diff --git a/docs/docs/coverage/language/java.md b/docs/docs/coverage/language/java.md
index 26bad288e552..67cd8c135b9d 100644
--- a/docs/docs/coverage/language/java.md
+++ b/docs/docs/coverage/language/java.md
@@ -12,12 +12,12 @@ Each artifact supports the following scanners:
The following table provides an outline of the features Trivy offers.
-| Artifact | Internet access | Dev dependencies | [Dependency graph][dependency-graph] | Position | [Detection Priority][detection-priority] |
-|------------------|:---------------------:|:------------------:|:------------------------------------:|:--------:|:----------------------------------------:|
-| JAR/WAR/PAR/EAR | Trivy Java DB | Include | - | - | Not needed |
-| pom.xml | Maven repository [^1] | [Exclude](#scopes) | ✓ | ✓[^7] | - |
-| *gradle.lockfile | - | Exclude | ✓ | ✓ | Not needed |
-| *.sbt.lock | - | Exclude | - | ✓ | Not needed |
+| Artifact | Internet access | Dev dependencies | [Dependency graph][dependency-graph] | Position | [Detection Priority][detection-priority] |
+|------------------|:---------------------:|:----------------:|:------------------------------------:|:--------:|:----------------------------------------:|
+| JAR/WAR/PAR/EAR | Trivy Java DB | Include | - | - | Not needed |
+| pom.xml | Maven repository [^1] | Exclude | ✓ | ✓[^7] | - |
+| *gradle.lockfile | - | Exclude | ✓ | ✓ | Not needed |
+| *.sbt.lock | - | Exclude | - | ✓ | Not needed |
These may be enabled or disabled depending on the target.
See [here](./index.md) for the detail.
@@ -69,11 +69,6 @@ The vulnerability database will be downloaded anyway.
!!! Warning
Trivy may skip some dependencies (that were not found on your local machine) when the `--offline-scan` flag is passed.
-### scopes
-Trivy supports `runtime`, `compile`, `test` and `import` (for `dependencyManagement`) [dependency scopes][dependency-scopes].
-Dependencies without scope are also detected.
-
-By default, Trivy doesn't report dependencies with `test` scope. Use the `--include-dev-deps` flag to include them.
### maven-invoker-plugin
Typically, the integration tests directory (`**/[src|target]/it/*/pom.xml`) of [maven-invoker-plugin][maven-invoker-plugin] doesn't contain actual `pom.xml` files and should be skipped to avoid noise.
@@ -125,4 +120,3 @@ Make sure that you have cache[^8] directory to find licenses from `*.pom` depend
[maven-pom-repos]: https://maven.apache.org/settings.html#repositories
[sbt-dependency-lock]: https://stringbean.github.io/sbt-dependency-lock
[detection-priority]: ../../scanner/vulnerability.md#detection-priority
-[dependency-scopes]: https://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html#Dependency_Scope
diff --git a/pkg/dependency/parser/java/pom/artifact.go b/pkg/dependency/parser/java/pom/artifact.go
index f691afac5ebd..b2e97efb229b 100644
--- a/pkg/dependency/parser/java/pom/artifact.go
+++ b/pkg/dependency/parser/java/pom/artifact.go
@@ -27,7 +27,6 @@ type artifact struct {
Module bool
Relationship ftypes.Relationship
- Test bool
Locations ftypes.Locations
}
diff --git a/pkg/dependency/parser/java/pom/parse.go b/pkg/dependency/parser/java/pom/parse.go
index 46c859538529..1add19a4b53b 100644
--- a/pkg/dependency/parser/java/pom/parse.go
+++ b/pkg/dependency/parser/java/pom/parse.go
@@ -214,7 +214,6 @@ func (p *Parser) parseRoot(root artifact, uniqModules map[string]struct{}) ([]ft
Licenses: result.artifact.Licenses,
Relationship: art.Relationship,
Locations: art.Locations,
- Test: art.Test,
}
// save only dependency names
@@ -235,7 +234,6 @@ func (p *Parser) parseRoot(root artifact, uniqModules map[string]struct{}) ([]ft
Licenses: art.Licenses,
Relationship: art.Relationship,
Locations: art.Locations,
- Dev: art.Test,
}
pkgs = append(pkgs, pkg)
@@ -402,7 +400,7 @@ func (p *Parser) parseDependencies(deps []pomDependency, props map[string]string
// Resolve dependencies
d = d.Resolve(props, depManagement, rootDepManagement)
- if (d.Scope != "" && d.Scope != "compile" && d.Scope != "runtime" && d.Scope != "test") || d.Optional {
+ if (d.Scope != "" && d.Scope != "compile" && d.Scope != "runtime") || d.Optional {
continue
}
diff --git a/pkg/dependency/parser/java/pom/parse_test.go b/pkg/dependency/parser/java/pom/parse_test.go
index 77a47b5ecdac..934085d5d536 100644
--- a/pkg/dependency/parser/java/pom/parse_test.go
+++ b/pkg/dependency/parser/java/pom/parse_test.go
@@ -61,19 +61,6 @@ func TestPom_Parse(t *testing.T) {
},
},
},
- {
- ID: "org.example:example-test:2.0.0",
- Name: "org.example:example-test",
- Version: "2.0.0",
- Relationship: ftypes.RelationshipDirect,
- Dev: true,
- Locations: ftypes.Locations{
- {
- StartLine: 49,
- EndLine: 54,
- },
- },
- },
},
wantDeps: []ftypes.Dependency{
{
@@ -81,7 +68,6 @@ func TestPom_Parse(t *testing.T) {
DependsOn: []string{
"org.example:example-api:1.7.30",
"org.example:example-runtime:1.0.0",
- "org.example:example-test:2.0.0",
},
},
},
@@ -123,19 +109,6 @@ func TestPom_Parse(t *testing.T) {
},
},
},
- {
- ID: "org.example:example-test:2.0.0",
- Name: "org.example:example-test",
- Version: "2.0.0",
- Relationship: ftypes.RelationshipDirect,
- Dev: true,
- Locations: ftypes.Locations{
- {
- StartLine: 49,
- EndLine: 54,
- },
- },
- },
},
wantDeps: []ftypes.Dependency{
{
@@ -143,7 +116,6 @@ func TestPom_Parse(t *testing.T) {
DependsOn: []string{
"org.example:example-api:1.7.30",
"org.example:example-runtime:1.0.0",
- "org.example:example-test:2.0.0",
},
},
},
diff --git a/pkg/dependency/parser/java/pom/pom.go b/pkg/dependency/parser/java/pom/pom.go
index d27f995217d6..889d107c3c6c 100644
--- a/pkg/dependency/parser/java/pom/pom.go
+++ b/pkg/dependency/parser/java/pom/pom.go
@@ -303,7 +303,6 @@ func (d pomDependency) ToArtifact(opts analysisOptions) artifact {
Exclusions: exclusions,
Locations: locations,
Relationship: ftypes.RelationshipIndirect, // default
- Test: d.Scope == "test",
}
}
diff --git a/pkg/dependency/parser/java/pom/testdata/happy/pom.xml b/pkg/dependency/parser/java/pom/testdata/happy/pom.xml
index 9dfc1c75bd65..1f3c9697a17d 100644
--- a/pkg/dependency/parser/java/pom/testdata/happy/pom.xml
+++ b/pkg/dependency/parser/java/pom/testdata/happy/pom.xml
@@ -46,11 +46,5 @@
999
provided
-
- org.example
- example-test
- 2.0.0
- test
-