AndreyLevchenko

Hi @jlangford9284 I was able to reproduce. Thanks for reporting the issue. Let me create a fix.

@jlangford9284 I did more testing and issue can't be reproduced anymore. I suspect clearing of cache should help in your case as well

Hi Thank you for your interest in Trivy Could you send entire command line? Also can you create json output generated with `--list-all-pkgs` option? Thanks, Andrey

@StevDa86 from response you sent I see it goes from `dd-java-agent.jar` I would examine this jar manually. Probably 1.26 is included as a jar within jar.

Hi I've installed Fedora with both **podman** and **podman-docker**, but I was able to scan your image (`quay.io/matskiv/vcluster:dev`)  probably this: https://forums.docker.com/t/docker-credential-desktop-exe-executable-file-not-found-in-path-using-wsl2/100225 may help

Hi I wasn't able to reproduce the issue. I created simple example that uses `golang.org/x/text` and added `require golang.org/x/text v0.3.7` when I build binary and image then trivy detects vulnerability,...