DmitriyLewen

Hello @JwishPark Thanks for your report! Trivy gets licenses from dpkg copyright files. It your case: ``` ➜ ~ docker run -it --rm ubuntu:22.04 root@9937f970e058:/# cat /usr/share/doc/libzstd1/copyright | grep License:...

Trivy requires 3 fields: `groupID`, `artifactID` and `version`. We define these fields from MANIFEST.MF here: https://github.com/aquasecurity/go-dep-parser/blob/9cd0336b884cbc6ac93493f1751a7c2d85ae7d13/pkg/java/jar/parse.go#L399-L446 > I can see the following in META-INF/MANIFEST.MF There is no `groupID` in this...

@abelsromero thanks for info! @knqyf263 of course, i will check this.

I downloaded some of most popular java projects from maven repository and checked out MANIFEST.MF files: commons-lang3-3.12.0.jar: ``` Bundle-SymbolicName: org.apache.commons.lang3 Implementation-Vendor: The Apache Software Foundation ``` jackson-databind-2.14.1.jar: ``` Bundle-SymbolicName: com.fasterxml.jackson.core.jackson-databind...

are you sure it's a GroupID? Like for this project GroupID == `org.springframework.boot` `spring.boot.starter` is the artifactID

Hello @carrieyang1212 Thanks for your interest to Trivy! We recommend updating database after every update of Trivy-db(every 6 hours), because you can lose high or critical vulnerabilities. Trivy doesn't have...

Trivy has no rules for the `--skip-db-update` flag. Trivy does not support the `skip-db-update` flag for server mode because we thought people should update the database in server mode. But...

thanks for information! I will check this.

> After the service is restarted, the message "The first run cannot skip download DB" is displayed again. i checked this moment. This error may appear if `metadata.json` file is...

you're getting an OOM error after running a scan in the client, right? What version of Trivy are you using?