DmitriyLewen

Hi @masahiro331 Sorry for the delay. We are focused on another higher priority task. We will try to check it next week.

Hello @josephlim75 > Just reran trivy scan today, seems like the WARN message is no longer showing. I think you don't see warnings because Trivy takes the package list from...

Hello @zesiar0 I assigned this task to you. Thanks for your help! See this discussion for more information about this issue - https://github.com/aquasecurity/trivy/discussions/7151#discussioncomment-10028280 Some info about contributing to Trivy -...

Hello @Percivalll Judging by the lack of questions and reactions, this functionality is not in demand among users. Therefore, we probably will not implement this (at least now the maintainers...

> There is one discussion. Technically, toolchain is not always used for compilation. If the local Go version is newer than the toolchain version, Go uses the local version. Hmm......

> https://github.com/golang/vuln/blob/d9ad5223849a23e412d4a6ac1f61ecfc94cab0d8/internal/scan/run.go#L89-L93 I thought that we don't want to run other apps in Trivy, even if it's `go`. > But I'm still not sure this is a good approach. If...

Yeah. I will update docs.

@knqyf263 i updated docs. Please take a look. You might want to add something.

As i wrote in https://github.com/aquasecurity/trivy/discussions/9006#discussioncomment-13408923 - i think we need to start from encoding logic. ____ I was thinking about this yesterday. It seems that detecting orphan packages when we...

yeah, i wanted that too. But it seems like we can't detect orphan components until we add all relationships in belongsToParent. But if you have any ideas - let's try