AWS Security ChangesHomeSearch

AWS inspector documentation change

Service: inspector · 2025-04-01 · Documentation low

File: inspector/latest/user/sbom-generator-dependency-collection.md

Summary

Enhanced Java dependency scanning documentation with SHA-1 hashes and Maven scope details

Security assessment

Added documentation about integrity verification (SHA-1 hashes) as a security feature

Diff

diff --git a/inspector/latest/user/sbom-generator-dependency-collection.md b/inspector/latest/user/sbom-generator-dependency-collection.md
index f2f213f6f..c369db249 100644
--- a/inspector/latest/user/sbom-generator-dependency-collection.md
+++ b/inspector/latest/user/sbom-generator-dependency-collection.md
@@ -112 +112,3 @@ Programming language | Package manager | Supported artifacts | Toolchain support
-`Java` | `Maven` |  `.jar/.war/.ear SHA1 hash collection` `pom.properties` `pom.xml` |  N/A N/A N/A |  N/A N/A N/A |  Yes N/A Yes |  N/A N/A N/A |  Yes Yes Yes  
+`Java` | `Maven` |  Compiled Java applications (.jar/.war/.ear) `pom.xml` |  N/A N/A |  N/A N/A |  Yes Yes |  N/A N/A |  Yes Yes  
+  
+The Amazon Inspector SBOM Generator performs Java dependency scanning by analyzing compiled Java applications and `pom.xml` files. When scanning compiled applications, the scanner generates SHA–1 hashes for integrity verification, extracts embedded `pom.properties` files, and parses nested `pom.xml` files. 
@@ -182,0 +185,4 @@ This file produces an output that contains a package URL. This URL can be used t
+###### Excluding nested `pom.xml` parsing
+
+If you want to exclude `pom.xml` parsing when scanning compiled Java applications, use the `--skip-nested-pomxml` argument. 
+
@@ -213 +219 @@ Dependencies are collected with the following Maven scopes:
-Dependencies are collected with the following Maven tag: true. 
+Dependencies are collected with the following Maven tag: `<optional>true</optional>`.