refactor

Signed-off-by: knqyf263 <knqyf263@gmail.com>
aquasecurity · Mar 8, 2024 · b86dff8 · b86dff8
1 parent 0b06bc5
commit b86dff8
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 8 deletions.
diff --git a/docs/docs/coverage/language/java.md b/docs/docs/coverage/language/java.md
@@ -57,9 +57,10 @@ The vulnerability database will be downloaded anyway.
 
 
 ### maven-invoker-plugin
-Typically, the integration tests directory (`**/[src|target]/it/*/pom.xml`) of [maven-invoker-plugin](https://maven.apache.org/plugins/maven-invoker-plugin/usage.html) doesn't contain actual `pom.xml` files and should be skipped to avoid noise.
+Typically, the integration tests directory (`**/[src|target]/it/*/pom.xml`) of [maven-invoker-plugin][maven-invoker-plugin] doesn't contain actual `pom.xml` files and should be skipped to avoid noise.
 
-Trivy marks dependencies from these files as `Dev`. By default, we skip `Dev` dependencies. If you need to show them, use `--include-dev-deps` flag.
+Trivy marks dependencies from these files as the development dependencies and skip them by default.
+If you need to show them, use the `--include-dev-deps` flag.
 
 
 ## Gradle.lock
@@ -76,4 +77,5 @@ It doesn't require the internet access.
 [^6]: `/Users/<username>/.m2/repository` (for Linux and Mac) and `C:/Users/<username>/.m2/repository` (for Windows) by default
 [^7]: To avoid confusion, Trivy only finds locations for direct dependencies from the base pom.xml file.
 
-[dependency-graph]: ../../configuration/reporting.md#show-origins-of-vulnerable-dependencies
+[dependency-graph]: ../../configuration/reporting.md#show-origins-of-vulnerable-dependencies
+[maven-invoker-plugin]: https://maven.apache.org/plugins/maven-invoker-plugin/usage.html
diff --git a/pkg/fanal/analyzer/language/java/pom/pom.go b/pkg/fanal/analyzer/language/java/pom/pom.go
@@ -6,7 +6,6 @@ import (
 	"path/filepath"
 	"strings"
 
-	"github.com/samber/lo"
 	"golang.org/x/xerrors"
 
 	"github.com/aquasecurity/trivy/pkg/dependency/parser/java/pom"
@@ -35,10 +34,9 @@ func (a pomAnalyzer) Analyze(_ context.Context, input analyzer.AnalysisInput) (*
 	// Mark integration test pom files for `maven-invoker-plugin` as Dev to skip them by default.
 	if isIntegrationTestDir(filePath) {
 		for i := range res.Applications {
-			res.Applications[i].Libraries = lo.Map(res.Applications[i].Libraries, func(lib types.Package, _ int) types.Package {
-				lib.Dev = true
-				return lib
-			})
+			for j := range res.Applications[i].Libraries {
+				res.Applications[i].Libraries[j].Dev = true
+			}
 		}
 	}