DmitriyLewen
DmitriyLewen
bug(cyclonedx): Trivy image scan reports and counts the same CVE for the same package multiple times
I checked `acl-7.5.2.jar`: When you scan in `fs` more - Trivy checks `pom.xml` files But when you scan in `image` (or `rootfs`) mode Trivy checks `jar` files (Trivy checks `pom.properties`,...
bug(cyclonedx): Trivy image scan reports and counts the same CVE for the same package multiple times
this problem is related with Applications aggregation. there is #4249 about table format.
bug(cyclonedx): Trivy image scan reports and counts the same CVE for the same package multiple times
Hello @topiga Can you check this issue with latest Trivy? I think #6240 should fix this problem. e.g.: ```bash Last login: Fri Apr 26 07:35:23 on ttys001 ➜ tree ./dir...
> "trivy config-file": More explicitly indicates the scanning of configuration files, but the naming might be slightly verbose. I'm not sure about this. We have the --config-policy flag. The user...
When i started working on this PR - I wasn't sure we needed these changes. Previously I used `--list-all-pkgs` flag. I got used to it, it was convenient for me...
> I like it. Let's go with that idea. Thanks! Okay, i will change `sbom` to `packages` and write to you.
~~`--scanners pkgs` would be correct.~~ ( we use `license`, `secret`, so we need to use `pkg`) But I like. It's shorter than `packages`, but intuitive.
@knqyf263 I renamed scanner. Take a look, when you have time, please
Hi all! Created #6356 for this task.
@knqyf263 created https://github.com/aquasecurity/vuln-list-update/issues/288 for this task.