Thank you for the new Java check, that will be really useful. Do you test if the jar files contain Java classes?
I'd suggest adding an exception (or lowering the severity) for the jar files found under a '*/src/test*' or */src/it/*' directory, as they are usually legitimate test objects. It's often found in Java components manipulating jar files (jdependency, libcommons-compress-java, plexus-classworlds, maven-shade-plugin, maven-archiver...). Emmanuel Bourg
signature.asc
Description: OpenPGP digital signature
