Aksel Allas

@nscuro Perhaps this should be a P1 issue. This kind of makes the Trivy integration unusable. I have hundreds of noisy/non-applicable Critical + High issues. Too many to manually suppress.

@nscuro Thanks for the improvement! But still there are differences in Trivy Client and Dependency Track integration. I tried sbom scan of [ubi9_sbom_with_vulns.cdx.json](https://github.com/user-attachments/files/17080479/ubi9_sbom_with_vulns.cdx.json) using [the correct snapshot image ](https://github.com/DependencyTrack/dependency-track/actions/runs/11299357107/job/31430196728) (`dependencytrack/apiserver@sha256:cf46b02fb8368823f68fa91e41ea7ad7746c738b258888035d7cb0ecd305012c`)...

In this case, Trivy Severity and CVSS are much more useful. I tested by disabling NVD mirroring in the snapshot release, re-imported the BOM and got the correct (3 critical,...

Also, any tips on how to disable snapshot popup on every refresh of the frontend? Frontend code is: ``` if (this.$dtrack && this.$dtrack.version.includes('SNAPSHOT')) { this.$root.$emit('bv::show::modal', 'snapshotModal'); } ``` So I...

Can we copy this functionality from Snyk to Trivy?