Multiple Maven Repositories

[henrysachs]

What would you like to be added:

syft can authenticate and communicate with multiple maven repositories for its networking features

Why is this needed:

currently you can only configure one maven-url in the syft settings and the maven reposistory can't be authenticated against.

Additional context:

When using private registries or parent poms you reach the point of multiple repositories quite fast (unfortunately!). I think the best would be to leverage the current authentication mechanism of the package managers itself but are also open to configure each url and a password.

[kzantow]

FWIW the Maven resolver already supports multiple repos: https://github.com/anchore/syft/blob/main/syft/pkg/cataloger/java/internal/maven/config.go#L25.

In fact, it looks like Syft currently supports multiple Maven repo URLs by comma-separating them when specifying the maven-base-url property.

[henrysachs]

FWIW the Maven resolver already supports multiple repos: https://github.com/anchore/syft/blob/main/syft/pkg/cataloger/java/internal/maven/config.go#L25

Oh sorry I didnt knew about this thanks a lot! But we don't have a way to authenticate to those already am I right?