DmitriyLewen

Workaround: you can use [trivy registry login](https://trivy.dev/latest/docs/references/configuration/cli/trivy_registry_login/)/`docker login` to avoid this error and get VEX file from private registry: ``` ➜ TRIVY_USERNAME=dmitriylewen TRIVY_PASSWORD=xxx trivy -q image dmitriylewen/8916 --vex oci 2025-06-03T15:34:47+06:00...

Some more context and nuances: 1. `R` `CRAN` and `renv` are 3 different entities: - `R` is a language. - `CRAN` is a package repository. `R` uses `CRAN` to install...

hello @mastersans It will be great! assigned issue on you. UPD: required changes: 1. vuln-list-update: no need to add changes in vuln-list-update. [R Advisory Database](https://github.com/RConsortium/r-advisory-database), is GitHub repository, so we...

I'm worried about adding `ecr` as the default registry. I think most users will ignore the authentication recommendation, and some users just don't read the docs. Instead of adding `ecr`...

hello @nvuillam Authentication is necessary to preserve aws limits for unauthenticated users as much as possible. But we don't require it. We just ask users to do it if possible...

@aqua-bot backport release/v0.57

Hello @PT-GD Thanks for your work! > Can anyone familiar with the test framework help write updates to https://github.com/aquasecurity/trivy/blob/main/pkg/fanal/secret/scanner_test.go#L528 and the other tests related to AsymmetricPrivateKey? You can add one...

I am not sure if trivy reports should contain duplicates. That's why i voted for the 1st solution. @knqyf263 wdyt? You added this logic, maybe i missed something.

hmm... you're right. I missed that. I'll take a look and update our logic for creating SPDXID

I updated logic for SPDXIDs (#7837). It removes duplicates: ``` ➜ trivy -q fs ./pom.xml -f spdx-json | grep '"org.example:example-api"' -A 1 "name": "org.example:example-api", "SPDXID": "SPDXRef-Package-a9813b377fc4bc80", -- "name": "org.example:example-api", "SPDXID":...