What happened:

scanning of an io.micronaut jar file does not report correct group-id, uses MANIFEST.MF

What you expected to happen:

the archive_parser should consider the pom.xml ahead of the MANIFEST.MF

Steps to reproduce the issue:

Scan any jar file with only a pom.xml and no pom.properties and have the correct maven coordinates identified

Anything else we need to know?:

I have a potential fix douglasclarke#8

Environment:

• Output of syft version:
• OS (e.g: cat /etc/os-release or similar):