DS analyzer: Java Maven support - Manifest scanning: pom.xml scanning

Description

This implementation issue covers adding pom.xml manifest scanning capabilities to the Dependency Scanning (DS) analyzer. This manifest scanning will serve as a fallback mechanism when lock files are not available.

Scope

Objective: Implement manifest scanning functionality for Maven pom.xml files

Key Components:

Add pom.xml file detection and parsing logic
Implement dependency extraction from Maven manifest files
Integrate with existing DS analyzer workflow as a fallback option
Ensure compatibility with the current dependency scanning pipeline

Acceptance Criteria:

DS analyzer successfully detects and processes pom.xml files
Direct dependencies are correctly extracted and reported

Spike: #584568 (closed)

Edited Jan 19, 2026 by Orin Naaman

DS analyzer: Java Maven support - Manifest scanning: pom.xml scanning

Description

Scope

Related Issues