AWS inspector documentation change
Summary
Enhanced Java dependency scanning documentation with SHA-1 hashes and Maven scope details
Security assessment
Added documentation about integrity verification (SHA-1 hashes) as a security feature
Diff
diff --git a/inspector/latest/user/sbom-generator-dependency-collection.md b/inspector/latest/user/sbom-generator-dependency-collection.md index f2f213f6f..c369db249 100644 --- a/inspector/latest/user/sbom-generator-dependency-collection.md +++ b/inspector/latest/user/sbom-generator-dependency-collection.md @@ -112 +112,3 @@ Programming language | Package manager | Supported artifacts | Toolchain support -`Java` | `Maven` | `.jar/.war/.ear SHA1 hash collection` `pom.properties` `pom.xml` | N/A N/A N/A | N/A N/A N/A | Yes N/A Yes | N/A N/A N/A | Yes Yes Yes +`Java` | `Maven` | Compiled Java applications (.jar/.war/.ear) `pom.xml` | N/A N/A | N/A N/A | Yes Yes | N/A N/A | Yes Yes + +The Amazon Inspector SBOM Generator performs Java dependency scanning by analyzing compiled Java applications and `pom.xml` files. When scanning compiled applications, the scanner generates SHA–1 hashes for integrity verification, extracts embedded `pom.properties` files, and parses nested `pom.xml` files. @@ -182,0 +185,4 @@ This file produces an output that contains a package URL. This URL can be used t +###### Excluding nested `pom.xml` parsing + +If you want to exclude `pom.xml` parsing when scanning compiled Java applications, use the `--skip-nested-pomxml` argument. + @@ -213 +219 @@ Dependencies are collected with the following Maven scopes: -Dependencies are collected with the following Maven tag: true. +Dependencies are collected with the following Maven tag: `<optional>true</optional>`.