DmitriyLewen
DmitriyLewen
Hello @lior-orca We need to wait for @knqyf263's decision. @knqyf263 Can you take a look at these changes?
Hello @lior-orca We decided to add a new structure for licenses - https://github.com/aquasecurity/go-dep-parser/pull/256#discussion_r1329663767. So I'm working on that now.
Hello @nejch Thanks for your work! I investigated this case. There is problem with integration this into Trivy. This parser doesn't match existing categories (i mean languages, os package, etc...)....
I can suggest you(if you have time for this) to create draft PR in Trivy (use these changes in PR) with tests. Then we can look at this logic, test...
Hello @noqcks Thanks for your work! I will check your PR and write to you.
@nikpivkin These changes break `image` scanning: ``` ➜ cat Dockerfile FROM ubuntu COPY log4j-core-2.16.0.jar /sys/log4j-core-2.16.0.jar COPY log4j-core-2.16.0.jar /dev/log4j-core-2.16.0.jar ➜ ./trivy image 6657 -f json --list-all-pkgs | jq '.Results[].Packages[] | select(.Name=="org.apache.logging.log4j:log4j-core")'...
Hello @kovacs-levent Thanks for your work! I'm working on other priority tasks. I will consider this PR when I have time for it Regards, Dmitriy
@itaysk Thanks for the clarification! @kovacs-levent Sorry to waste your time, I missed that a commercial scanner supports this...
Hello @knrc Looks like it was bug in CI/CD. PR has been merged.
AFter inverstigation i realize that using `/opt/conda/envs/*/conda-meta` dir is unstable. You can use `prefix` field to set directory for `conda-meta` (see https://conda.io/projects/conda/en/latest/user-guide/tasks/manage-environments.html#specifying-a-location-for-an-environment): ```bash (/test) root@b02de14be7f3:/# conda env list # conda...