p := pom.NewParser(target.FilePath)
+
+	return language.Analyze(types.Pom, target.FilePath, target.Content, p.Parse)
+}
+
+func (a pomAnalyzer) Required(filePath string, _ os.FileInfo) bool {
+	return filepath.Base(filePath) == "pom.xml"
+}
+
+func (a pomAnalyzer) Type() analyzer.Type {
+	return analyzer.TypePom
+}
+
+func (a pomAnalyzer) Version() int {
+	return version
+}
--- a/analyzer/language/java/pom/pom_test.go
+++ b/analyzer/language/java/pom/pom_test.go
@@ -0,0 +1,96 @@
+package pom
+
+import (
+	"os"
+	"testing"
+
+	"github.com/aquasecurity/fanal/types"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
+	"github.com/aquasecurity/fanal/analyzer"
+)
+
+func Test_pomAnalyzer_Analyze(t *testing.T) {
+	tests := []struct {
+		name      string
+		inputFile string
+		target    analyzer.AnalysisTarget
+		want      *analyzer.AnalysisResult
+		wantErr   string
+	}{
+		{
+			name:      "happy path",
+			inputFile: "testdata/happy/pom.xml",
+			want: &analyzer.AnalysisResult{
+				Applications: []types.Application{
+					{
+						Type:     types.Pom,
+						FilePath: "testdata/happy/pom.xml",
+						Libraries: []types.Package{
+							{
+								Name:    "com.example:example",
+								Version: "1.0.0",
+							},
+						},
+					},
+				},
+			},
+		},
+		{
+			name:      "sad path",
+			inputFile: "testdata/broken/pom.xml",
+			wantErr:   "xml decode error",
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			b, err := os.ReadFile(tt.inputFile)
+			require.NoError(t, err)
+
+			a := pomAnalyzer{}
+			got, err := a.Analyze(nil, analyzer.AnalysisTarget{
+				FilePath: tt.inputFile,
+				Content:  b,
+			})
+			if tt.wantErr != "" {
+				require.NotNil(t, err)
+				assert.Contains(t, err.Error(), tt.wantErr)
+				return
+			}
+			assert.NoError(t, err)
+			assert.Equal(t, tt.want, got)
+		})
+	}
+}
+
+func Test_pomAnalyzer_Required(t *testing.T) {
+	tests := []struct {
+		name     string
+		filePath string
+		want     bool
+	}{
+		{
+			name:     "happy",
+			filePath: "test/pom.xml",
+			want:     true,
+		},
+		{
+			name:     "no extension",
+			filePath: "test/pom",
+			want:     false,
+		},
+		{
+			name:     "json",
+			filePath: "test/pom.json",
+			want:     false,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			a := pomAnalyzer{}
+			got := a.Required(tt.filePath, nil)
+			assert.Equal(t, tt.want, got)
+		})
+	}
+}
--- a/analyzer/language/java/pom/testdata/broken/pom.xml
+++ b/analyzer/language/java/pom/testdata/broken/pom.xml
@@ -0,0 +1 @@
+{}
--- a/analyzer/language/java/pom/testdata/happy/pom.xml
+++ b/analyzer/language/java/pom/testdata/happy/pom.xml
@@ -0,0 +1,26 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <groupId>com.example</groupId>
+    <artifactId>example</artifactId>
+    <version>1.0.0</version>
+
+    <name>example</name>
+    <description>Example</description>
+
+    <licenses>
+        <license>
+            <name>Apache 2.0</name>
+            <url>http://www.apache.org/licenses/LICENSE-2.0.html</url>
+            <distribution>repo</distribution>
+        </license>
+    </licenses>
+
+    <developers>
+        <developer>
+            <id>knqyf263</id>
+            <url>https://github.com/knqyf263</url>
+        </developer>
+    </developers>
+</project>
--- a/artifact/image/image_test.go
+++ b/artifact/image/image_test.go
@@ -39,17 +39,17 @@ func TestArtifact_Inspect(t *testing.T) {
 			missingBlobsExpectation: cache.ArtifactCacheMissingBlobsExpectation{
 				Args: cache.ArtifactCacheMissingBlobsArgs{
 					ArtifactID: "sha256:059741cfbdc039e88e337d621e57e03e99b0e0a75df32f2027ebef13f839af65",
-					BlobIDs:    []string{"sha256:e42b13a4ef21c0534f4e571c1b2c3b10bce9d1fc125e05c36876fc6fb81b0bae"},
+					BlobIDs:    []string{"sha256:6ca0e41a85a9d08155d1a9e40c8a7898a93eb5d9c1a4053c9d2101042e286003"},
 				},
 				Returns: cache.ArtifactCacheMissingBlobsReturns{
 					MissingArtifact: true,
-					MissingBlobIDs:  []string{"sha256:e42b13a4ef21c0534f4e571c1b2c3b10bce9d1fc125e05c36876fc6fb81b0bae"},
+					MissingBlobIDs:  []string{"sha256:6ca0e41a85a9d08155d1a9e40c8a7898a93eb5d9c1a4053c9d2101042e286003"},
 				},
 			},
 			putBlobExpectations: []cache.ArtifactCachePutBlobExpectation{
 				{
 					Args: cache.ArtifactCachePutBlobArgs{
-						BlobID: "sha256:e42b13a4ef21c0534f4e571c1b2c3b10bce9d1fc125e05c36876fc6fb81b0bae",
+						BlobID: "sha256:6ca0e41a85a9d08155d1a9e40c8a7898a93eb5d9c1a4053c9d2101042e286003",
 						BlobInfo: types.BlobInfo{
 							SchemaVersion: types.BlobJSONSchemaVersion,
 							Digest:        "",
@@ -103,7 +103,7 @@ func TestArtifact_Inspect(t *testing.T) {
 				Name:    "../../test/testdata/alpine-311.tar.gz",
 				Type:    types.ArtifactContainerImage,
 				ID:      "sha256:059741cfbdc039e88e337d621e57e03e99b0e0a75df32f2027ebef13f839af65",
-				BlobIDs: []string{"sha256:e42b13a4ef21c0534f4e571c1b2c3b10bce9d1fc125e05c36876fc6fb81b0bae"},
+				BlobIDs: []string{"sha256:6ca0e41a85a9d08155d1a9e40c8a7898a93eb5d9c1a4053c9d2101042e286003"},
 				ImageMetadata: types.ImageMetadata{
 					ID: "sha256:a187dde48cd289ac374ad8539930628314bc581a481cdb41409c9289419ddb72",
 					DiffIDs: []string{
@@ -150,25 +150,25 @@ func TestArtifact_Inspect(t *testing.T) {
 				Args: cache.ArtifactCacheMissingBlobsArgs{
 					ArtifactID: "sha256:a646bb11d39c149d4aaf9b888233048e0848304e5abd75667ea6f21d540d800c",
 					BlobIDs: []string{
-						"sha256:d59d3e347923a4fd427b5626ba338a9a188dc1655156b65e734634304e119d19",
-						"sha256:f04d92301dac6b26e6a8d8f8aa08fa0ec280debe1f91040c0989252a48b3590e",
-						"sha256:3f84d42a9e989dd28923abdebb9682ddad5df1d4473f07e2d6efc0b8bbeed9e7",
-						"sha256:578af74fc912ba68214654e1640a651c905b1d6bcf4e7fafe08e4203044d1b8d",
+						"sha256:ceb582636ead9af51b5314f229b5cdbeaeee37158238a8ca88c967dd5e026e2a",
+						"sha256:8b76c5ffa747e03fa4e1c1ddedfbb584a67879b8e7a166771995578582c90879",
+						"sha256:22c5b31f867a4f23642d92dff7fb867596e4cd9e8f2a3a8db7f848e2d466d8c1",
+						"sha256:29205579b8c585de52d52eb4e9aa7551e9332353dcd7e92074360256dfae599d",
 					},
 				},
 				Returns: cache.ArtifactCacheMissingBlobsReturns{
 					MissingBlobIDs: []string{
-						"sha256:d59d3e347923a4fd427b5626ba338a9a188dc1655156b65e734634304e119d19",
-						"sha256:f04d92301dac6b26e6a8d8f8aa08fa0ec280debe1f91040c0989252a48b3590e",
-						"sha256:3f84d42a9e989dd28923abdebb9682ddad5df1d4473f07e2d6efc0b8bbeed9e7",
-						"sha256:578af74fc912ba68214654e1640a651c905b1d6bcf4e7fafe08e4203044d1b8d",
+						"sha256:ceb582636ead9af51b5314f229b5cdbeaeee37158238a8ca88c967dd5e026e2a",
+						"sha256:8b76c5ffa747e03fa4e1c1ddedfbb584a67879b8e7a166771995578582c90879",
+						"sha256:22c5b31f867a4f23642d92dff7fb867596e4cd9e8f2a3a8db7f848e2d466d8c1",
+						"sha256:29205579b8c585de52d52eb4e9aa7551e9332353dcd7e92074360256dfae599d",
 					},
 				},
 			},
 			putBlobExpectations: []cache.ArtifactCachePutBlobExpectation{
 				{
 					Args: cache.ArtifactCachePutBlobArgs{
-						BlobID: "sha256:d59d3e347923a4fd427b5626ba338a9a188dc1655156b65e734634304e119d19",
+						BlobID: "sha256:ceb582636ead9af51b5314f229b5cdbeaeee37158238a8ca88c967dd5e026e2a",
 						BlobInfo: types.BlobInfo{
 							SchemaVersion: types.BlobJSONSchemaVersion,
 							Digest:        "",
@@ -202,7 +202,7 @@ func TestArtifact_Inspect(t *testing.T) {
 				},
 				{
 					Args: cache.ArtifactCachePutBlobArgs{
-						BlobID: "sha256:f04d92301dac6b26e6a8d8f8aa08fa0ec280debe1f91040c0989252a48b3590e",
+						BlobID: "sha256:8b76c5ffa747e03fa4e1c1ddedfbb584a67879b8e7a166771995578582c90879",
 						BlobInfo: types.BlobInfo{
 							SchemaVersion: types.BlobJSONSchemaVersion,
 							Digest:        "",
@@ -232,7 +232,7 @@ func TestArtifact_Inspect(t *testing.T) {
 				},
 				{
 					Args: cache.ArtifactCachePutBlobArgs{
-						BlobID: "sha256:3f84d42a9e989dd28923abdebb9682ddad5df1d4473f07e2d6efc0b8bbeed9e7",
+						BlobID: "sha256:22c5b31f867a4f23642d92dff7fb867596e4cd9e8f2a3a8db7f848e2d466d8c1",
 						BlobInfo: types.BlobInfo{
 							SchemaVersion: types.BlobJSONSchemaVersion,
 							Digest:        "",
@@ -261,7 +261,7 @@ func TestArtifact_Inspect(t *testing.T) {
 				},
 				{
 					Args: cache.ArtifactCachePutBlobArgs{
-						BlobID: "sha256:578af74fc912ba68214654e1640a651c905b1d6bcf4e7fafe08e4203044d1b8d",
+						BlobID: "sha256:29205579b8c585de52d52eb4e9aa7551e9332353dcd7e92074360256dfae599d",
 						BlobInfo: types.BlobInfo{
 							SchemaVersion: types.BlobJSONSchemaVersion,
 							Digest:        "",
@@ -336,10 +336,10 @@ func TestArtifact_Inspect(t *testing.T) {
 				Type: types.ArtifactContainerImage,
 				ID:   "sha256:a646bb11d39c149d4aaf9b888233048e0848304e5abd75667ea6f21d540d800c",
 				BlobIDs: []string{
-					"sha256:d59d3e347923a4fd427b5626ba338a9a188dc1655156b65e734634304e119d19",
-					"sha256:f04d92301dac6b26e6a8d8f8aa08fa0ec280debe1f91040c0989252a48b3590e",
-					"sha256:3f84d42a9e989dd28923abdebb9682ddad5df1d4473f07e2d6efc0b8bbeed9e7",
-					"sha256:578af74fc912ba68214654e1640a651c905b1d6bcf4e7fafe08e4203044d1b8d",
+					"sha256:ceb582636ead9af51b5314f229b5cdbeaeee37158238a8ca88c967dd5e026e2a",
+					"sha256:8b76c5ffa747e03fa4e1c1ddedfbb584a67879b8e7a166771995578582c90879",
+					"sha256:22c5b31f867a4f23642d92dff7fb867596e4cd9e8f2a3a8db7f848e2d466d8c1",
+					"sha256:29205579b8c585de52d52eb4e9aa7551e9332353dcd7e92074360256dfae599d",
 				},
 				ImageMetadata: types.ImageMetadata{
 					ID: "sha256:58701fd185bda36cab0557bb6438661831267aa4a9e0b54211c4d5317a48aff4",
@@ -419,25 +419,25 @@ func TestArtifact_Inspect(t *testing.T) {
 				Args: cache.ArtifactCacheMissingBlobsArgs{
 					ArtifactID: "sha256:a646bb11d39c149d4aaf9b888233048e0848304e5abd75667ea6f21d540d800c",
 					BlobIDs: []string{
-						"sha256:00b22bb66e7bec6621e9145f3da3df35f6b4affdb996e72088d3aa2d610ebe9b",
-						"sha256:5413183c29c88353c119930226489061042187a2625b28bceb536a1bb7267367",
-						"sha256:b44e7ddf51955f547a773cabeafcf4d35ede96ceb2124ae1b4e540c04d9ef6a8",
-						"sha256:d0afd4834f3ed2c44410a5a83364de5f2c3efe5105c158954482b2569c42dc1f",
+						"sha256:b980e98bdc3705c3ea1c2af780695c0fe25f8d3d22997b99e01b97c81744c04a",
+						"sha256:89ed9f6b02f134987a25c9bcfb18eabf31c6a79588f3d3b1a8da0ec6e7217b57",
+						"sha256:df202a774507f8c2df3d7a56cea3ab3b9d0cfb49a099828298849f2b8e479f2f",
+						"sha256:0c8da2347c5033dae97cd2628250c8a25cdd568c7b86cb4ca52d8b3342820378",
 					},
 				},
 				Returns: cache.ArtifactCacheMissingBlobsReturns{
 					MissingBlobIDs: []string{
-						"sha256:00b22bb66e7bec6621e9145f3da3df35f6b4affdb996e72088d3aa2d610ebe9b",
-						"sha256:5413183c29c88353c119930226489061042187a2625b28bceb536a1bb7267367",
-						"sha256:b44e7ddf51955f547a773cabeafcf4d35ede96ceb2124ae1b4e540c04d9ef6a8",
-						"sha256:d0afd4834f3ed2c44410a5a83364de5f2c3efe5105c158954482b2569c42dc1f",
+						"sha256:b980e98bdc3705c3ea1c2af780695c0fe25f8d3d22997b99e01b97c81744c04a",
+						"sha256:89ed9f6b02f134987a25c9bcfb18eabf31c6a79588f3d3b1a8da0ec6e7217b57",
+						"sha256:df202a774507f8c2df3d7a56cea3ab3b9d0cfb49a099828298849f2b8e479f2f",
+						"sha256:0c8da2347c5033dae97cd2628250c8a25cdd568c7b86cb4ca52d8b3342820378",
 					},
 				},
 			},
 			putBlobExpectations: []cache.ArtifactCachePutBlobExpectation{
 				{
 					Args: cache.ArtifactCachePutBlobArgs{
-						BlobID: "sha256:00b22bb66e7bec6621e9145f3da3df35f6b4affdb996e72088d3aa2d610ebe9b",
+						BlobID: "sha256:b980e98bdc3705c3ea1c2af780695c0fe25f8d3d22997b99e01b97c81744c04a",
 						BlobInfo: types.BlobInfo{
 							SchemaVersion: types.BlobJSONSchemaVersion,
 							Digest:        "",
@@ -447,7 +447,7 @@ func TestArtifact_Inspect(t *testing.T) {
 				},
 				{
 					Args: cache.ArtifactCachePutBlobArgs{
-						BlobID: "sha256:5413183c29c88353c119930226489061042187a2625b28bceb536a1bb7267367",
+						BlobID: "sha256:89ed9f6b02f134987a25c9bcfb18eabf31c6a79588f3d3b1a8da0ec6e7217b57",
 						BlobInfo: types.BlobInfo{
 							SchemaVersion: types.BlobJSONSchemaVersion,
 							Digest:        "",
@@ -457,7 +457,7 @@ func TestArtifact_Inspect(t *testing.T) {
 				},
 				{
 					Args: cache.ArtifactCachePutBlobArgs{
-						BlobID: "sha256:b44e7ddf51955f547a773cabeafcf4d35ede96ceb2124ae1b4e540c04d9ef6a8",
+						BlobID: "sha256:df202a774507f8c2df3d7a56cea3ab3b9d0cfb49a099828298849f2b8e479f2f",
 						BlobInfo: types.BlobInfo{
 							SchemaVersion: types.BlobJSONSchemaVersion,
 							Digest:        "",
@@ -468,7 +468,7 @@ func TestArtifact_Inspect(t *testing.T) {
 				},
 				{
 					Args: cache.ArtifactCachePutBlobArgs{
-						BlobID: "sha256:d0afd4834f3ed2c44410a5a83364de5f2c3efe5105c158954482b2569c42dc1f",
+						BlobID: "sha256:0c8da2347c5033dae97cd2628250c8a25cdd568c7b86cb4ca52d8b3342820378",
 						BlobInfo: types.BlobInfo{
 							SchemaVersion: types.BlobJSONSchemaVersion,
 							Digest:        "",
@@ -483,10 +483,10 @@ func TestArtifact_Inspect(t *testing.T) {
 				Type: types.ArtifactContainerImage,
 				ID:   "sha256:a646bb11d39c149d4aaf9b888233048e0848304e5abd75667ea6f21d540d800c",
 				BlobIDs: []string{
-					"sha256:00b22bb66e7bec6621e9145f3da3df35f6b4affdb996e72088d3aa2d610ebe9b",
-					"sha256:5413183c29c88353c119930226489061042187a2625b28bceb536a1bb7267367",
-					"sha256:b44e7ddf51955f547a773cabeafcf4d35ede96ceb2124ae1b4e540c04d9ef6a8",
-					"sha256:d0afd4834f3ed2c44410a5a83364de5f2c3efe5105c158954482b2569c42dc1f",
+					"sha256:b980e98bdc3705c3ea1c2af780695c0fe25f8d3d22997b99e01b97c81744c04a",
+					"sha256:89ed9f6b02f134987a25c9bcfb18eabf31c6a79588f3d3b1a8da0ec6e7217b57",
+					"sha256:df202a774507f8c2df3d7a56cea3ab3b9d0cfb49a099828298849f2b8e479f2f",
+					"sha256:0c8da2347c5033dae97cd2628250c8a25cdd568c7b86cb4ca52d8b3342820378",
 				},
 				ImageMetadata: types.ImageMetadata{
 					ID: "sha256:58701fd185bda36cab0557bb6438661831267aa4a9e0b54211c4d5317a48aff4",
@@ -552,7 +552,7 @@ func TestArtifact_Inspect(t *testing.T) {
 			missingBlobsExpectation: cache.ArtifactCacheMissingBlobsExpectation{
 				Args: cache.ArtifactCacheMissingBlobsArgs{
 					ArtifactID: "sha256:059741cfbdc039e88e337d621e57e03e99b0e0a75df32f2027ebef13f839af65",
-					BlobIDs:    []string{"sha256:e42b13a4ef21c0534f4e571c1b2c3b10bce9d1fc125e05c36876fc6fb81b0bae"},
+					BlobIDs:    []string{"sha256:6ca0e41a85a9d08155d1a9e40c8a7898a93eb5d9c1a4053c9d2101042e286003"},
 				},
 				Returns: cache.ArtifactCacheMissingBlobsReturns{
 					Err: xerrors.New("MissingBlobs failed"),
@@ -566,16 +566,16 @@ func TestArtifact_Inspect(t *testing.T) {
 			missingBlobsExpectation: cache.ArtifactCacheMissingBlobsExpectation{
 				Args: cache.ArtifactCacheMissingBlobsArgs{
 					ArtifactID: "sha256:059741cfbdc039e88e337d621e57e03e99b0e0a75df32f2027ebef13f839af65",
-					BlobIDs:    []string{"sha256:e42b13a4ef21c0534f4e571c1b2c3b10bce9d1fc125e05c36876fc6fb81b0bae"},
+					BlobIDs:    []string{"sha256:6ca0e41a85a9d08155d1a9e40c8a7898a93eb5d9c1a4053c9d2101042e286003"},
 				},
 				Returns: cache.ArtifactCacheMissingBlobsReturns{
-					MissingBlobIDs: []string{"sha256:e42b13a4ef21c0534f4e571c1b2c3b10bce9d1fc125e05c36876fc6fb81b0bae"},
+					MissingBlobIDs: []string{"sha256:6ca0e41a85a9d08155d1a9e40c8a7898a93eb5d9c1a4053c9d2101042e286003"},
 				},
 			},
 			putBlobExpectations: []cache.ArtifactCachePutBlobExpectation{
 				{
 					Args: cache.ArtifactCachePutBlobArgs{
-						BlobID: "sha256:e42b13a4ef21c0534f4e571c1b2c3b10bce9d1fc125e05c36876fc6fb81b0bae",
+						BlobID: "sha256:6ca0e41a85a9d08155d1a9e40c8a7898a93eb5d9c1a4053c9d2101042e286003",
 						BlobInfo: types.BlobInfo{
 							SchemaVersion: types.BlobJSONSchemaVersion,
 							Digest:        "",
@@ -621,17 +621,17 @@ func TestArtifact_Inspect(t *testing.T) {
 			missingBlobsExpectation: cache.ArtifactCacheMissingBlobsExpectation{
 				Args: cache.ArtifactCacheMissingBlobsArgs{
 					ArtifactID: "sha256:059741cfbdc039e88e337d621e57e03e99b0e0a75df32f2027ebef13f839af65",
-					BlobIDs:    []string{"sha256:e42b13a4ef21c0534f4e571c1b2c3b10bce9d1fc125e05c36876fc6fb81b0bae"},
+					BlobIDs:    []string{"sha256:6ca0e41a85a9d08155d1a9e40c8a7898a93eb5d9c1a4053c9d2101042e286003"},
 				},
 				Returns: cache.ArtifactCacheMissingBlobsReturns{
 					MissingArtifact: true,
-					MissingBlobIDs:  []string{"sha256:e42b13a4ef21c0534f4e571c1b2c3b10bce9d1fc125e05c36876fc6fb81b0bae"},
+					MissingBlobIDs:  []string{"sha256:6ca0e41a85a9d08155d1a9e40c8a7898a93eb5d9c1a4053c9d2101042e286003"},
 				},
 			},
 			putBlobExpectations: []cache.ArtifactCachePutBlobExpectation{
 				{
 					Args: cache.ArtifactCachePutBlobArgs{
-						BlobID: "sha256:e42b13a4ef21c0534f4e571c1b2c3b10bce9d1fc125e05c36876fc6fb81b0bae",
+						BlobID: "sha256:6ca0e41a85a9d08155d1a9e40c8a7898a93eb5d9c1a4053c9d2101042e286003",
 						BlobInfo: types.BlobInfo{
 							SchemaVersion: types.BlobJSONSchemaVersion,
 							Digest:        "",
--- a/artifact/local/fs_test.go
+++ b/artifact/local/fs_test.go
@@ -40,7 +40,7 @@ func TestArtifact_Inspect(t *testing.T) {
 			},
 			putBlobExpectation: cache.ArtifactCachePutBlobExpectation{
 				Args: cache.ArtifactCachePutBlobArgs{
-					BlobID: "sha256:023beaece738972970d8750b27cc99771fd410f9c56f85a69860e0689b19574f",
+					BlobID: "sha256:583d16b16be781149129c53ed6345e5e4fffaa78228b5cd97e3c657cbc436cbe",
 					BlobInfo: types.BlobInfo{
 						SchemaVersion: types.BlobJSONSchemaVersion,
 						DiffID:        "sha256:9eaa33f9952218e93b2b7678e0092c5eb809877c948af5ea19b5148c5857d9fa",
@@ -63,9 +63,9 @@ func TestArtifact_Inspect(t *testing.T) {
 			want: types.ArtifactReference{
 				Name: "host",
 				Type: types.ArtifactFilesystem,
-				ID:   "sha256:023beaece738972970d8750b27cc99771fd410f9c56f85a69860e0689b19574f",
+				ID:   "sha256:583d16b16be781149129c53ed6345e5e4fffaa78228b5cd97e3c657cbc436cbe",
 				BlobIDs: []string{
-					"sha256:023beaece738972970d8750b27cc99771fd410f9c56f85a69860e0689b19574f",
+					"sha256:583d16b16be781149129c53ed6345e5e4fffaa78228b5cd97e3c657cbc436cbe",
 				},
 			},
 		},
@@ -79,7 +79,7 @@ func TestArtifact_Inspect(t *testing.T) {
 			},
 			putBlobExpectation: cache.ArtifactCachePutBlobExpectation{
 				Args: cache.ArtifactCachePutBlobArgs{
-					BlobID: "sha256:da5c89cd6cf04a98ec4438fcdd028a6d436ac5c4f845555e904439316336d97a",
+					BlobID: "sha256:2547e68980e6d85aa37f9e5dfbf406aeef8d8aae31f471d95855841f337f21fb",
 					BlobInfo: types.BlobInfo{
 						SchemaVersion: types.BlobJSONSchemaVersion,
 						DiffID:        "sha256:8ad5ef100e762e3f4df37beb3f8231a782cea12ad9d39bda13fd5850d1b15d11",
@@ -90,9 +90,9 @@ func TestArtifact_Inspect(t *testing.T) {
 			want: types.ArtifactReference{
 				Name: "host",
 				Type: types.ArtifactFilesystem,
-				ID:   "sha256:da5c89cd6cf04a98ec4438fcdd028a6d436ac5c4f845555e904439316336d97a",
+				ID:   "sha256:2547e68980e6d85aa37f9e5dfbf406aeef8d8aae31f471d95855841f337f21fb",
 				BlobIDs: []string{
-					"sha256:da5c89cd6cf04a98ec4438fcdd028a6d436ac5c4f845555e904439316336d97a",
+					"sha256:2547e68980e6d85aa37f9e5dfbf406aeef8d8aae31f471d95855841f337f21fb",
 				},
 			},
 		},
@@ -103,7 +103,7 @@ func TestArtifact_Inspect(t *testing.T) {
 			},
 			putBlobExpectation: cache.ArtifactCachePutBlobExpectation{
 				Args: cache.ArtifactCachePutBlobArgs{
-					BlobID: "sha256:023beaece738972970d8750b27cc99771fd410f9c56f85a69860e0689b19574f",
+					BlobID: "sha256:583d16b16be781149129c53ed6345e5e4fffaa78228b5cd97e3c657cbc436cbe",
 					BlobInfo: types.BlobInfo{
 						SchemaVersion: types.BlobJSONSchemaVersion,
 						DiffID:        "sha256:9eaa33f9952218e93b2b7678e0092c5eb809877c948af5ea19b5148c5857d9fa",
--- a/go.mod
+++ b/go.mod
@@ -8,7 +8,7 @@ require (
 	github.com/alicebob/miniredis/v2 v2.16.0
 	github.com/aquasecurity/cfsec v0.2.2
 	github.com/aquasecurity/defsec v0.0.37
-	github.com/aquasecurity/go-dep-parser v0.0.0-20211110174639-8257534ffed3
+	github.com/aquasecurity/go-dep-parser v0.0.0-20211223121821-c532a40f0bee
 	github.com/aquasecurity/testdocker v0.0.0-20210911155206-e1e85f5a1516
 	github.com/aquasecurity/tfsec v0.63.1
 	github.com/aws/aws-sdk-go v1.42.0
--- a/go.sum
+++ b/go.sum
@@ -196,8 +196,8 @@ github.com/aquasecurity/cfsec v0.2.2 h1:hq6MZlg7XFZsrerCv297N4HRlnJM7K6LLd/l/xCz
 github.com/aquasecurity/cfsec v0.2.2/go.mod h1:sUELRJqIPXTOZiHUx7TzyyFFzuk0W22IG6IWAoV8T6U=
 github.com/aquasecurity/defsec v0.0.37 h1:zdZndlKrW257b8VLK1UwfmXiyPuDrNA+wzBilHRk1LA=
 github.com/aquasecurity/defsec v0.0.37/go.mod h1:csaBEcJ3AKy44expnW0dCANEZcS/c1vcJjwBCbnKWBM=
-github.com/aquasecurity/go-dep-parser v0.0.0-20211110174639-8257534ffed3 h1:zYNhYU4HUqJq+Lqhwf68gvd+v0cKqM2XOmggtHYLkoU=
-github.com/aquasecurity/go-dep-parser v0.0.0-20211110174639-8257534ffed3/go.mod h1:Zc7Eo6tFl9l4XcqsWeabD7jHnXRBK/LdgZuu9GTSVLU=
+github.com/aquasecurity/go-dep-parser v0.0.0-20211223121821-c532a40f0bee h1:PRK1OVMw6a35Nf6MiCM0MptD4RrbCOt0pjDuGscZYjU=
+github.com/aquasecurity/go-dep-parser v0.0.0-20211223121821-c532a40f0bee/go.mod h1:mYbm6nW+oy1o7gGYngbki6y2VPUf6BPt5U7+O9C78sI=
 github.com/aquasecurity/testdocker v0.0.0-20210911155206-e1e85f5a1516 h1:moQmzbpLo5dxHQCyEhqzizsDSNrNhn/7uRTCZzo4A1o=
 github.com/aquasecurity/testdocker v0.0.0-20210911155206-e1e85f5a1516/go.mod h1:gTd97VdQ0rg8Mkiic3rPgNOQdprZ7feTAhiD5mGQjgM=
 github.com/aquasecurity/tfsec v0.63.1 h1:KH63HTcUoab7d3PKtqFO6T8K5AY7bzLw7Kiu+EY9U64=
@@ -789,6 +789,7 @@ github.com/hashicorp/go-immutable-radix v1.3.1/go.mod h1:0y9vanUI8NX6FsYoO3zeMjh
 github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM=
 github.com/hashicorp/go-multierror v0.0.0-20161216184304-ed905158d874/go.mod h1:JMRHfdO9jKNzS/+BTlxCjKNQHg/jZAft8U7LloJvN7I=
 github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
+github.com/hashicorp/go-multierror v1.1.0/go.mod h1:spPvp8C1qA32ftKqdAHm4hHTbPw+vmowP0z+KUhOZdA=
 github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
 github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
 github.com/hashicorp/go-retryablehttp v0.6.4/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY=
--- a/types/const.go
+++ b/types/const.go
@@ -20,6 +20,7 @@ const (
 	NodePkg    = "node-pkg"
 	Yarn       = "yarn"
 	Jar        = "jar"
+	Pom        = "pom"
 	GoBinary   = "gobinary"
 	GoMod      = "gomod"
 	JavaScript = "javascript"