snyk
diff --git a/‎.circleci/config.yml‎
Lines changed: 31 additions & 8 deletions b/‎.circleci/config.yml‎
Lines changed: 31 additions & 8 deletions
diff --git a/‎.snyk‎
Lines changed: 17 additions & 1 deletion b/‎.snyk‎
Lines changed: 17 additions & 1 deletion
diff --git a/‎README.md‎
Lines changed: 1 addition & 1 deletion b/‎README.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎SECURITY.md‎
Lines changed: 3 additions & 0 deletions b/‎SECURITY.md‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎components/common.yaml‎
Lines changed: 5 additions & 0 deletions b/‎components/common.yaml‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎lib/analyzer/applications/java.ts‎
Lines changed: 14 additions & 0 deletions b/‎lib/analyzer/applications/java.ts‎
Lines changed: 14 additions & 0 deletions
@@ -132,17 +132,30 @@ jobs:
       - attach_workspace:
           at: ~/snyk-docker-plugin
       - run: npm run lint
-  test:
+  test_unit:
+    <<: *defaults
+    resource_class: medium
+    steps:
+      - checkout
+      - attach_workspace:
+          at: ~/snyk-docker-plugin
+      - run: npm run test:unit > test-unit-logs.txt 2>&1
+      - store_artifacts:
+          path: test-unit-logs.txt
+          destination: test-unit-logs
+  test_system:
     <<: *defaults
     steps:
       - checkout
       - setup_remote_docker
       - attach_workspace:
           at: ~/snyk-docker-plugin
-      - run: npm run test-jest > test-logs.txt 2>&1
+      - run:
+          command: npm run test:system > test-system-logs.txt 2>&1
+          no_output_timeout: 20m
       - store_artifacts:
-          path: test-logs.txt
-          destination: test-logs
+          path: test-system-logs.txt
+          destination: test-system-logs
   test_jest_windows_with_docker:
     <<: *windows_big
     steps:
@@ -207,7 +220,7 @@ jobs:
       - run: npm run build
       - run:
           name: Release on GitHub
-          command: npx semantic-release@19.0.5
+          command: npx semantic-release
 
 workflows:
   version: 2
@@ -252,8 +265,17 @@ workflows:
           context: infrasec_container
           post-steps:
             - *slack-fail-notify
-      - test:
-          name: Test
+      - test_unit:
+          name: Unit Test
+          context:
+            - nodejs-install
+            - snyk-bot-slack
+          requires:
+            - Build
+          post-steps:
+            - *slack-fail-notify
+      - test_system:
+          name: System Test
           context:
             - nodejs-install
             - snyk-bot-slack
@@ -303,7 +325,8 @@ workflows:
             - Lint
             - Build
             - Security Scans
-            - Test
+            - Unit Test
+            - System Test
             - Test Jest Windows with Docker
             - Test Jest Windows no Docker
           post-steps:
 
@@ -1,5 +1,21 @@
 # Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
 version: v1.25.0
 # ignores vulnerabilities until expiry date; change duration by modifying expiry date
-ignore: {}
+ignore:
+  SNYK-JS-TAR-15307072:
+    - 'snyk-nodejs-lockfile-parser > @yarnpkg/core > tar':
+        reason: 'Indirect dependency from snyk-nodejs-lockfile-parser, waiting for upstream fix'
+        expires: 2026-04-03T00:00:00.000Z
+  SNYK-JS-TAR-15416075:
+    - 'snyk-nodejs-lockfile-parser > @yarnpkg/core > tar':
+        reason: 'Indirect dependency from snyk-nodejs-lockfile-parser, waiting for upstream fix'
+        expires: 2026-04-03T00:00:00.000Z
+  SNYK-JS-TAR-15456201:
+    - 'snyk-nodejs-lockfile-parser > @yarnpkg/core > tar':
+        reason: 'Indirect dependency from snyk-nodejs-lockfile-parser, waiting for upstream fix'
+        expires: 2026-04-03T00:00:00.000Z
+  SNYK-JS-LODASH-15869625:
+    - '*':
+        reason: 'Indirect dependency, waiting for upstream fix'
+        expires: 2026-04-09T00:00:00.000Z
 patch: {}
@@ -1,6 +1,6 @@
 ![Snyk logo](https://snyk.io/style/asset/logo/snyk-print.svg)
 
----
+----
 
 Snyk helps you find, fix and monitor for known vulnerabilities in your dependencies, both on an ad hoc basis and as part of your CI (Build) system.
 
 
@@ -0,0 +1,3 @@
+## Reporting Security Issues
+
+To report a security vulnerability to us, please see https://docs.snyk.io/snyk-data-and-governance/reporting-security-issues.
@@ -37,6 +37,11 @@ schemas:
       - rootFs
       - testedFiles
       - workloadMetadata
+      - containerConfig
+      - history
+      - platform
+      - pluginVersion
+      - pluginWarnings
   Identity:
     type: object
     description: Identity defines "what" you found.
 
@@ -251,6 +251,16 @@ async function unpackJars(
   return fingerprints;
 }
 
+/**
+ * Packages with inaccurate pom.properties files return null so that the JAR
+ * will be resolved using the SHA lookup instead.
+ *
+ * Long-term solution: resolve all JARs via maven-deps to remove the need for overrides.
+ */
+const POM_PROPERTIES_OVERRIDES = new Set([
+  "com.microsoft.sqlserver:mssql-jdbc",
+]);
+
 /**
  * Gets coords from the contents of a pom.properties file
  * @param {string} fileContent
@@ -261,6 +271,10 @@ export function getCoordsFromPomProperties(
 ): JarCoords | null {
   const coords = parsePomProperties(fileContent);
 
+  if (POM_PROPERTIES_OVERRIDES.has(`${coords.groupId}:${coords.artifactId}`)) {
+    return null;
+  }
+
   // we need all of these props to allow us to inject the package
   // into the depGraph
   if (!coords.artifactId || !coords.groupId || !coords.version) {
-Original file line number
+Diff line change
@@ @@ -1,6 +1,6 @@ @@
 ![Snyk logo](https://snyk.io/style/asset/logo/snyk-print.svg)
 ----
 +----
 Snyk helps you find, fix and monitor for known vulnerabilities in your dependencies, both on an ad hoc basis and as part of your CI (Build) system.
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+## Reporting Security Issues`
	`2`	`+`
	`3`	`+To report a security vulnerability to us, please see https://docs.snyk.io/snyk-data-and-governance/reporting-security-issues.`