DmitriyLewen

Hello @ravisastryk Sorry for my failure (I didn't hit the "send comment" button)...

Perhaps i am missing something, so fill free to correct me. I think we can: 1. Add new [type](https://github.com/aquasecurity/trivy/blob/c2dde33c3f19d499258a7089d7658a9f90722acf/pkg/fanal/types/const.go#L146) for Dockerfile built from history (It looks like we just use...

This is the logic for post-processing the obtained result. Just like we remove system files received from OS packages, that handler works on the layer level and doesn’t fit this...

FYI - fix for this problem has been merged - https://github.com/aquasecurity/trivy/pull/6675

> i thought it's a long text, but actually it's a few first rows of several licenses: What if we add one more check for `copyright` files: if number of...

> but maybe if we also will check string length... Yeah. That's what I thought if there's only one field - we check the length and number of lines. >...

> to keep existing BOM-refs we should look for this one (if report.BOM != nil) by name and save it. it matters for non-root and non-child components. I think we...

Hello @eshafaq1 > is Trivy unable to scan the packages in the image therefore being unable to report accurate vulnerability info for Wolfi images? Trivy detects the following packages from...

Hello @tuananh Unfortunately, we are currently busy with more priority tasks. Please be patient. As soon as we have time, we will return to this PR Regarrds, Dmitriy

Hello @dalejrodriguez We don't have time to this task at the moment. Release plans can be found here - https://github.com/aquasecurity/trivy/milestones