From 5738c2855c63732e2056db47ef3f7634532eed8a Mon Sep 17 00:00:00 2001
From: Asaf Ambar <asafa@jfrog.com>
Date: Wed, 22 May 2024 12:17:35 +0300
Subject: [PATCH] Add classifier to maven graph (#61)

---
 buildscripts/download-jars.sh                 |   2 +-
 commands/audit/sca/common.go                  |   3 +-
 commands/audit/sca/common_test.go             |  17 ++--
 commands/audit/sca/java/deptreemanager.go     |  25 +++---
 commands/audit/sca/java/gradle.go             |   3 +-
 commands/audit/sca/java/mvn.go                |   5 +-
 commands/audit/sca/java/mvn_test.go           |  16 +++-
 .../sca/java/resources/maven-dep-tree.jar     | Bin 13862 -> 14114 bytes
 commands/audit/sca/npm/npm.go                 |   5 +-
 commands/audit/sca/nuget/nuget.go             |   5 +-
 commands/audit/sca/pnpm/pnpm.go               |  13 ++-
 commands/audit/sca/yarn/yarn.go               |   7 +-
 commands/audit/scarunner.go                   |  14 ++--
 commands/curation/curationaudit.go            |  16 ++--
 go.mod                                        |  36 ++++-----
 go.sum                                        |  74 +++++++++---------
 .../maven-example-with-many-types/pom.xml     |   8 ++
 utils/xrayutils.go                            |  59 ++++++++++++++
 18 files changed, 195 insertions(+), 113 deletions(-)
 create mode 100644 utils/xrayutils.go

diff --git a/buildscripts/download-jars.sh b/buildscripts/download-jars.sh
index 28c4d7d2..fce3b1ea 100755
--- a/buildscripts/download-jars.sh
+++ b/buildscripts/download-jars.sh
@@ -9,7 +9,7 @@
 # Once you have updated the versions mentioned below, please execute this script from the root directory of the jfrog-cli-core to ensure the JAR files are updated.
 GRADLE_DEP_TREE_VERSION="3.0.2"
 # Changing this version also requires a change in mavenDepTreeVersion within utils/java/mvn.go.
-MAVEN_DEP_TREE_VERSION="1.1.0"
+MAVEN_DEP_TREE_VERSION="1.1.1"
 
 curl -fL https://releases.jfrog.io/artifactory/oss-release-local/com/jfrog/gradle-dep-tree/${GRADLE_DEP_TREE_VERSION}/gradle-dep-tree-${GRADLE_DEP_TREE_VERSION}.jar -o commands/audit/sca/java/resources/gradle-dep-tree.jar
 curl -fL https://releases.jfrog.io/artifactory/oss-release-local/com/jfrog/maven-dep-tree/${MAVEN_DEP_TREE_VERSION}/maven-dep-tree-${MAVEN_DEP_TREE_VERSION}.jar -o commands/audit/sca/java/resources/maven-dep-tree.jar
diff --git a/commands/audit/sca/common.go b/commands/audit/sca/common.go
index 566ac82c..0613e7d7 100644
--- a/commands/audit/sca/common.go
+++ b/commands/audit/sca/common.go
@@ -178,7 +178,8 @@ func SuspectCurationBlockedError(isCurationCmd bool, tech coreutils.Technology,
 	}
 	switch tech {
 	case coreutils.Maven:
-		if strings.Contains(cmdOutput, "status code: 403") || strings.Contains(cmdOutput, "status code: 500") {
+		if strings.Contains(cmdOutput, "status code: 403") || strings.Contains(strings.ToLower(cmdOutput), "403 forbidden") ||
+			strings.Contains(cmdOutput, "status code: 500") {
 			msgToUser = fmt.Sprintf(curationErrorMsgToUserTemplate, coreutils.Maven)
 		}
 	case coreutils.Pip:
diff --git a/commands/audit/sca/common_test.go b/commands/audit/sca/common_test.go
index a76361b4..8cda89e8 100644
--- a/commands/audit/sca/common_test.go
+++ b/commands/audit/sca/common_test.go
@@ -9,7 +9,6 @@ import (
 	"golang.org/x/exp/maps"
 
 	"github.com/jfrog/jfrog-cli-core/v2/utils/tests"
-	coreXray "github.com/jfrog/jfrog-cli-core/v2/utils/xray"
 	"github.com/jfrog/jfrog-cli-security/utils"
 	"github.com/jfrog/jfrog-client-go/xray/services"
 	xrayUtils "github.com/jfrog/jfrog-client-go/xray/services/utils"
@@ -61,13 +60,13 @@ func TestGetExcludePattern(t *testing.T) {
 }
 
 func TestBuildXrayDependencyTree(t *testing.T) {
-	treeHelper := make(map[string]coreXray.DepTreeNode)
-	rootDep := coreXray.DepTreeNode{Children: []string{"topDep1", "topDep2", "topDep3"}}
-	topDep1 := coreXray.DepTreeNode{Children: []string{"midDep1", "midDep2"}}
-	topDep2 := coreXray.DepTreeNode{Children: []string{"midDep2", "midDep3"}}
-	midDep1 := coreXray.DepTreeNode{Children: []string{"bottomDep1"}}
-	midDep2 := coreXray.DepTreeNode{Children: []string{"bottomDep2", "bottomDep3"}}
-	bottomDep3 := coreXray.DepTreeNode{Children: []string{"leafDep"}}
+	treeHelper := make(map[string]utils.DepTreeNode)
+	rootDep := utils.DepTreeNode{Children: []string{"topDep1", "topDep2", "topDep3"}}
+	topDep1 := utils.DepTreeNode{Children: []string{"midDep1", "midDep2"}}
+	topDep2 := utils.DepTreeNode{Children: []string{"midDep2", "midDep3"}}
+	midDep1 := utils.DepTreeNode{Children: []string{"bottomDep1"}}
+	midDep2 := utils.DepTreeNode{Children: []string{"bottomDep2", "bottomDep3"}}
+	bottomDep3 := utils.DepTreeNode{Children: []string{"leafDep"}}
 	treeHelper["rootDep"] = rootDep
 	treeHelper["topDep1"] = topDep1
 	treeHelper["topDep2"] = topDep2
@@ -116,7 +115,7 @@ func TestBuildXrayDependencyTree(t *testing.T) {
 	topDep2Node.Parent = rootNode
 	topDep3Node.Parent = rootNode
 
-	tree, uniqueDeps := coreXray.BuildXrayDependencyTree(treeHelper, "rootDep")
+	tree, uniqueDeps := utils.BuildXrayDependencyTree(treeHelper, "rootDep")
 
 	assert.ElementsMatch(t, expectedUniqueDeps, maps.Keys(uniqueDeps))
 	assert.True(t, tests.CompareTree(tree, rootNode))
diff --git a/commands/audit/sca/java/deptreemanager.go b/commands/audit/sca/java/deptreemanager.go
index e323fad1..fe577b37 100644
--- a/commands/audit/sca/java/deptreemanager.go
+++ b/commands/audit/sca/java/deptreemanager.go
@@ -2,12 +2,12 @@ package java
 
 import (
 	"encoding/json"
+	"github.com/jfrog/jfrog-cli-security/utils"
 	"os"
 	"strings"
 
 	"github.com/jfrog/jfrog-cli-core/v2/utils/config"
 	"github.com/jfrog/jfrog-cli-core/v2/utils/coreutils"
-	"github.com/jfrog/jfrog-cli-core/v2/utils/xray"
 	"github.com/jfrog/jfrog-client-go/utils/errorutils"
 	xrayUtils "github.com/jfrog/jfrog-client-go/xray/services/utils"
 )
@@ -16,7 +16,7 @@ const (
 	GavPackageTypeIdentifier = "gav://"
 )
 
-func BuildDependencyTree(depTreeParams DepTreeParams, tech coreutils.Technology) ([]*xrayUtils.GraphNode, map[string][]string, error) {
+func BuildDependencyTree(depTreeParams DepTreeParams, tech coreutils.Technology) ([]*xrayUtils.GraphNode, map[string]*utils.DepTreeNode, error) {
 	if tech == coreutils.Maven {
 		return buildMavenDependencyTree(&depTreeParams)
 	}
@@ -44,18 +44,18 @@ func NewDepTreeManager(params *DepTreeParams) DepTreeManager {
 
 // The structure of a dependency tree of a module in a Gradle/Maven project, as created by the gradle-dep-tree and maven-dep-tree plugins.
 type moduleDepTree struct {
-	Root  string                      `json:"root"`
-	Nodes map[string]xray.DepTreeNode `json:"nodes"`
+	Root  string                       `json:"root"`
+	Nodes map[string]utils.DepTreeNode `json:"nodes"`
 }
 
 // Reads the output files of the gradle-dep-tree and maven-dep-tree plugins and returns them as a slice of GraphNodes.
 // It takes the output of the plugin's run (which is a byte representation of a list of paths of the output files, separated by newlines) as input.
-func getGraphFromDepTree(outputFilePaths string) (depsGraph []*xrayUtils.GraphNode, uniqueDepsMap map[string][]string, err error) {
+func getGraphFromDepTree(outputFilePaths string) (depsGraph []*xrayUtils.GraphNode, uniqueDepsMap map[string]*utils.DepTreeNode, err error) {
 	modules, err := parseDepTreeFiles(outputFilePaths)
 	if err != nil {
 		return
 	}
-	uniqueDepsMap = map[string][]string{}
+	uniqueDepsMap = map[string]*utils.DepTreeNode{}
 	for _, module := range modules {
 		moduleTree, moduleUniqueDeps := GetModuleTreeAndDependencies(module)
 		depsGraph = append(depsGraph, moduleTree)
@@ -67,8 +67,8 @@ func getGraphFromDepTree(outputFilePaths string) (depsGraph []*xrayUtils.GraphNo
 }
 
 // Returns a dependency tree and a flat list of the module's dependencies for the given module
-func GetModuleTreeAndDependencies(module *moduleDepTree) (*xrayUtils.GraphNode, map[string][]string) {
-	moduleTreeMap := make(map[string]xray.DepTreeNode)
+func GetModuleTreeAndDependencies(module *moduleDepTree) (*xrayUtils.GraphNode, map[string]*utils.DepTreeNode) {
+	moduleTreeMap := make(map[string]utils.DepTreeNode)
 	moduleDeps := module.Nodes
 	for depName, dependency := range moduleDeps {
 		dependencyId := GavPackageTypeIdentifier + depName
@@ -77,12 +77,13 @@ func GetModuleTreeAndDependencies(module *moduleDepTree) (*xrayUtils.GraphNode,
 			childId := GavPackageTypeIdentifier + childName
 			childrenList = append(childrenList, childId)
 		}
-		moduleTreeMap[dependencyId] = xray.DepTreeNode{
-			Types:    dependency.Types,
-			Children: childrenList,
+		moduleTreeMap[dependencyId] = utils.DepTreeNode{
+			Classifier: dependency.Classifier,
+			Types:      dependency.Types,
+			Children:   childrenList,
 		}
 	}
-	return xray.BuildXrayDependencyTree(moduleTreeMap, GavPackageTypeIdentifier+module.Root)
+	return utils.BuildXrayDependencyTree(moduleTreeMap, GavPackageTypeIdentifier+module.Root)
 }
 
 func parseDepTreeFiles(jsonFilePaths string) ([]*moduleDepTree, error) {
diff --git a/commands/audit/sca/java/gradle.go b/commands/audit/sca/java/gradle.go
index 57ceff8b..dad131e0 100644
--- a/commands/audit/sca/java/gradle.go
+++ b/commands/audit/sca/java/gradle.go
@@ -4,6 +4,7 @@ import (
 	_ "embed"
 	"errors"
 	"fmt"
+	"github.com/jfrog/jfrog-cli-security/utils"
 	"os"
 	"os/exec"
 	"path/filepath"
@@ -56,7 +57,7 @@ type gradleDepTreeManager struct {
 	DepTreeManager
 }
 
-func buildGradleDependencyTree(params *DepTreeParams) (dependencyTree []*xrayUtils.GraphNode, uniqueDeps map[string][]string, err error) {
+func buildGradleDependencyTree(params *DepTreeParams) (dependencyTree []*xrayUtils.GraphNode, uniqueDeps map[string]*utils.DepTreeNode, err error) {
 	manager := &gradleDepTreeManager{DepTreeManager: NewDepTreeManager(params)}
 	outputFileContent, err := manager.runGradleDepTree()
 	if err != nil {
diff --git a/commands/audit/sca/java/mvn.go b/commands/audit/sca/java/mvn.go
index 0b616985..c7263a6d 100644
--- a/commands/audit/sca/java/mvn.go
+++ b/commands/audit/sca/java/mvn.go
@@ -6,6 +6,7 @@ import (
 	"fmt"
 	"github.com/jfrog/jfrog-cli-core/v2/utils/coreutils"
 	"github.com/jfrog/jfrog-cli-security/commands/audit/sca"
+	"github.com/jfrog/jfrog-cli-security/utils"
 	"net/url"
 	"os"
 	"os/exec"
@@ -24,7 +25,7 @@ const (
 	mavenDepTreeJarFile    = "maven-dep-tree.jar"
 	mavenDepTreeOutputFile = "mavendeptree.out"
 	// Changing this version also requires a change in MAVEN_DEP_TREE_VERSION within buildscripts/download_jars.sh
-	mavenDepTreeVersion = "1.1.0"
+	mavenDepTreeVersion = "1.1.1"
 	settingsXmlFile     = "settings.xml"
 )
 
@@ -68,7 +69,7 @@ func NewMavenDepTreeManager(params *DepTreeParams, cmdName MavenDepTreeCmd) *Mav
 	}
 }
 
-func buildMavenDependencyTree(params *DepTreeParams) (dependencyTree []*xrayUtils.GraphNode, uniqueDeps map[string][]string, err error) {
+func buildMavenDependencyTree(params *DepTreeParams) (dependencyTree []*xrayUtils.GraphNode, uniqueDeps map[string]*utils.DepTreeNode, err error) {
 	manager := NewMavenDepTreeManager(params, Tree)
 	outputFilePaths, clearMavenDepTreeRun, err := manager.RunMavenDepTree()
 	if err != nil {
diff --git a/commands/audit/sca/java/mvn_test.go b/commands/audit/sca/java/mvn_test.go
index 3c614bc6..94a413a8 100644
--- a/commands/audit/sca/java/mvn_test.go
+++ b/commands/audit/sca/java/mvn_test.go
@@ -105,7 +105,7 @@ func TestMavenTreesMultiModule(t *testing.T) {
 
 	expectedUniqueDeps := []string{
 		GavPackageTypeIdentifier + "javax.mail:mail:1.4",
-		GavPackageTypeIdentifier + "org.testng:testng:5.9",
+		GavPackageTypeIdentifier + "org.testng:testng:5.9-jdk15",
 		GavPackageTypeIdentifier + "javax.servlet:servlet-api:2.5",
 		GavPackageTypeIdentifier + "org.jfrog.test:multi:3.7-SNAPSHOT",
 		GavPackageTypeIdentifier + "org.jfrog.test:multi3:3.7-SNAPSHOT",
@@ -157,7 +157,7 @@ func TestMavenWrapperTrees(t *testing.T) {
 		GavPackageTypeIdentifier + "org.springframework:spring-core:2.5.6",
 		GavPackageTypeIdentifier + "org.jfrog.test:multi:3.7-SNAPSHOT",
 		GavPackageTypeIdentifier + "org.jfrog.test:multi2:3.7-SNAPSHOT",
-		GavPackageTypeIdentifier + "org.testng:testng:5.9",
+		GavPackageTypeIdentifier + "org.testng:testng:5.9-jdk15",
 		GavPackageTypeIdentifier + "hsqldb:hsqldb:1.8.0.10",
 		GavPackageTypeIdentifier + "junit:junit:3.8.1",
 		GavPackageTypeIdentifier + "javax.activation:activation:1.1",
@@ -198,7 +198,8 @@ func TestMavenWrapperTreesTypes(t *testing.T) {
 	// dependency of pom type
 	depWithPomType := uniqueDeps["gav://org.webjars:lodash:4.17.21"]
 	assert.NotEmpty(t, depWithPomType)
-	assert.Equal(t, depWithPomType[0], "pom")
+	types := *depWithPomType.Types
+	assert.Equal(t, types[0], "pom")
 	existInTreePom := false
 	for _, node := range tree[0].Nodes {
 		if node.Id == "gav://org.webjars:lodash:4.17.21" {
@@ -212,7 +213,8 @@ func TestMavenWrapperTreesTypes(t *testing.T) {
 	// dependency of jar type
 	depWithJarType := uniqueDeps["gav://junit:junit:4.11"]
 	assert.NotEmpty(t, depWithJarType)
-	assert.Equal(t, depWithJarType[0], "jar")
+	types = *depWithJarType.Types
+	assert.Equal(t, types[0], "jar")
 	existInTreeJar := false
 	for _, node := range tree[0].Nodes {
 		if node.Id == "gav://junit:junit:4.11" {
@@ -221,6 +223,12 @@ func TestMavenWrapperTreesTypes(t *testing.T) {
 			existInTreeJar = true
 		}
 	}
+	// dependency with classifier
+	depWithJarClassifier1 := uniqueDeps["gav://commons-io:commons-io:1.2-flavor1"]
+	assert.NotEmpty(t, depWithJarClassifier1)
+	depWithJarClassifier2 := uniqueDeps["gav://commons-io:commons-io:1.2-flavor2"]
+	assert.NotEmpty(t, depWithJarClassifier2)
+
 	assert.True(t, existInTreeJar)
 }
 
diff --git a/commands/audit/sca/java/resources/maven-dep-tree.jar b/commands/audit/sca/java/resources/maven-dep-tree.jar
index f8d7ff406591d396976cc576c6cf0ce87e75042d..d1863b87031e9885c2a7f1399e68f1d5efd17b15 100644
GIT binary patch
delta 8711
zcmZX4Ra6{X*DX$Phv4q+?$AgRAOr|B1ot!+AT-*+T^o1z;BLWP6Wm>byM^%QWZeIr
z@4L4iYVO)K*LtX`F>CF$XAwBh0ZS8zh=dOJ&oRW?5QoKpIQRzy(iwYs8}$B8|DO}m
zA2fHg=l+-fhY@$pi1-I!6!3h1@hv<6ap2E&8a&%y9E2D6i@)LJvHwZ9fBLD6?@y*M
zG?)g08r1$BxelSP(4qybx;=?Tmvcc#*@#9Lue3V>y%8Brr*|go(Gm@)hl%DOlzFIe
zh~xCD2lZ&-z0#n@^M=NGlgLk(&rN9La>e`;40l;Br;?MR`=Zuo*)I}LlwAmo1j;!%
zrlNkh=+2m1=KA5ahU8u7mCP(YbU(|28<3>>v7pW^rJG3<RS}l*vK6h4v+nkFxh9aS
zuI7(B%h5WM$#05tXp9=|uzGEmi~NDzKP)xAl1G6$j~8_Fby>cfmn?yg^&1-PMRe<?
zwQ!wJDN|PnW?QH2^u3a7*<XvFRM5171v!dKHhvx-ZojW7IAhU#pWarKU?w>B^>#Db
z))7iB?)FYjs2uPdZEBGB1ejfHN?9JUYVb&rUZ_iN_?7EC4?a#)indSlIL#9%OIoZQ
z*KIqkzhrEwzTMhbBi`nH=$2XaAFH+H5(nJ0#XIkyFx-$y(eDqOo|a8j(kvG1meQX#
zT8@e^422rv^n4Vs_re1e)p`0aEp$#V-9eRKO%~0olt1_^mo$0Gt*(jkl&jM|3swob
zWBYSn;4HQm)p6$_3Zfj24Ih9XX9@~D?XAZKOK5H)l_MMN9aT|2cH0dYccCZ+CC23|
zv@AB3?_mK!qKn1cS6gM~_(05+@l#?_vtTg*Pno%45(7XG{FB90U5Sj9k^mAl2EF@~
zX9^s&_paQ=@Gi}{f7t^lsc-FSVh3K1Fp$E_=?kV)vGk3G)t7#EMJA|QzqY+-9jpeH
z`@6scKG3826i<S$(}~;1?-;sKmHShsP_eNaa3`Fp&!%DUk_-u2bGGSyM~0K{o-j<!
z;0wphSyGMh$|L~yv@?~j55uRAp)Qz~zOoEYgrHZ(yApzFS2Hd9p_Y48w6|Zrn6`Jj
zQ6U;Kueye$Zg?;ynw<+2BDaSzwg>5`Z88<rghkZDk#f^!8NwObhKI3N3cO+6QPomQ
zah17+q7~USmu$x0AqJbdwv3q=Wqx!eP|AEL^L@lIv|<<!^hz?T<##|QfUd2oql=xy
zBaqLM@P0xuOAAfq$1V2mTkH&-=EvO+6@j8`)yJfq(h&Rf*)TofUKmxdhi-Hb=uKnm
z&J@0{<{Ns{GXO^jY}VeA<0n?1>s6L$dAH!lMUE!2G(jHFP@=`-@+v3u$QAE?J+p*+
zdrRF;wo~qPZelOcAL##vLS-1dGoBFx7{d~`Us!|Xnqv}>3aKt`3IYqMp#GarQ!~`L
z!7<|W5O}hAgh9vDb@{l&5A*@-36<uVwH87rif1$5y2(BEgt}WilN)2jZNz3wcO5xC
zP3Z=vvs-ZQ>}9*RAOxb`6lZM>suNOQ$U~@ipXxcUk;AV2Bfk;uC<b)WOdG}S0A-0U
za@V6_G#5s(VNx`gc^nTD>+wL*bdN%kLUEY+skJmdgsnBsN-VCjm5TZq^?x<!72F?D
zsnbAFK=?;}>XKe9ApadWV}~H)|D!iMwo)cff7ET90uGK24n`|L3e|D71-o#WgH2sr
z8uUD5D0YcnBtM&)q%a`K#YgS%rEm<k+9?ZsVUSVw?+QkVCw$jGd<sX9yz2H@DCFx>
zQA0=v*xtS&q#@*Rm7y`6W_D>VZEmfh;m&9Mu2AQxGj%a2XjAQJ^4PuotYiJj=ge#U
z>9)q23i3*Z(jGP)4Bf^z;-JSFj5x<%VFPh<_Kco?n)X!0bLeGPJkr58;@lR5e8nVf
zBH4C>`0$=~ku$Wv9iXE~uAy{Sg}mdP+Z@kxNsiQ7`4HK(@fCkfH?nD)>cS)Beudqf
zbd7ayjS+N4oP8IXct^C2v}O=_xB0wv1&>Be=t3QTVd||g09DC|cP6_7-rLYhG0{iy
z_lrc}k>Z$W4-8)9M24KB(LOujNrh<)pKt%*qw2N}T*+6AJjyuVs|&i%fV<SAmEzvS
z$a_${c!&?=9<}Lno_+|o@oB&{CioVEp<_%E?IYhqfZwUY@>-VwZJY*4toLGb<4c-=
z;P!!&07Mzf7@8e9=#Mw6jq|fc+3BuZ9<*>=+eZ#D&8PY?&g4I6+z_*2AEhMFlcz3O
z6r|OQDwzLX^7U@q_X&tz)ag5{57(KpRiXvVXyqK~At;geCQf>i75#Le9svQ)=J}a?
z6`{O9tT%!UT&U(##)3)-Krr%hL!c%V2KABUP2k{jCe+!Sr-W(dJk}~5n<+$FJ_3ne
ze|jS)mnqoa{G)rgFHkiGpm%41y!4hcgU=1{gYi)k#5YVy(jACLLStX!(Dp-9kcdQI
zrZq{R-h$1J=_C<T4N^BqWp14eFwDhIn_M>VPpE&U)gE7RGupjZUEl#yi3DS#=X-*k
zVm`~OLV=e{z+$5#j*r71dO+;}i3woS*x(KBAYb`V%!Q*C(hcoRHJJr!exx96$^_O=
z^Ds4&5En)A69?@mEEF%b0C=G>>-521JF}}#%hNpE=HW2>PDK`tK7vvk^^7`axxx0H
z6+ZrMOXt3;UU@Y>e)76#&s@8d$1iNRjh|{$p<@=+i?%$+wVT7gaT_za=`s7|tZXPU
z7`MN;|I}r0ReNohA<XLkge=LlPqEjx<czky7a`l@&fuM_Ig^hwpv`YtZE*Lis`=$x
zU+lu<cluxltM5vV-XUBF_n{czc^A*l!?Kajz!=mZ(>OMYLl1z00~-gQj=3g((^1AV
zF;u-?`?%sncbpb&efwjuqI+40{b#iI%}zX`S>;S;7)oa5B0pCmK50l;1`4L@F1Ai{
z5wjB>%ZcY&VUwf=p0VG<`<84d-PZ(Wv)r@#7H#a`2L&3l-gEjEZ`|D@nqDP%HGLr0
zT(rJ(W!;QH{~aieVFQgje~%39U1$6y-wl<%;O^O~fvglVg}jFO^N0`#WUfoG-V0}G
zI}tb#2WQ8hQzL6^r#>7~lB|2P5J`+Kt1?J={OabqWZ5b74nkMfD$(=~SKfn_Yx1&s
zdlP|VFo-}3jDe&39<D?nwRnX>^u%fWun{7V>L>%KGB&1b*w(Di$qDomu|k-}5Sn0v
z>>@*=terch3SykL3!0k(g>h-yQ0l0<#>pKGS7{Puzb?})3AQ6bpX$d)CTb1j(mCK;
zDltL*%%-iB{%Wkt3N*BL^sq*TI5mQO6M7O8M0&gHU&4+wU`fC$#`s0fAW%)xIpLj5
zE?~MXK8^4gAe?K~s>(I!B3_Nw2A!y58ea1Y#ITmC9CJP8?0Rqn=VWT++6{>6Cs=+`
zd^&YT5gK>WYx<}X_0g}yH=m98cq#*E(jUEdJMnup_jgBb^wjBd?(b8{wzlQl>&B)V
zr`U1r(bkVdi<}fOSO)<~VX`k0vxbuMAkS^gEy+s41WOj1qo1cIM~=21v7t3*=~lHT
zMQVolc#^j7L2;zdpLKYJiy4<xOI(a|2h5y*e5Y&=e>$mg5+Isp%QOy7vu8c2NwKO2
z%vxwAz=CM4=<A#6U{^PUHbwK}68G_GsoU9tmh<~d+GArmZj~3+rb&}<fYH11r}5sm
zyY3zuV|uIeZ{8KD)hH)ObVEhCwj#t+gVam1?423F_L7so24dbH(F&L*IjyhwWEW*^
zdI?ZTR*-hXOOB9dzey3Va0nRP8+&}#9$S`5g3h<u*Dv$uem~Q?Q1^}I7$T*EETmO`
z7riJOE}hAsl?vimBZy|c_vX52oBM<h3@xTi-%4`xzJdP$9!p}yQ-?~^nRwx|{$S%}
zHcewZ#}~x6b-Vm#XRNWy1qtK~Q?$qF)2+9nRw*P68I*>h-yAbG3s_6Jh@z_o&sZpn
z+ksvl4LP&?b(xd9c*Bvkp2i{56%$b%>>ns3-}aC-K}d;RWP$!z+G@g%>~-or^&=c%
zwh5wSgioT~EZYM$YS2vFZ8^WmC}KhlH1!iKE^_BCOGh#0Du*FL2GRULgdZNMiTBKs
zsk$)%V=Z1HR6r}M%vK;(=oNXv(PJp&73b|f8!l~LBy~;2qE#I&51z%ao=JU)ioFXZ
zxvAZf*=BQMeF3<fjyW8>scJnZYDDXn5>+`)hVEjw88|9Y3atsXQvjVviN}9ya#xZj
zDPb35MiZBtNOcgk3I~2pgxYnNA#w)pzLVWneOm|WxKNAhoPp-_ODc*i!ZzH+{ZBDR
z=Gwfn$=+PFx)I#=F`|VU4(>a6Bj87#32c=rc=b)Fr(Ux@ntjT)T6pj1*ZkF7f-Hq>
zW5>+c$<}K14oVe%R8eN%9(*wwl7Ty!>csf<GuJHIoSFC%oNsCcZVZ`&%E}(I0JLh$
z2zP51Vds4|eC8H_O6=ai1gjFj3?(vv`|#?*F%D8K5>e$hm}Vdx-rmW7?y8*~JP!l>
z_H`gEpbcB^5eUD1pFLJ)G*Sj9js7;Mza$t(FtS$YBeV>cL_|5_oZ@&>r)NeKLP|I#
zf!<QZ6t%^#Dd)F@$1x=D_61Nq72tWsLd+W-|LC1PpA03AP<p$xe-)h*=|l|lez4Z$
z`U2sgDNjMq$=VdC-UK9Us#Yiv%$c(zELg$Y)kfu^c6^y#ittIA9AAjp=MzCrp9(40
z-&fV%g2H7D%FNec%x{3^R?b8$V+;rB*<v6bJ2c{CfWFT$bQ1JaD<ACrPRdFx+v)Yv
zLPBad2t`7c-f|q7yC=KAMRr;HyvLo`@Q-CAe=Qq?`lMl^-<70lZrPQjW={0+!<(^~
z$tRY^S8{Vs-0R8G{tba`)kgJP42=zyoirQlLr~l#Kw(u*u!qFOF+nlM3MH{Q#)B8p
z_KA#W-OhIN!qD64p7hyawG;E`%3a44Qn3k&)rns#!<ei6D;6S>(Tr2g+zTD#h%5fH
z_!Z7ZU6il;a9!R-8{}@|)_HNBP2Gg@1^cpxUQ#?9>8)jv@3p*+;R?C4tyc~ODkn%r
zeS)G1EAwRS-~vIiHhfpC6rT}}jI7p1zn#q58YT=p3J5`{1HVna1I@Y+s~KWBqVgLW
zqysiMxU6b6Yz^ZF3T+LA{G&Xo737NFl58}u5T?973@9;qKUYm|uo#z#sU53nPu}4F
zO84khbS*m(h3B9X{l^7#(#icKW^z964Fae$fx~C)^%585ceDGNnyn8E@*Rd?tB;37
z$T()e>=4wSXp%lg4g#To-z;Pg5X0eTCOl#TVADnM5;}uJ!SonaQ$~hoN5>TYNEY4l
zFd?GE*wbf1M$B*NeleEO2@T2Bw?%Ls-`{2UqB{eHkiRw-i121A9zB<cTUwUaFw~0#
zw?K0H4<pXWe{=56+21qzc8rH8o#WceOhe)St*iem;`OeKNJW{E;ou&r;NVE%V3Pvm
zustezC`emn<c;Rew-`synhKGyouXkL@>dnxE<39io2y~^?VUz-CWvxcS(#Bq5I%I8
z2#8wUHTZgR-~GV#T1-L=^vhrKoQe-uL6*XB4e4X8ALed_vTZQoz8Z?lFE*K>oJ<i3
zbbm#_9IluXrl=Nz32&nuKUqK|(s-hg<geu~P=sQ#62`ZFaQMJy0tDeA<}Vy`w{K(N
zH4yL%W`;V7HrPXF9N~wzXl@!+vC3u~uH#S5$GRe%T|CUy*&uN*L?L*_+d6cR*4N2&
z{Az)DXkiJyV6U0ie9F|*PT@E1yj;{LWEs^l2>70qb3d_iyETVX(XN?kz?4jZDp8BX
zP>^0Dl5E4l$+##(feD*-9?#S&e1P#4QF1Pp|1;$yL@!;ATKce}bO6blvjong^2O$*
z7AqzcD@FKd;^G#GdiB>@Ut@jLZzNF?)yDU%{frp}rC$<QxKu6Vzh_;^57?lbuy)iV
zN%NJcTW9j?$rokp6ZupZhOJqR3IpGrLC>t)PB=S0i2-WsX;=f<YiT2#Z}iexh=vIp
zKqMpQ5*=tRxS`IzIy(b%TneQ)^SDF?^b!$psb~z!y)*p~l6Q9Hg`&wM4Di$`!8v_9
z3J3I+0w=vc$7Xv#x=f*$_cNurWbcJV0}TsOb{IhZ7_3}G=jp0H5Yp3p1GeXap@RlA
zp`~=m71xEHV6!w^GiF=JSaWZi57kF4WqE&`pb?ClXujrAcX<Rg(a$M<MxIl!mQ;yE
zbB%T%Pi5-m7yJ+8d14&^37`$=)psrKXS7ECg~bEkNu|xIb)V8w6vrckB|VF~&|{AI
zg4k5Z``tN(98NGtyoANl_qDz^&=j!7W-|{Dp+mf|n@mQ|T4wZDy~rcBwYO78b6YQF
zzs<uRJZAMfH$06_Ja)&jGk80q29Q@}%TYL6X()aC))No~P(rw229Z8YI^UW7P?KSN
zwgTcK$$KvSW2ldYcncmrZ_A{GtEhF9vJ3h=8dr>ST5SZsS4|2@=V6&5Lo=ev;@!l_
zgo!VfJznTmpB8E&vukS9tnn(`S1Oj&*s(5zWJQiPk_~_QlW#xP!WH}P01fxs@Ae+-
zW%V)TuELuR%#dtUZp_w*LY(uMcyhbUw2PW1hRI`5=EW$M@RQDNbqqFqRiLw4##s=<
z4$oDQ`=e;_o;o*bGosd0sKT#;%=h#+XvTOoKAz<UFwv|Ahc}Vz_8-sqsp$YNXenPn
zX(^{QE3&agj7R2Ygc{fG{OM{j%*;Q2WSfW%AG+`u*6u(W=8Yl_98b?6zwKfZi_(Fj
z8l)zx0jUn)m>R0-fG&Q@IaUxFM9iE(PCxhQE6aC}I&RY7%vPmE=xB*{Y-(OQVHs`*
zen0hN0Q0N4mhX$f^tGD;fFflcGS=&;GRDg!ih-}8gE{L6b@#Q(yGD1qT4T)2&$a7F
zlPJ`RnJxM3xM8-6ozBh;^LjV{V~p?Y@Dmq?20kS;0l0<-O!NUA0D}dRh$p$)$hPQw
zk{h=cQOS(wa?)>xP{pT3Q(Bwq#ol+HztNq2X*9X5^^T4~{bV@k^|d#cWqtA(rGkXJ
z2+_lIGH-$msHI$Cuzh3(U30=EoL))#EoJ-5q~N^UOY_Tk;XpezQBfUYMn~YmC%Vdc
z%qnG9#+xI>zW(1xTYf|EUNzemA`u~aR0Pj+W#!YO^}dkroviDA19d)U(~kS6&>t@d
z|1Ft>wmtY+2yk#$e|iqWFluHFm>z=+G&iyKcI<9E#yUgA!*?CMR>{6O-a7rquifCB
z3hi-5@n!Fpj*&I+#Nn{Y1IOr)S3*g**_%`Bf*{F}3IfS(zB*Mjd86Gbl_ZaAmLlfB
z1bk2dee(cU9a#+rO78re4coZ*QTvY=Dg^*rjX|{n{mcMoT%?#aoaM>ZwoRy=>?_=X
z4hf!yB~wdd+*m<VTHS3Kf)kncr*;mlCMnD!opqlQ+rlO9d7J(by6|?g`duvTIs4>P
z2DTVXW)%&WJ9d~JBQrDvL*Y~hS>6ik)wZ`pnK4;2)ycc^r$FLD;I;K}LZj6oV>ms<
z>mNg1Y?N_f7PeO~Lc^`^7O?=HWP_QNhRx+(Mxm*Q*B9YtTlJY;#D$dn**`OIZd`9(
zlbIjn$DW;NW+QW_5zy%4U>;)MY7+nWj6JOvn}kzAencKeX%hk!BT)4@5vM*Pqr1GI
zD*vsVZxNI#Y%+D9#1;{fGSp}Qb#}<<cH#-6F%z3Q#Rko1zfC~5)^G2wncQy^KRn5m
zFB2He4X}&Yj@yfiHC7vgPvMjIJ5uaEqQ{+E>B$UjQClX2t?i>WiJOEc9{VOb_aaLr
zedYF=(D4;C$<l=ysqa2M7?+vTrLBu6#$#D`1S3oC$wyb+F7Dl>Iv!k|ZBk0GLdWQ7
zoVUF8{Q~N3wcb%3kKKRUMi=`@4G<-3NinBHzUuy(p`||tv$lLS?sD`3_b85d@afUe
zqle$7>>*)HoH39+U!&V6X|aHFj)uLCgK#&ww?gmsy!jK^>V_xu7t1r+zh7MQpPzJ(
z%iBR1F|#q$Mme$IIF<PMPLjbbw~~Gl*362pEkTm`6qLWqz5FKpG%Pluu4xeCWtW$Z
zV~f{vczHYh=x!~2+qfq`-;(K`GK>(xm1&)-Dsg1O-z4A+?aDbgU+|(u+5hF2FH!rY
zv7Hdg6`0*N==uD7Lpp=39hS^Z(*05?<qO|~b;|;Uq1S~{Q0HFa;AW{HJ`d4XL_)mQ
z!-IJm`5HsAy011LL<G1E93X1nUqBdvD6N=e)=I?OcoLIb+dNz3FAj{5TFepph%Z5T
z>=djb)m7mtd#tiUd`>dNP1TU*^UZITno=N|&}Sm%4L^U4q`mWc%%3h1$q@oG=)ftF
zTsvsy`Xh~@Ng&1&os9)>;5^usK_G;fihvX?%@!8&o(xMLJ{Dvigw$OV_`*2U^99+I
zw-1vM|AMH8CHJvCr{466zJ~*VW~yL<3~6Rs*5R7>zt;`yO3ba6t{!={5I0m!r~iBO
zYO4QX{ATwodt!<x@Wc-F*13<JBSHugLI=$N`kS#SI*0)4w-9Q)<-20=;Wd@1GuK_n
z=rh>p1lY^GcRVK8?ZNgeSHP;wN9l*+(HxADFm&<zCeb(M#+QZ)J0Ie#b5;1A&R(lO
zJ#QRD7AX)yHq$Sk?Yn4ld+2D(LaO0r0^M=l<LB)%?<3}a5A)e%&l6s<k8@R7mOvG-
zYjmWDI^8Js6(|x_r<M)HchUJXVzEpsk>WSiDq9}a__#{9%-$nnAw<b@73y&#k~PUV
zB*9@X1erFBf<J_cygM(GNr;p!%kfTktsMxLVj9$<0EvVSdXdG^1R<oLXwtf!%G+76
zuIm?Px-x(<;7bKeR`|+8X`nlVHc+xK%Y_i>U$baGzePYwI~Gk$G-N%;4zl$GdwU2|
zan9bHRA8tN;ud{5gt(ULPVLy@Sk^m3zVMSW#0Dd7V5;Ulv^9x5!WpAryN&ZP-7(B=
zdQOi%&8J;0^6X17J*Q2UZ23(;m#`Kd6Lb)L>Q(14v1t~-Qt6XyfrW#8-JtEJrt0+#
zYnv3>xv_Fc{EMMqw@NfBKeDXs7un}?dlynw(;Vb0zTgpIk!BtcuhO@ERFV8B^877<
z?jGWCarz_Ko$CC2R=44DkZeLFMRWfhe~95Td75@i;;HsX#x;q6`SQ7N+3(DCf9{j*
ze1AF~$GE74gZAb~SnGS?^b)9j5{Y3fpsKvhbri6>gV@M94lb}8S0M7W77E|cS#2rl
z;Wki(!v7SYAa7Y_8NX=(Bcye4RpiEIo#Icx2tNrA-a%w?rTWo-(Pmay19nn4%$E;3
z4dt`?_!SzYsx7D#+}OS)ujmAfYSoVKVy1HXkxYZ%^wIab!F{Fi(}f~fvIj2iWDP7O
z-L||vYHi_>mL2e!ZIdVDeyzvI_T7_A^00zXW7@<FFg6qj(*6)cvX;q(j0(FeCC*MF
zif%DJ)W6T!>K)UVtFDM-9;T1)T@+tGPHbthB>M2+?<f>25p#+kSD2ln<#$+^!dMKW
zsNo6druZtgfMt~>BnG9`eNEQ5;Gp%*&>t+nT(09M)$!7hRMB~QmoVmAOUJ8wpHzFl
z%<|)WPSo5m_2K2>!W!t`F?CM3f0&@@T4gF>2;^mDTfa_14Y<bgQg=>`y&UI!5tHr5
zcb41L`vUNpHSbg%M|XKs5PyK%Qeyt8zaOPM)ejsdvEf$Y^cfn7@Khs~5)(o+|6^9I
zK`>0X!B)C_Nn=4+C>1*-z=2|2S#~_Op(^=Fn;q|t?WXRf)t%{=kwcnzfM1TQVzD}3
z#|LP(9g1&k;stem^v#*@2W~Ou3BigM$mb#5gw1PMr}e{T)#ayFVvO26KuH)l8SMD}
zwq6M)$>|A}rGOq!?Vd5_Gr4k~8DsTpOflcNYYnWePwMQs@{nTEEyfS6nB5?G6Xa4m
zIN4B`70PtT0Tw$J9MXceT{nENC=OJ5%vS=qDwK$Q_{IcYZ<hTq(ZoVsi2lCsdPnKH
zo}%RP{QTJV*oJ!<iw!kW5{@xNf6h~SdUc3JVOruKt^y?=4enkh$J?9eGg=;rEMJyL
zCBtNFo&R;{t|icZ2@U=Ql_bW&vu01*LBMHSx$Q`4FMed!yicByQ>iY_vD+sS=}b*%
zLwb(%GU#RK#U}IcX-!nc#q8xd&Y@YOdMEr^6yR3Eyx877s2}y{NFzqr5mbbAlCI*9
zhZ?PLg9Xh;Kjb~YtMN{;O8WDF%sz`7U~)~OI0Hmtf<E}+cS7*mn`b_jK&?OLUV2yG
zVmkX)WOJp`g%x_}x_{*v%YocboaTY6+RziC+eWV7-LYJ#+>&KQ{wU}Qu`MM^)(4|b
zotO*`@oTTTgp=F)-{2_5Qq7Ye@ElrvznC$DzCs_{F*7<;pa*sS*ar^A{cjhBKfBVS
zX?<jS>*r6X6wfr~&6#M;I#~0NaM=4`jm73$z^I0nk*978_f3yX!<oBQPcl2BzOfxN
zR&(0k#4la=TU$cRjb%7q|D^eCIFs9!PuQv=#UOvPiOUI~iqK=S-EewbH7nds4qwnI
z3JiVHD$RQhEJfK0+*%`I22Lo(A2|{-*_jMgE6Yueviy+kyt<xG6O)Qh<<Od_GobLv
zl*QOfVZ2<M_^yzp6^6>L6U8g`VPeE$fB$jNf|viBDzS0pxSlPW(T&YB?3+kt(o{H)
z7rfOsDOc>^(mjX@G)bw?^5(7ajfA=t*jbJLvSXdEMDzBTvt=t=MKwnvqsnBrRauk}
zz1&_J%#c<zW)T1{SY0LnGV|LP>i&s$P<Ce2oBx9NZ$0tH0H9|!)zxeTtKpV|M)IP6
z;lV|E^6K|%F!Kk!nlp==z)`3R_Ycc>dwvHfA}va(2nktuHTYw6K<YdpN;tl=f++b-
zd719)N_w1IDZ3}lJh69iIMP@AQx~UIifA)qh6)Qthlot`@WF4RloJx@GSr$tcmzVk
z|LZ^a561z_jfeFgF9Ix=NBXa~V4H{gFB0(z{>3-Ea(^+NSNE^S;D}f3FS76{{6$B;
zcmJ>FV2aOz=AUiBSk^W3U3fUS%0E^Fh5s-)6!?vz{If|2v*#E6o4b^s904Eg&lDAG
zho6%ApIBxSjbw>GU6B9`I5?jFiamkR2uT0U|KHn=|B?#)+zJ2YPZ1!Y`Ttui|4FQ+
z{?l+_e)SLOpG5`iw*WB$E+dSF`A;#<fDO|S#H9J(^6$+nIJhV-I5_Tq<KYVY5Ly0^
gd0`cTm}vjL*KR=~giM}4H@ILZLS!iKdH)IdA2G~f$^ZZW

delta 8484
zcmZX31ymeMw>1pz?gV!Rm*514!6iTfA-KEyAi*<1X7J!H!QB&Ng1d&`8r&tw%guV<
zyYKyfuhqS~tM;kt)qPH_b86>17dzr;sUjg`BK&jsS<)xsFd_N=0l`dWFH3sEzs>)B
zLH>glE>1lE^8YXrFPV}40F)Y$|1WAIDkAy(dCoxO_=|8v!N2%~D2Mycfa0GSsLGHK
z5Gc{1ngBKMJC7go#F9zO!`?H2BI-+#4Y2saCv<{|2~tPdo;)Y(q|-IE^o9<$>p6Yb
zLb~Csed$ozp3@|>G(^yT&*=<Wux^Q~zRuCxTJaHHi)!x^lPr(%*7p0~cPC(gVXr<e
zMJ2^89U6(l8@06z>Z;-O0c5E@B~%Vky|Y?1<Cmx47;I;@?}AGjCHq(gUuUlK9($Vn
zL#JzhF_f}>pUX;dK$CpW=Ih|wOvxqQ^rP-q=t;|$A+gmoN8jV1lG%%+p0njDfTXW4
z@K(*>#XQCwi81@<;0w<}U!_p}iwxP6?H2Q9A5Xdm$=|uX%E3Pz7P7>fPQH6l&xAF}
zWkZf4!9JERR&F{|yey^hopq_vy6{PJ+}DMvC$AKm=P}ymKB+AP)}Fbh2F|!zD~A_~
zzs@c!;NF=-YCpUB6hy5rV}uh3(mk@SX9;@E`%<=wI29*owJ{!@pKCfw6esdpHd5`!
zaT6n}PQ(Uj7V+xkp~g$Z$NsN*w#dmF?~47<qQJec;hBe#WDOD3ruocaZ@bR~A~wqA
zc$h6LD5V$^2_?sQo5&iom~|bij;|gfTlT*zX3?(Sm-h+t#oa`U<aVm>7Ye(fLRqZ0
z65xfQ<7zWnxo#>ksKV-jpE6mT*PFtwo_$Ewj8$snzb#(VJFr2ID9a@{qEKz?f-rZm
zZorCy4xH!ZbG7YiSwUugX+)@;zTspdy`0(k?rjJwXjOV@9+FVQ-KaUyF&np(O=?EX
z=!6ZA`b%`sKE}+WlJX<KiFX!l+VhT`MO9jkM>;ZZV>sD1-6SSOI^t@?!&ot8Q`B}V
zn_(W%n&L{MV7#WZFSOjlAnp}I(X$<$18ye^ac%0sX8z3OUcAAuTd(!JUcru(irq0r
zE32JqC(mRFjp4{)!I~Nh51XmUHEv;54-jC=ig*8A$g-IPTdhxwz9;WvX5fyOF^(o!
zrHM(S2{&Xix5M5r|JWiwhJHrMm7@Pn?KyNL7-V04;!wAC-^KmrS2umYREcubAh?3Q
zgQAnXm-Ac=p1aC#bX`c<^xI%-=mCr;>8108MI@eN8SxC~eH|F(kpyv&G@)9;o6uo>
ztWU6s>3N+UE|fju@bMkE>}0m9gQF<b@T)|BGDY0IvuvhLc3w}Hi}F6FZ<Kf)h_eBZ
zz~4wqM0mlYGGh_D2dLz?h9FNu#p!I`W1Jr=CwLNC9w*a1)b$sG6~rya&cSWb;krbN
z;*y@Ts2_(Pue)fw+^*jLC-Tt|{)BS<0;)XVpO~+w#aKZ3dvlK)h4MGb!Ci$1p?}tt
zN-AhPF%V3=OY$6a_^pSRBP_SVmysLZrY=bsS{jmz4%9n+<*-*H-m_L$pPu#lW0PHG
zw%v3wL~@E#J$|9xeu+d@ZJM)b|7XK~(CUp@b)ovy&FBa>5WD0^x_<Sn>n8Z*rt>7|
z<cCsD@ESdW(E<yBxa-><3IYm|tnl4UlnyTkToZ6K+1Xs2hbxuIHzOXBQ+@&-IH!EH
zuNAj5yu$s=ewltvh=FvyA)4y!Euznk`3n=ccr{sKe7n0FsSEz;fN=+g%T7+a0<hoc
z_SDGl!0F+_yKC=7YYW=RNPnj<*>i_cPr&VRfWmT=2g6F#P24Sl6x*8I;%!ZI{8~Y)
zNIV#efqNsEfVLN|z~maEinnWuj2FEStxbTp!Jity7DX2nCVuWJER_z?#JClVx}bQv
z13pW9BQswAF3q}j0idz^P6;c}R<Jp3L~fJ;S5pfR2ifu-(k6t%E#CIgCgHRyK|VY<
zNg{zJY=!zO?93pP+K?C6+%AhUs6L&fI$(0r#!>=ieA+|pON~}mHO4!xw_3QgFt6mB
zBbnyO>H%{7bYV1quP@`$Y&lvC^vw2qu^ZB+rR(GriD7LFRG<pT<Ox?M;}CO7*iR6Q
zGagyfE6G0+-ocfzvYT4qUh}?I?YG5aUDbz&JXmSBW@^FXQ*C2_Z#Q>Uq+DS@9T;Gx
zj4^<dJkf9-97PzX4VU39cc3n0o^$ppAN~_|D9W$R+X&;LAZd+BA#N_$MiyI++TRH{
z<c@>_hUxl%VDcgBBe5@aK~@VQsx)ko{w>-<Q_b&NMXUO3kGyoN8&hYCc<8yD-%Z=@
zU*EOR<QlS&q!Zjj&T?rIG`|PCgL%~q3qJ2(=1P&Mqk8kcYZ&+yxviYj-8+F{dKK8@
zCsFyr(!`M*bBaG-gk=p2J3^a_60f9Rl)}a~+aN8|nx$nV-q*S&N14T%aYuVR#Y^re
z`EDgeO&I$5a()RX>>aPjB5mZm`5|-}zQlb@6q^;1HLh|Bj8URU`yF-6U2w2Wl#FPU
z2%nE}4;lLf)@@P<kHD5^X%N9;^ugAg<TK~-GY?<ijlgqZ73JXNWSLO8M2MzXkGDk0
zd`8s}uvu?(9OpvMOm$p<VM^ER6a7I@Y^_nzVY6#~k#T@iyW=I+E#^A`rZy!hv)W<T
za3nP7W~<|Qmlo3;a_@B~8`#^{O|sOmA$AAS6jPm`6(<%MD{5>B=;By+xNZ9YKgB^@
zg`J9YF|Yr){S<Pda!Vh~v<|<;=xt)Zac-XCgpQBx>-1<cKVVDmP6X4hr4j~5yvMqQ
zd|2J^!H$D(xK&dhu&NPe$5~*DS2^V{J<xy?Tmh`D>(ZFF&=1m^V4jO<aqg~tEzm7z
z73h}gd1m8;@F^4wx+Tj_IAwZ%pnA@e<6LK#P-ivxCP0k*u@*b>VAs!{dFLAuz(W-X
zwZc$KFccmpNMoxtHZJNA<TGUBR=<*(I@nynP-D1R1cY+I78p`kYx)U?ZBPJ447IZQ
zOf^M>Mgu9Tjwn@N%t}LZ&P9%xFV+soP5R~s3;r?5H8_Oc=Ba(4MMYHJ8jiLv1CH}h
zo)>}Bj54x^%>ITH&#((klnPi4nL2j=^sJTLn4#HF%?%~z#~H{#jq^^g(pJ%~=a97p
zlDcQHrCdS5`vi$Qb*D{i$E@|eBYktspND2wr0G1idWSG@S4VAASy4OJL=fEswXHbu
zp7ZMJ+)7P%eOX@khIR4K%p1<}*D_pF71!x3_Z=5{9+p+fXFC*q;?(SH$~qGhODl`B
z@8-3r=vJG@EPtp_Xx`BaS<kBHQ9OF<@x3fT*|AvI=#c#+FW5VCw5s%2tjtS|$Ig7s
zBct9}Sgb4$o;>Jv2M)yb9wO8dh)hh$F8W{!P9Lz)NbvP5UyOgQD|fQuu(qBMoA+H1
z8P3n1m~z?=jMvihdtrhmF!#%-m|d*cun&v;nVM`;h+0*~hAqdbtk>zNW8gtiQ~TnL
zfLY3VSL<&nbuZcGd{U{ry(bePHL4s?8pOJJ$;`tV{75-e<U~8%U8F&Eq<5L>`{LL9
zV0;{kog6lI-N2UywGR8KU)%xF8uT$f$c=1S<IE=TAvHRTC#?eI9Ky+40^A`I2$i*{
z$lwOhY<n<It267T)xkNtXU&)s29y2zru=*fjo_V%&w#XD-RumB0Zcfj<G!W$(H)qJ
zO|c^l7F4>eA3ZFb7Eq*9vhO?*9{Htb__<lf@dL%2h(a%2&P67nWv*|VpK3bA?lgx0
zbFsFyLqg?Lj+Xs>nI#E+9)E~N#Kx|bH1n~26h!1#%}Xw*fdT6<q(M6p*c+^{?Z+zV
zq8}fwmhP9Zay<B^y__&W$e*Wy2JcL1*xaQJ44`3{x+R#-uo5N#5XtO7P!zMMb(@^%
z8RgaGm`c;xRg@cJr}MuPa@X1%^%5nZ4el+$^5~dxK_z`qYK%eu(v@FO#&k3>s&<!L
z|1ztj8ZOJ6g*IK(Zdn7r5>lWz$fd|iSEfKri_a+QZCyF{In5Uj4Fqpz%TuuzGB&7S
zg$qca7B1ZG=RHQiMglVKTkMm`M&E`Q2Dh&*g@eBX&vWyQ$jSm<>F$@9Nqjy-@qa5)
ztS%yED4HsU=-|fa9U@JTazTdFh-^PS4ePp^xwwEMJzA%{2eiL}U>_E{q=>dq;#?*J
z5e3ch9(PVl!aHxtjdzyswJkm0g;lhI9~hRakoobn895O{pRHLFJW3w|L0$x9fR68q
z6r=^zG<x_$L$ET(%9_L-Q`!tWl9yg6&H$8|PqK&Q%5*n`g(21M$XNVZ#}<r+d$P#^
z#Bu0KCa;U(M}yP@8`@hwe#?w(rsM;Jnmf$I?sVKl-#PLDr3@momMy3#^0Oc?Lj`Q)
zH#!1ZLoa_UX#>ETGemfL_ie+bD6+;k{X-?Red8EH&kY1bE@m>^4SYK(M{z5N=j3++
zO1J6n+U_uu`ILY|7RpWAv6M_xBTf#C6ZBaAQ{EKRKm#qY*rIn^$NZQf1is|lW_~@e
zbBJjKR@9hT*?5L#?t;xAQ%w^1@{4)jNBARplLv>sF3&VnG)xHFrvTPG$6r@h#WB1)
z2+~RJ@z>Nx;qyIChx4RG`(zq(6`n}RE`5~U=#z82jgF@@&rKAuWj(=z=D@$-2+Xu)
zNpwLay5c0%>-<nvU5N(WOvdvw-|`xL<`L^`K^hNNt0dmgzob*{pkV<&(zAV7uc45l
zXbL17H1g;aoL4FsUJJ$)0^FmNqG;x6^@N0MYU;Q~jGj_4jWJFfCbXq`_o{cRZ)3oi
zYUo3CZmb*+-M0h8BejLY+?UYJTk`o4@6Qq!isMdMPb-nDsJ_+<n8qS=o7cxPxW~De
zf4s>fe>6l&2H1z-j=O=OAKZsaDWrIfw3pSYh>4QL%nQv}<;iE<i^7;SY}S!Amf%(K
z4Hx*8!0xchhcCMq%~tOQuHJDkIe_3V-Z|Sl?n2b;^|UR>XD!US6M|(Ze->)@OtdhX
z*y-RwL1GJlS|J#SxI&!(MB7{1N}I`(CTazIT}i)OqW0|a6_0uEWzO5?_4eB*Zaf<K
zFu#P0|CP!9DOL@mUVg;qg!a=afiv_}hSasTy5ot<$cAH~%FY?s9w9wqQc5c?XjiiK
z`VS6-u!QMINFE#o`=Qzh5`=u)`-^)y<0ljQdtSbt4Yw$HYm%-B@^aM1E65IYh@bdV
zN??p!$hu#tyD{<WY*}&R!%V*pQp%!zqL+IM01iY<d>Y7QP!Vv_$9rzd1^1Mp`m1=-
zh4u{vM)W|^F+$)2QkWe0DzCy|Z(HYK<|v6zTyzq+IxZFbxuBx~;J(xxb_e;()aIQ+
zovp?9ZsajSCd@j8ac=B&z4G=M3Cfx9CM5`c+$8}{$-)OuK5p7LA!IXJW~NKA%2_Je
zxI7Rq)t=_71u->rUDSFmFwis*BZ+eIN2Z6e@|b6-m2+M@5@|OnXWlmk^!}R(ctH*O
z<(ckShP~Ri`OhG&-JP7Xco%v3*bu+^V`>-8)5*~jbw|}7dzuLtWv>I0b&S8MWPp@o
zNbBT<nT|xIT@^(eN-n1eAHL^`WqA#l;uwpMbKb9ou~=tfb&&{OfuDl8n>vdOG~no(
z9!at-3{-XG2JwwCAfhU}Jg+>i@##!nq?j~(13zo0BU#wJD~@)T5Q8uBca7XvZ;H7G
z+S7E5c#c{-=rC@31d*9p7^kS+oNQ_JZK_D;>iA_~@DdH2*_N(BI%58QCdNrZV`aCp
zkX5}5l$x^rmm<ziVBZduurz!3LD2hhI7@Lli+55a{G)iskKJ1Oh&ra*gahFG30ru3
zU^7#Xo@o@tUJ;sPdgh?6=yl%@o5+#cN1n+>`toT9CSTcU<D?Y-ea)JzuVacg0aBRY
z$75A>Azvf1i2;UoB}<!DmWac?c8+FYfRmX;;uigM$~B8K_?u+_COjfE&lTEHhO~iv
zb?oWbZ*FXG_9@Jyne>_Lf>w8AykhJeW&Xl`oYUrs_+z?L19uwk+n2VJDEoU@55?5E
zd?JDA%jSmyWl2&P5-p!$Dg}$$U4l8B)>0F@u{~o4aXOE!evhSM_e{)V_1jN?S%r#3
zzaZ{&#wGj|aPML%$D8H?Hw%L9tQ(%G&iEI@w-i*vo}^#>;Ya184O93oMDjJb!DU74
zEqqlxSgsr@O?_Tt0WLYKJFtE_oND<vZvBvy8Q{)4H*!{c01+lo(aQhea|fcG>zCd<
zF0(u5_l+pWndb&vSKBf0*@}5cc=vG&qlD27eT3{hI4e4*;ljR9YMqmzS<}VKfgdg)
z@v}{+wyNPv=XhW=`6#g|z~9cI4epL66PZ#O->ECX2hLoy^p_A#&wfH4R#D6eUyo&m
zS9D&JMnCO5ecG)?ePh?&suvAI6qZao8n`AuAdp0t5HQQiPySFMAWRS2E?$jgfWG{l
zWVTQS4uExj<iJ@b{mC@ndYH`i#7iq7Q!~~uC=5u1<nq-igiR_JxajdDHgEAdD=?s5
zkbd7BmUtcT(}-O(=kw)oFp&gRAhG(+r>a*hO(b_LTeBt>lH@_7D%Hp$@C(0#?0{DZ
zG9Y?&=vTAqNt8p?(BHBmWL2Ac3PHNg8hAF(V0#vBgUMiTVtm1c!*%xd_lZ6|`KH%(
zfuG{h+?V?ToW4btE{q?dR+8~7b+2BE#j!X5RjO+2Ak`O-e!VhU^7Z+bH!7QGj1hP%
z;Q&V-p`FK4-mDjEhs=F2BEL>+Uxj>5D-#|D`Wse!JbB!OxEHLwZzTH8)6$ytbs;9j
z+*iHO>qlI{?6@163-9CL%qOycYyN*$%6kG0`)mLL!o{EB{v`rbMt}->B8(4}6vl;G
zG4q4n78`B4T!JMwKMr5~)=!YM?@gBY@p*^mC9+kKJ@?|`&hXLeYikb;O^qR&H;O9-
z@;Iap?ml!}huYRzdlaeZuR-MJ9ANdjkpd+?N%}(A1jCE3Lf+}K(N=uuolT0mb}Mgo
zvw|<__;q4_hA~s-2|LGF&WIwhIgrsR$?3_-gzz43hnCIaa{dkrsl>plr9{iHMceqf
zYn9k`WybsE{#Z_(b9Sd)kyD>kduukA%O$tYxqXC5+s{%&#XqCH00=c;VFlBYMK4!i
zMvhS858V0cbql&mE|uutU~qv__r@34okpiriIqfnixWd%i!l%lPVKO=xAYYa(m_nQ
zn@d|AdYhwE9dpU}Hc0yW?8HO4K;qU?v!b-W_J8pS4ooP~ul~rB!ZHzLeN{(8KK0@-
z4_JIeonK4GMQiwS?j?ix1TNT%1$MvWBQ+-^zqKi;|Cp#ah$-OGlY7SXniP*O(W&`q
zWBFD1x+$SdpJ(pR7Y$X?1#Bc^b-v*iIpaP)Q$OUQ^z2gP&}K>DjH8V7-Dzn^yjGEb
z`M9uoCA!Mi2yp_B^d@$e&T%|vpB`e)#Yc|KNUT7h(fjMq6%Y135?{a_pNFn4y7l1l
zf?yvGW~woN94!BlDC+k|^`j>Os}sAcy)S)rp3;<FZS>uYA)(n#7Zyt_q@RJ|B%U+U
zAKeAr`QT!hJK;v6MRjSc<3sovyK~Qomp-Ty+n2_E-vn&S?_eY1%pW)lG`~s?J5G^0
zBqYBfjXfVW(+39l8n-ezyLL)Tfxv)&UC;TC>!DQc%BiCxAV9bg5P1IMdPGolHde55
zAxP(1E$-<zO;X#cmF5PjGJfJNb@uOw-YcGVCdC_h<)OtNo5{b=$q7hL6YBPk&PJ~S
zc1O>6o+c;7NFF{RV<L(`UE-TTMK;-~YXRSkKW~_-8gnz8NO!;Yt6omc_!uhjL*=ck
zw1h+pUJ2^)*7k7nO?O57dj!6(xK=t~Gtz`jM!g5bJ^?##>2n0m-j%H~TXb_)x%NGB
z5wfoMAddyHb^4fR2cfmhpN;c|;&rZxYj6B1?h!SY+aYU{OPnb{1kzY%*Id)DG$ctg
z+F=Qe20!X*S_dAJ+oyI(a=eKao?;nmUTLsG1a993%(g`g%O5&~GAmPSH;y`k-<ggH
zjQBZ`3f3rCh|s^l9nJrV7lVzg-Z=Egi4zG#Qg*794O`Rt2F9ohcokNI9~em(bBk(5
ztlgPy@wWMnz>G9MnwOylAYz<%qzZLVG#(B!*rlJBP5@!-B`SBzzj+>Zo9MqAz1lv>
z8Ji$!IkLvPFRM*;AZ7NA2Yglmhskm%ShJ}%tOII+^rlKNrn<^xS*sqD4Ah(qg6!qS
zTOy5&UtE}Btr4>tKXaC+8|QzPCb&zsG*dw249?Y%x8Bj%bYTeao{+2k4&?O&SunVZ
zJgd6}2Uy^1n-LJqhNrpcMf<GzBpH}zwN%U>4=y=W8<3xKs`FGARm-D-yIu!wH+`Yv
zzY*a`&TUQ?9wM<8VZbo+!e#0$TXw%nFErNa@9$a?L=e1eg_*Zs+b%4XD`E76n2_uL
zp4o{A5kOJ$%csLO_UpH+BNa-y;**-&m>3C_UYQQ@<zwnu2*)n7pp|8W+^tX^7518C
zVxSixZj)*&Am1?-giND@fpRO)>(!rhpR<0eT8*M2wqq_^C_eX<?~}3&2Ku_V+a$Y+
z#qwhO*(8&6@Kew5)<#u<pprvn5cY!>M8aXVPZ}&rWY_a1IPDA+NdbfoKAn3-j}8iV
zj%n_+iNS+pmTu$UgJ-sMu4`A^Tg@2LoY-0fuT^?pw5G-~b<b6T&2H>h=EMq`wAy5`
zX+|u2o6n1+x~k~iax&{6U8fNLp0M0_(g!6NnWbmGsx{t$m-;W00{v$!?vD6WvJ<Hw
zzg+|zgCjl8;K~hq#LWX=`vI+YPmxU9Htgcb{EUwnqkD7DkaDn1v#ILuJGPS35%#)u
zs;qD<=`wq-`sgLFx!+e5yP39fP_w6=r&R6_+0n=feNDY@KK=y=pMG5{Fb8Vu+!JY)
ztQn5~L~$#gxAG`xUHs{QUfA9qeZdyFFnTIUgI}syLmjNl;*d@tWqq-r-^SUD&$<rK
z|AGU|Kr(qTeA4gpW^F3%kiRv=CT<N`@F(G!vbO^j7i*{v7+^OXwX&5R`8M^sJ@KHe
zwnpOBfYYqF+!h-4M?z-%S%@rnj)*Zn+0<Gd82uskbykGISe6C~+U89eWeypMkXQFq
z=c&wMRCbP|nIQ#Uk`l6#({Z4{pohoMP{lclCLwyZl0i(*#yCEEl&ASf{`8wj!z@qh
zeT*`x1q|zSu%H;7Fga$^0&}eqwoFs5Iw(1Oyc+z4zM}eGlDRGis2okwRRnwx{w7%I
zHAZew{0#1RUWA$Q2vYa^Nx(@C=6P|eTGF<YUHqrR5$_{~Si9At{oIGU$M9<rJ|~Lm
z(`moIHssb3=rtxPV-k}G+UG30CYm-*ByuGoHQ;W8$ApS{0xNN?H_g6!`7~-dLN-RY
zmc}`*iFP1Nv&XIzF`HBvr5JVBSME8sC~JjU((Tm&0pCunii;%4c|k8domr=iu1e$u
zexp%PJj-kvJ_k-WnmZMF<2Z0<JJ?bUxjv|@)<2vYxQV{2MbXwq)KhK(HI;C-FEI|v
z$IwuL@zFRv&jJQZF%MF2sv{rZ2b;geF)U6_QZYTm$gxoq4wX%vYyGLaFebWPOl|ip
zie7bmR$A;_a4wJ7^j+&f#hzhW=RJN!GRGBXLc#J2qBU#A%ckg5e^fMXcPw7oMUR)V
z^!v)E(PwOn9_Ohe(wSS1>|UYy8gYt9<Xgf|@O6@KBo5NceS)2_K9e6qu!<kRj00?x
zmg$FmpOlv!?%>E<u;dONq74<L6#y@Dd9E{|qvW1d>o!$SO=Y4a*ZyRSw`w2Oj{f)|
zK(!axkIUf~&;|wJV~_HV<o2w5D5v^h5Bg#@KIIp#;UxI0J9N+Vk|pEX`Mu@_gxs|c
zT;W3gTDe&!{&c&SxLz#*ha_%z(caZpI0S3iZ{)}w|G6LQq`!zp?x(l_7Rf<)t4;K|
z#gXSAaSU**KEokA53N6QmzT^6x-%prw!<-pHX@|vH)D*tM(5?}{iZOPO2pguPG87f
z_(bbuRI4e6?Qx$}RVQqz8p*bh?pD(ljA?Y|cQm`h@;G6GL{cLaw5=M<x-<!4Qg$kn
z7e&{hR-xp(c*~(`@k#Ciw%>ba)0zCNteQqBqL?*<;9V>7X+y&_&p-QfLvcs!XzeeF
zH|aS^U=U@N1aZ-1zWcJWLOsWso~aKad>tFOXPi07ZkWB7s@kFORo8qJJs-6ayzayS
z1AVMbutykEK7QvtwP!4!9$dhy3kZ)?*b>(OrF)-u7QA<`e~u<iiWb#$aXa-w<Sw-!
z7=|VnVMwqN;aQhsnm4o?6Aw1#9MBT=k34XscN-h=PQe<==k8g3yu^5NNzASRBVAIJ
zT-X*|wMoG#N_|#$rPU8KN&;<aEfjty&DWrWm{w-p2Z0!j!l(<JkH%ztQSxR*N2^q4
z#iEjnxpFukIUq@Cy|ZzqcNo6g?FP?#&;Mo^f240iF41i&J7^8BEO_KAW;ic4!bCt9
z!`kAMx4+gYkm|CDHd;6~EXFdcrhC;pD9Qi=bkq~sy!<LphNY*1Ld&#=6uGdv)V1%b
zruk7y*tND(IGMg>O`@{+<RUxj4PG-(F=s-uQ(o)C>8+2~PCfSk_MdGCL;x|;|A_DZ
zk=vope87KHcxV=%^j}qdm5=8y67UQCMHPP8zxat?|F62f%P;m9nFQqjqJx0$|Eso-
z2w2koBfuxHuUKp&A|O=#k@MyMm%LvXDht&V)TR4}b7LX?Dggxnq43X}as3}o3_8>l
zkplWdkl~;ClZ2=MmbiaggoT*@n*OW&As{gPAJb!^zr;#nENG4pHr@a1yZo8wo(2Jd
z;{TAVX`o}YRKS0~4?4pCUw-^+Q5Z_V^uLM`O7#CEjL`SOqyS{r|L!A#7763g{m-xd
aWAFIq6#jP{gu>8lp8qCup&If2)AL_N0-fFf

diff --git a/commands/audit/sca/npm/npm.go b/commands/audit/sca/npm/npm.go
index 00478a7a..20bc531d 100644
--- a/commands/audit/sca/npm/npm.go
+++ b/commands/audit/sca/npm/npm.go
@@ -7,7 +7,6 @@ import (
 	buildinfo "github.com/jfrog/build-info-go/entities"
 	"github.com/jfrog/jfrog-cli-core/v2/artifactory/commands/npm"
 	"github.com/jfrog/jfrog-cli-core/v2/utils/coreutils"
-	coreXray "github.com/jfrog/jfrog-cli-core/v2/utils/xray"
 	"github.com/jfrog/jfrog-cli-security/utils"
 	"github.com/jfrog/jfrog-client-go/utils/log"
 	xrayUtils "github.com/jfrog/jfrog-client-go/xray/services/utils"
@@ -105,7 +104,7 @@ func addIgnoreScriptsFlag(npmArgs []string) []string {
 
 // Parse the dependencies into an Xray dependency tree format
 func parseNpmDependenciesList(dependencies []buildinfo.Dependency, packageInfo *biutils.PackageInfo) (*xrayUtils.GraphNode, []string) {
-	treeMap := make(map[string]coreXray.DepTreeNode)
+	treeMap := make(map[string]utils.DepTreeNode)
 	for _, dependency := range dependencies {
 		dependencyId := utils.NpmPackageTypeIdentifier + dependency.Id
 		for _, requestedByNode := range dependency.RequestedBy {
@@ -119,7 +118,7 @@ func parseNpmDependenciesList(dependencies []buildinfo.Dependency, packageInfo *
 			treeMap[parent] = depTreeNode
 		}
 	}
-	graph, nodeMapTypes := coreXray.BuildXrayDependencyTree(treeMap, utils.NpmPackageTypeIdentifier+packageInfo.BuildInfoModuleId())
+	graph, nodeMapTypes := utils.BuildXrayDependencyTree(treeMap, utils.NpmPackageTypeIdentifier+packageInfo.BuildInfoModuleId())
 	return graph, maps.Keys(nodeMapTypes)
 }
 
diff --git a/commands/audit/sca/nuget/nuget.go b/commands/audit/sca/nuget/nuget.go
index c3da7bc8..ffec7824 100644
--- a/commands/audit/sca/nuget/nuget.go
+++ b/commands/audit/sca/nuget/nuget.go
@@ -16,7 +16,6 @@ import (
 	"github.com/jfrog/gofrog/datastructures"
 	"github.com/jfrog/jfrog-cli-core/v2/artifactory/commands/dotnet"
 	"github.com/jfrog/jfrog-cli-core/v2/utils/config"
-	coreXray "github.com/jfrog/jfrog-cli-core/v2/utils/xray"
 	"github.com/jfrog/jfrog-cli-security/commands/audit/sca"
 	"github.com/jfrog/jfrog-cli-security/utils"
 	"github.com/jfrog/jfrog-client-go/utils/errorutils"
@@ -219,7 +218,7 @@ func runDotnetRestore(wd string, params utils.AuditParams, toolType bidotnet.Too
 func parseNugetDependencyTree(buildInfo *entities.BuildInfo) (nodes []*xrayUtils.GraphNode, allUniqueDeps []string) {
 	uniqueDepsSet := datastructures.MakeSet[string]()
 	for _, module := range buildInfo.Modules {
-		treeMap := make(map[string]coreXray.DepTreeNode)
+		treeMap := make(map[string]utils.DepTreeNode)
 		for _, dependency := range module.Dependencies {
 			dependencyId := nugetPackageTypeIdentifier + dependency.Id
 			parent := nugetPackageTypeIdentifier + dependency.RequestedBy[0][0]
@@ -231,7 +230,7 @@ func parseNugetDependencyTree(buildInfo *entities.BuildInfo) (nodes []*xrayUtils
 			}
 			treeMap[parent] = depTreeNode
 		}
-		dependencyTree, uniqueDeps := coreXray.BuildXrayDependencyTree(treeMap, nugetPackageTypeIdentifier+module.Id)
+		dependencyTree, uniqueDeps := utils.BuildXrayDependencyTree(treeMap, nugetPackageTypeIdentifier+module.Id)
 		nodes = append(nodes, dependencyTree)
 		for _, uniqueDep := range maps.Keys(uniqueDeps) {
 			uniqueDepsSet.Add(uniqueDep)
diff --git a/commands/audit/sca/pnpm/pnpm.go b/commands/audit/sca/pnpm/pnpm.go
index 39dedce5..5ae20b2e 100644
--- a/commands/audit/sca/pnpm/pnpm.go
+++ b/commands/audit/sca/pnpm/pnpm.go
@@ -20,7 +20,6 @@ import (
 	"github.com/jfrog/jfrog-client-go/utils/log"
 
 	biutils "github.com/jfrog/build-info-go/utils"
-	coreXray "github.com/jfrog/jfrog-cli-core/v2/utils/xray"
 	xrayUtils "github.com/jfrog/jfrog-client-go/xray/services/utils"
 )
 
@@ -143,7 +142,7 @@ func parsePnpmLSContent(projectInfo []pnpmLsProject) (dependencyTrees []*xrayUti
 	uniqueDepsSet := datastructures.MakeSet[string]()
 	for _, project := range projectInfo {
 		// Parse the dependencies into Xray dependency tree format
-		dependencyTree, uniqueProjectDeps := coreXray.BuildXrayDependencyTree(createProjectDependenciesTree(project), getDependencyId(project.Name, project.Version))
+		dependencyTree, uniqueProjectDeps := utils.BuildXrayDependencyTree(createProjectDependenciesTree(project), getDependencyId(project.Name, project.Version))
 		// Add results
 		dependencyTrees = append(dependencyTrees, dependencyTree)
 		uniqueDepsSet.AddElements(maps.Keys(uniqueProjectDeps)...)
@@ -152,8 +151,8 @@ func parsePnpmLSContent(projectInfo []pnpmLsProject) (dependencyTrees []*xrayUti
 	return
 }
 
-func createProjectDependenciesTree(project pnpmLsProject) map[string]coreXray.DepTreeNode {
-	treeMap := make(map[string]coreXray.DepTreeNode)
+func createProjectDependenciesTree(project pnpmLsProject) map[string]utils.DepTreeNode {
+	treeMap := make(map[string]utils.DepTreeNode)
 	directDependencies := []string{}
 	// Handle production-dependencies
 	for depName, dependency := range project.Dependencies {
@@ -168,7 +167,7 @@ func createProjectDependenciesTree(project pnpmLsProject) map[string]coreXray.De
 		appendTransitiveDependencies(directDependency, dependency.Dependencies, treeMap)
 	}
 	if len(directDependencies) > 0 {
-		treeMap[getDependencyId(project.Name, project.Version)] = coreXray.DepTreeNode{Children: directDependencies}
+		treeMap[getDependencyId(project.Name, project.Version)] = utils.DepTreeNode{Children: directDependencies}
 	}
 	return treeMap
 }
@@ -178,13 +177,13 @@ func getDependencyId(depName, version string) string {
 	return utils.NpmPackageTypeIdentifier + depName + ":" + version
 }
 
-func appendTransitiveDependencies(parent string, dependencies map[string]pnpmLsDependency, result map[string]coreXray.DepTreeNode) {
+func appendTransitiveDependencies(parent string, dependencies map[string]pnpmLsDependency, result map[string]utils.DepTreeNode) {
 	for depName, dependency := range dependencies {
 		dependencyId := getDependencyId(depName, dependency.Version)
 		if node, ok := result[parent]; ok {
 			node.Children = appendUniqueChild(node.Children, dependencyId)
 		} else {
-			result[parent] = coreXray.DepTreeNode{Children: []string{dependencyId}}
+			result[parent] = utils.DepTreeNode{Children: []string{dependencyId}}
 		}
 		appendTransitiveDependencies(dependencyId, dependency.Dependencies, result)
 	}
diff --git a/commands/audit/sca/yarn/yarn.go b/commands/audit/sca/yarn/yarn.go
index c70e623c..6a1fe54d 100644
--- a/commands/audit/sca/yarn/yarn.go
+++ b/commands/audit/sca/yarn/yarn.go
@@ -13,7 +13,6 @@ import (
 	"github.com/jfrog/jfrog-cli-core/v2/utils/config"
 	"github.com/jfrog/jfrog-cli-core/v2/utils/coreutils"
 	"github.com/jfrog/jfrog-cli-core/v2/utils/ioutils"
-	coreXray "github.com/jfrog/jfrog-cli-core/v2/utils/xray"
 	"github.com/jfrog/jfrog-cli-security/utils"
 	"github.com/jfrog/jfrog-client-go/utils/errorutils"
 	"github.com/jfrog/jfrog-client-go/utils/io/fileutils"
@@ -200,7 +199,7 @@ func runYarnInstallAccordingToVersion(curWd, yarnExecPath string, installCommand
 
 // Parse the dependencies into a Xray dependency tree format
 func parseYarnDependenciesMap(dependencies map[string]*biutils.YarnDependency, rootXrayId string) (*xrayUtils.GraphNode, []string) {
-	treeMap := make(map[string]coreXray.DepTreeNode)
+	treeMap := make(map[string]utils.DepTreeNode)
 	for _, dependency := range dependencies {
 		xrayDepId := getXrayDependencyId(dependency)
 		var subDeps []string
@@ -208,10 +207,10 @@ func parseYarnDependenciesMap(dependencies map[string]*biutils.YarnDependency, r
 			subDeps = append(subDeps, getXrayDependencyId(dependencies[biutils.GetYarnDependencyKeyFromLocator(subDepPtr.Locator)]))
 		}
 		if len(subDeps) > 0 {
-			treeMap[xrayDepId] = coreXray.DepTreeNode{Children: subDeps}
+			treeMap[xrayDepId] = utils.DepTreeNode{Children: subDeps}
 		}
 	}
-	graph, uniqDeps := coreXray.BuildXrayDependencyTree(treeMap, rootXrayId)
+	graph, uniqDeps := utils.BuildXrayDependencyTree(treeMap, rootXrayId)
 	return graph, maps.Keys(uniqDeps)
 }
 
diff --git a/commands/audit/scarunner.go b/commands/audit/scarunner.go
index 2472701c..56bab257 100644
--- a/commands/audit/scarunner.go
+++ b/commands/audit/scarunner.go
@@ -210,7 +210,7 @@ func GetTechDependencyTree(params xrayutils.AuditParams, tech coreutils.Technolo
 		return
 	}
 	var uniqueDeps []string
-	var uniqDepsWithTypes map[string][]string
+	var uniqDepsWithTypes map[string]*xrayutils.DepTreeNode
 	startTime := time.Now()
 
 	switch tech {
@@ -345,14 +345,18 @@ func SetResolutionRepoIfExists(params xrayutils.AuditParams, tech coreutils.Tech
 	return
 }
 
-func createFlatTreeWithTypes(uniqueDeps map[string][]string) (*xrayCmdUtils.GraphNode, error) {
+func createFlatTreeWithTypes(uniqueDeps map[string]*xrayutils.DepTreeNode) (*xrayCmdUtils.GraphNode, error) {
 	if err := logDeps(uniqueDeps); err != nil {
 		return nil, err
 	}
 	var uniqueNodes []*xrayCmdUtils.GraphNode
-	for uniqueDep, types := range uniqueDeps {
-		p := types
-		uniqueNodes = append(uniqueNodes, &xrayCmdUtils.GraphNode{Id: uniqueDep, Types: &p})
+	for uniqueDep, nodeAttr := range uniqueDeps {
+		node := &xrayCmdUtils.GraphNode{Id: uniqueDep}
+		if nodeAttr != nil {
+			node.Types = nodeAttr.Types
+			node.Classifier = nodeAttr.Classifier
+		}
+		uniqueNodes = append(uniqueNodes, node)
 	}
 	return &xrayCmdUtils.GraphNode{Id: "root", Nodes: uniqueNodes}, nil
 }
diff --git a/commands/curation/curationaudit.go b/commands/curation/curationaudit.go
index 1b4e78d5..e31b20ea 100644
--- a/commands/curation/curationaudit.go
+++ b/commands/curation/curationaudit.go
@@ -619,7 +619,7 @@ func getUrlNameAndVersionByTech(tech coreutils.Technology, node *xrayUtils.Graph
 	case coreutils.Npm:
 		return getNpmNameScopeAndVersion(node.Id, artiUrl, repo, coreutils.Npm.String())
 	case coreutils.Maven:
-		return getMavenNameScopeAndVersion(node.Id, artiUrl, repo, node.Types)
+		return getMavenNameScopeAndVersion(node.Id, artiUrl, repo, node)
 
 	case coreutils.Pip:
 		downloadUrls, name, version = getPythonNameVersion(node.Id, downloadUrlsMap)
@@ -648,18 +648,22 @@ func getPythonNameVersion(id string, downloadUrlsMap map[string]string) (downloa
 
 // input- id: gav://org.apache.tomcat.embed:tomcat-embed-jasper:8.0.33
 // input - repo: libs-release
-// output - downloadUrl: <arti-url>/libs-release/org/apache/tomcat/embed/tomcat-embed-jasper/8.0.33/tomcat-embed-jasper-8.0.33.jar
-func getMavenNameScopeAndVersion(id, artiUrl, repo string, types *[]string) (downloadUrls []string, name, scope, version string) {
+// output - downloadUrl: <arti-url>/libs-release/org/apache/tomcat/embed/tomcat-embed-jasper/8.0.33/tomcat-embed-jasper-8.0.33-jdk15.jar
+func getMavenNameScopeAndVersion(id, artiUrl, repo string, node *xrayUtils.GraphNode) (downloadUrls []string, name, scope, version string) {
 	id = strings.TrimPrefix(id, "gav://")
 	allParts := strings.Split(id, ":")
 	if len(allParts) < 3 {
 		return
 	}
 	nameVersion := allParts[1] + "-" + allParts[2]
+	versionDir := allParts[2]
+	if node != nil && node.Classifier != nil && *node.Classifier != "" {
+		versionDir = strings.TrimSuffix(versionDir, "-"+*node.Classifier)
+	}
 	packagePath := strings.Join(strings.Split(allParts[0], "."), "/") + "/" +
-		allParts[1] + "/" + allParts[2] + "/" + nameVersion
-	if types != nil {
-		for _, fileType := range *types {
+		allParts[1] + "/" + versionDir + "/" + nameVersion
+	if node.Types != nil {
+		for _, fileType := range *node.Types {
 			// curation service supports maven only for jar and war file types.
 			if fileType == "jar" || fileType == "war" {
 				downloadUrls = append(downloadUrls, strings.TrimSuffix(artiUrl, "/")+"/"+repo+"/"+packagePath+"."+fileType)
diff --git a/go.mod b/go.mod
index b8af635c..07dc412b 100644
--- a/go.mod
+++ b/go.mod
@@ -8,13 +8,13 @@ require (
 	github.com/jfrog/gofrog v1.7.1
 	github.com/jfrog/jfrog-apps-config v1.0.1
 	github.com/jfrog/jfrog-cli-core/v2 v2.51.0
-	github.com/jfrog/jfrog-client-go v1.40.1
+	github.com/jfrog/jfrog-client-go v1.40.2
 	github.com/magiconair/properties v1.8.7
 	github.com/owenrumney/go-sarif/v2 v2.3.0
 	github.com/stretchr/testify v1.9.0
-	golang.org/x/exp v0.0.0-20240325151524-a685a6edb6d8
-	golang.org/x/sync v0.6.0
-	golang.org/x/text v0.14.0
+	golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842
+	golang.org/x/sync v0.7.0
+	golang.org/x/text v0.15.0
 	gopkg.in/yaml.v3 v3.0.1
 )
 
@@ -31,7 +31,7 @@ require (
 	github.com/c-bata/go-prompt v0.2.5 // indirect
 	github.com/chzyer/readline v1.5.1 // indirect
 	github.com/cloudflare/circl v1.3.7 // indirect
-	github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
+	github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect
 	github.com/cyphar/filepath-securejoin v0.2.4 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/dsnet/compress v0.0.2-0.20210315054119-f66993602bf5 // indirect
@@ -40,7 +40,7 @@ require (
 	github.com/fsnotify/fsnotify v1.7.0 // indirect
 	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
 	github.com/go-git/go-billy/v5 v5.5.0 // indirect
-	github.com/go-git/go-git/v5 v5.11.0 // indirect
+	github.com/go-git/go-git/v5 v5.12.0 // indirect
 	github.com/gocarina/gocsv v0.0.0-20231116093920-b87c2d0e983a // indirect
 	github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
@@ -48,7 +48,7 @@ require (
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
-	github.com/jedib0t/go-pretty/v6 v6.5.6 // indirect
+	github.com/jedib0t/go-pretty/v6 v6.5.9 // indirect
 	github.com/jfrog/archiver/v3 v3.6.0 // indirect
 	github.com/kevinburke/ssh_config v1.2.0 // indirect
 	github.com/klauspost/compress v1.17.4 // indirect
@@ -72,8 +72,8 @@ require (
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/sagikazarmark/locafero v0.4.0 // indirect
 	github.com/sagikazarmark/slog-shim v0.1.0 // indirect
-	github.com/sergi/go-diff v1.1.0 // indirect
-	github.com/skeema/knownhosts v1.2.1 // indirect
+	github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect
+	github.com/skeema/knownhosts v1.2.2 // indirect
 	github.com/sourcegraph/conc v0.3.0 // indirect
 	github.com/spf13/afero v1.11.0 // indirect
 	github.com/spf13/cast v1.6.0 // indirect
@@ -81,25 +81,25 @@ require (
 	github.com/spf13/viper v1.18.2 // indirect
 	github.com/subosito/gotenv v1.6.0 // indirect
 	github.com/ulikunitz/xz v0.5.11 // indirect
-	github.com/urfave/cli v1.22.14 // indirect
+	github.com/urfave/cli v1.22.15 // indirect
 	github.com/vbauerster/mpb/v7 v7.5.3 // indirect
 	github.com/xanzy/ssh-agent v0.3.3 // indirect
 	github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 // indirect
 	github.com/xo/terminfo v0.0.0-20210125001918-ca9a967f8778 // indirect
 	go.uber.org/atomic v1.9.0 // indirect
 	go.uber.org/multierr v1.9.0 // indirect
-	golang.org/x/crypto v0.21.0 // indirect
-	golang.org/x/mod v0.16.0 // indirect
-	golang.org/x/net v0.22.0 // indirect
-	golang.org/x/sys v0.18.0 // indirect
-	golang.org/x/term v0.18.0 // indirect
-	golang.org/x/tools v0.19.0 // indirect
+	golang.org/x/crypto v0.23.0 // indirect
+	golang.org/x/mod v0.17.0 // indirect
+	golang.org/x/net v0.25.0 // indirect
+	golang.org/x/sys v0.20.0 // indirect
+	golang.org/x/term v0.20.0 // indirect
+	golang.org/x/tools v0.21.0 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 )
 
-// replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 dev
+replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20240522073234-a62576f8d17f
 
-// replace github.com/jfrog/jfrog-client-go => github.com/jfrog/jfrog-client-go dev
+replace github.com/jfrog/jfrog-client-go => github.com/jfrog/jfrog-client-go v1.28.1-0.20240509124610-4b9c587c0377
 
 // replace github.com/jfrog/build-info-go => github.com/jfrog/build-info-go dev
diff --git a/go.sum b/go.sum
index 7edec7cd..88fd2692 100644
--- a/go.sum
+++ b/go.sum
@@ -39,8 +39,8 @@ github.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38
 github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA=
 github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU=
 github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA=
-github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w=
-github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+github.com/cpuguy83/go-md2man/v2 v2.0.4 h1:wfIWP927BUkWJb2NmU/kNDYIBTh/ziUX91+lVfRxZq4=
+github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg=
 github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -60,16 +60,16 @@ github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHk
 github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=
 github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
 github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
-github.com/gliderlabs/ssh v0.3.5 h1:OcaySEmAQJgyYcArR+gGGTHCyE7nvhEMTlYY+Dp8CpY=
-github.com/gliderlabs/ssh v0.3.5/go.mod h1:8XB4KraRrX39qHhT6yxPsHedjA08I/uBVwj4xC+/+z4=
+github.com/gliderlabs/ssh v0.3.7 h1:iV3Bqi942d9huXnzEF2Mt+CY9gLu8DNM4Obd+8bODRE=
+github.com/gliderlabs/ssh v0.3.7/go.mod h1:zpHEXBstFnQYtGnB8k8kQLol82umzn/2/snG7alWVD8=
 github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI=
 github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic=
 github.com/go-git/go-billy/v5 v5.5.0 h1:yEY4yhzCDuMGSv83oGxiBotRzhwhNr8VZyphhiu+mTU=
 github.com/go-git/go-billy/v5 v5.5.0/go.mod h1:hmexnoNsr2SJU1Ju67OaNz5ASJY3+sHgFRpCtpDCKow=
 github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMje31YglSBqCdIqdhKBW8lokaMrL3uTkpGYlE2OOT4=
 github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399/go.mod h1:1OCfN199q1Jm3HZlxleg+Dw/mwps2Wbk9frAWm+4FII=
-github.com/go-git/go-git/v5 v5.11.0 h1:XIZc1p+8YzypNr34itUfSvYJcv+eYdTnTvOZ2vD3cA4=
-github.com/go-git/go-git/v5 v5.11.0/go.mod h1:6GFcX2P3NM7FPBfpePbpLd21XxsgdAt+lKqXmCUiUCY=
+github.com/go-git/go-git/v5 v5.12.0 h1:7Md+ndsjrzZxbddRDZjF14qK+NN56sy6wkqaVrjZtys=
+github.com/go-git/go-git/v5 v5.12.0/go.mod h1:FTM9VKtnI2m65hNI/TenDDDnUf2Q9FHnXYjuz9i5OEY=
 github.com/gocarina/gocsv v0.0.0-20231116093920-b87c2d0e983a h1:RYfmiM0zluBJOiPDJseKLEN4BapJ42uSi9SZBQ2YyiA=
 github.com/gocarina/gocsv v0.0.0-20231116093920-b87c2d0e983a/go.mod h1:5YoVOkjYAQumqlV356Hj3xeYh4BdZuLE0/nRkf2NKkI=
 github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg=
@@ -92,8 +92,8 @@ github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A=
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo=
-github.com/jedib0t/go-pretty/v6 v6.5.6 h1:nKXVLqPfAwY7sWcYXdNZZZ2fjqDpAtj9UeWupgfUxSg=
-github.com/jedib0t/go-pretty/v6 v6.5.6/go.mod h1:5LQIxa52oJ/DlDSLv0HEkWOFMDGoWkJb9ss5KqPpJBg=
+github.com/jedib0t/go-pretty/v6 v6.5.9 h1:ACteMBRrrmm1gMsXe9PSTOClQ63IXDUt03H5U+UV8OU=
+github.com/jedib0t/go-pretty/v6 v6.5.9/go.mod h1:zbn98qrYlh95FIhwwsbIip0LYpwSG8SUOScs+v9/t0E=
 github.com/jfrog/archiver/v3 v3.6.0 h1:OVZ50vudkIQmKMgA8mmFF9S0gA47lcag22N13iV3F1w=
 github.com/jfrog/archiver/v3 v3.6.0/go.mod h1:fCAof46C3rAXgZurS8kNRNdSVMKBbZs+bNNhPYxLldI=
 github.com/jfrog/build-info-go v1.9.26 h1:1Ddc6+Ecvhc+UMnKhRVG1jGM6fYNwA49207azTBGBc8=
@@ -102,10 +102,10 @@ github.com/jfrog/gofrog v1.7.1 h1:ME1Meg4hukAT/7X6HUQCVSe4DNjMZACCP8aCY37EW/w=
 github.com/jfrog/gofrog v1.7.1/go.mod h1:X7bjfWoQDN0Z4FQGbE91j3gbPP7Urwzm4Z8tkvrlbRI=
 github.com/jfrog/jfrog-apps-config v1.0.1 h1:mtv6k7g8A8BVhlHGlSveapqf4mJfonwvXYLipdsOFMY=
 github.com/jfrog/jfrog-apps-config v1.0.1/go.mod h1:8AIIr1oY9JuH5dylz2S6f8Ym2MaadPLR6noCBO4C22w=
-github.com/jfrog/jfrog-cli-core/v2 v2.51.0 h1:nESbCpSTPZx1av0W9tdmWLxKaPSL1SaZinbZGtYNeFI=
-github.com/jfrog/jfrog-cli-core/v2 v2.51.0/go.mod h1:064wSSHVI3ZIVi/a94yJqzs+ACM+9JK/u9tQ1sfTK6A=
-github.com/jfrog/jfrog-client-go v1.40.1 h1:ISSSV7/IUS8R+QCPfH2lVKLburbv2Xn07fvNyDc17rI=
-github.com/jfrog/jfrog-client-go v1.40.1/go.mod h1:FprEW0Sqhj6ZSFTFk9NCni+ovFAYMA3zCBmNX4hGXgQ=
+github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20240522073234-a62576f8d17f h1:fBuzVIQnShcLhDJeNsodveWQFfF6Y4q3kS1wewliYJM=
+github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20240522073234-a62576f8d17f/go.mod h1:hB5R+BgmCbOoz5HZyyqEdv408rL26ej7ZSHfXGpLqmw=
+github.com/jfrog/jfrog-client-go v1.28.1-0.20240509124610-4b9c587c0377 h1:fDneRi89u4hmD0qIf/X+HLT3IavqFeQevRtrZhyJZ5k=
+github.com/jfrog/jfrog-client-go v1.28.1-0.20240509124610-4b9c587c0377/go.mod h1:m3hIn12eFWk5nJH1swPRtFrjXbiiCscOpX+v/vCdmNI=
 github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4=
 github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
 github.com/klauspost/compress v1.4.1/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A=
@@ -181,11 +181,11 @@ github.com/sagikazarmark/locafero v0.4.0 h1:HApY1R9zGo4DBgr7dqsTH/JJxLTTsOt7u6ke
 github.com/sagikazarmark/locafero v0.4.0/go.mod h1:Pe1W6UlPYUk/+wc/6KFhbORCfqzgYEpgQ3O5fPuL3H4=
 github.com/sagikazarmark/slog-shim v0.1.0 h1:diDBnUNK9N/354PgrxMywXnAwEr1QZcOr6gto+ugjYE=
 github.com/sagikazarmark/slog-shim v0.1.0/go.mod h1:SrcSrq8aKtyuqEI1uvTDTK1arOWRIczQRv+GVI1AkeQ=
-github.com/sergi/go-diff v1.1.0 h1:we8PVUC3FE2uYfodKH/nBHMSetSfHDR6scGdBi+erh0=
-github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
+github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 h1:n661drycOFuPLCN3Uc8sB6B/s6Z4t2xvBgU1htSHuq8=
+github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4=
 github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
-github.com/skeema/knownhosts v1.2.1 h1:SHWdIUa82uGZz+F+47k8SY4QhhI291cXCpopT1lK2AQ=
-github.com/skeema/knownhosts v1.2.1/go.mod h1:xYbVRSPxqBZFrdmDyMmsOs+uX1UZC3nTN3ThzgDxUwo=
+github.com/skeema/knownhosts v1.2.2 h1:Iug2P4fLmDw9f41PB6thxUkNUkJzB5i+1/exaj40L3A=
+github.com/skeema/knownhosts v1.2.2/go.mod h1:xYbVRSPxqBZFrdmDyMmsOs+uX1UZC3nTN3ThzgDxUwo=
 github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo=
 github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0=
 github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8=
@@ -199,6 +199,7 @@ github.com/spf13/viper v1.18.2/go.mod h1:EKmWIqdnk5lOcmR72yw6hS+8OPYcwD0jteitLMV
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
@@ -215,8 +216,8 @@ github.com/terminalstatic/go-xsd-validate v0.1.5/go.mod h1:18lsvYFofBflqCrvo1ump
 github.com/ulikunitz/xz v0.5.8/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
 github.com/ulikunitz/xz v0.5.11 h1:kpFauv27b6ynzBNT/Xy+1k+fK4WswhN/6PN5WhFAGw8=
 github.com/ulikunitz/xz v0.5.11/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
-github.com/urfave/cli v1.22.14 h1:ebbhrRiGK2i4naQJr+1Xj92HXZCrK7MsyTS/ob3HnAk=
-github.com/urfave/cli v1.22.14/go.mod h1:X0eDS6pD6Exaclxm99NJ3FiCDRED7vIHpx2mDOHLvkA=
+github.com/urfave/cli v1.22.15 h1:nuqt+pdC/KqswQKhETJjo7pvn/k4xMUxgW6liI7XpnM=
+github.com/urfave/cli v1.22.15/go.mod h1:wSan1hmo5zeyLGBjRJbzRTNk8gwoYa2B9n4q9dmRIc0=
 github.com/vbauerster/mpb/v7 v7.5.3 h1:BkGfmb6nMrrBQDFECR/Q7RkKCw7ylMetCb4079CGs4w=
 github.com/vbauerster/mpb/v7 v7.5.3/go.mod h1:i+h4QY6lmLvBNK2ah1fSreiw3ajskRlBp9AhY/PnuOE=
 github.com/vmihailenco/msgpack/v4 v4.3.12/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+NXzzngzBKDPIqw4=
@@ -244,14 +245,14 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y
 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
-golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA=
-golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
-golang.org/x/exp v0.0.0-20240325151524-a685a6edb6d8 h1:aAcj0Da7eBAtrTp03QXWvm88pSyOt+UgdZw2BFZ+lEw=
-golang.org/x/exp v0.0.0-20240325151524-a685a6edb6d8/go.mod h1:CQ1k9gNrJ50XIzaKCRR2hssIjF07kZFEiieALBM/ARQ=
+golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI=
+golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
+golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 h1:vr/HnozRka3pE4EsMEg1lgkXJkTFJCVUX+S/ZT6wYzM=
+golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842/go.mod h1:XtvwrStGgqGPLc4cjQfWqZHG1YFdYs6swckp8vpsjnc=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
-golang.org/x/mod v0.16.0 h1:QX4fJ0Rr5cPQCF7O9lh9Se4pmwfwskqZfq5moyldzic=
-golang.org/x/mod v0.16.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA=
+golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
@@ -261,14 +262,14 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug
 golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
-golang.org/x/net v0.22.0 h1:9sGLhx7iRIHEiX0oAJ3MRZMUCElJgy7Br1nO+AMN3Tc=
-golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
+golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac=
+golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ=
-golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=
+golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -295,15 +296,15 @@ golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4=
-golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y=
+golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
-golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8=
-golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58=
+golang.org/x/term v0.20.0 h1:VnkxpohqXaOBYJtBmEppKUG6mXpi+4O6purfc2+sMhw=
+golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
@@ -313,14 +314,14 @@ golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
-golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
-golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk=
+golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
-golang.org/x/tools v0.19.0 h1:tfGCXNR1OsFG+sVdLAitlpjAvD/I6dHDKnYrpEZUHkw=
-golang.org/x/tools v0.19.0/go.mod h1:qoJWxmGSIBmAeriMx19ogtrEPrGtDbPK634QFIcLAhc=
+golang.org/x/tools v0.21.0 h1:qc0xYgIbsSDt9EyWz05J5wfa7LOVW0YTLOXrqdLAWIw=
+golang.org/x/tools v0.21.0/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
@@ -334,7 +335,6 @@ gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME=
 gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
diff --git a/tests/testdata/projects/package-managers/maven/maven-example-with-many-types/pom.xml b/tests/testdata/projects/package-managers/maven/maven-example-with-many-types/pom.xml
index 6d2096c9..5fc62ef7 100644
--- a/tests/testdata/projects/package-managers/maven/maven-example-with-many-types/pom.xml
+++ b/tests/testdata/projects/package-managers/maven/maven-example-with-many-types/pom.xml
@@ -42,6 +42,14 @@
             <artifactId>commons-io</artifactId>
             <version>1.2</version>
             <scope>test</scope>
+            <classifier>flavor1</classifier>
+        </dependency>
+        <dependency>
+            <groupId>commons-io</groupId>
+            <artifactId>commons-io</artifactId>
+            <version>1.2</version>
+            <scope>test</scope>
+            <classifier>flavor2</classifier>
         </dependency>
         <dependency>
             <groupId>org.webjars</groupId>
diff --git a/utils/xrayutils.go b/utils/xrayutils.go
new file mode 100644
index 00000000..a43e1e7e
--- /dev/null
+++ b/utils/xrayutils.go
@@ -0,0 +1,59 @@
+package utils
+
+import (
+	xrayUtils "github.com/jfrog/jfrog-client-go/xray/services/utils"
+)
+
+const maxUniqueAppearances = 10
+
+type DepTreeNode struct {
+	Classifier *string   `json:"classifier"`
+	Types      *[]string `json:"types"`
+	Children   []string  `json:"children"`
+}
+
+func toNodeTypesMap(depMap map[string]DepTreeNode) map[string]*DepTreeNode {
+	mapOfTypes := map[string]*DepTreeNode{}
+	for nodId, value := range depMap {
+		mapOfTypes[nodId] = nil
+		if value.Types != nil || value.Classifier != nil {
+			mapOfTypes[nodId] = &DepTreeNode{
+				Classifier: value.Classifier,
+				Types:      value.Types,
+			}
+		}
+	}
+	return mapOfTypes
+}
+
+func BuildXrayDependencyTree(treeHelper map[string]DepTreeNode, nodeId string) (*xrayUtils.GraphNode, map[string]*DepTreeNode) {
+	rootNode := &xrayUtils.GraphNode{
+		Id:    nodeId,
+		Nodes: []*xrayUtils.GraphNode{},
+	}
+	dependencyAppearances := map[string]int8{}
+	populateXrayDependencyTree(rootNode, treeHelper, dependencyAppearances)
+	return rootNode, toNodeTypesMap(treeHelper)
+}
+
+func populateXrayDependencyTree(currNode *xrayUtils.GraphNode, treeHelper map[string]DepTreeNode, dependencyAppearances map[string]int8) {
+	dependencyAppearances[currNode.Id]++
+	if _, ok := treeHelper[currNode.Id]; !ok {
+		treeHelper[currNode.Id] = DepTreeNode{}
+	}
+	// Recursively create & append all node's dependencies.
+	for _, childDepId := range treeHelper[currNode.Id].Children {
+		childNode := &xrayUtils.GraphNode{
+			Id:         childDepId,
+			Nodes:      []*xrayUtils.GraphNode{},
+			Parent:     currNode,
+			Types:      treeHelper[childDepId].Types,
+			Classifier: treeHelper[childDepId].Classifier,
+		}
+		if dependencyAppearances[childDepId] >= maxUniqueAppearances || childNode.NodeHasLoop() {
+			continue
+		}
+		currNode.Nodes = append(currNode.Nodes, childNode)
+		populateXrayDependencyTree(childNode, treeHelper, dependencyAppearances)
+	}
+}