DmitriyLewen

Hello @arkajnag23 hmm... Trivy checks the local repository first. Do you use the default repository (`~/.m2/repository`)?

> our pipeline creates a temp settings file This may be the reason why Trivy doesn't detect the settings file. Trivy [checks](https://github.com/aquasecurity/trivy/blob/9c3e895fcb0852c00ac03ed21338768f76b5273b/pkg/dependency/parser/java/pom/settings.go#L33-L64) `$HOME/.m2/settings.xml`, `/usr/share/maven/conf/settings.xml` and `$MAVEN_HOME/conf/settings.xml` files. Without information about...

unfortunately at the moment Trivy doesn't have such functionality. Create a new [discussion](https://github.com/aquasecurity/trivy/discussions) about it. If this functionality is in demand among users - we will think about how to...

@malmor Thanks! I'll get to it when I have time.

hello @ricardo-kh That would be great! Assigned it to you.

Hi @ivan-morgun Sorry for the late reply. It was our decision to return an error - https://github.com/aquasecurity/trivy/pull/8177#discussion_r1933701726

Just make sure I got you right: 1. (current logic): we create core.Component for each component from SBOM file (when unmarshalling SBOM file). 2. (new logic): we will store UUID...

I think this is good solution. let's try to implement this - I hope we won't find any hidden problems in this solution

Hi @0intro Thank you for your work. Trivy repository has been growing bigger and bigger lately. So it's getting harder to maintain. So we're trying to add only the functionality...

Thanks for pointing this out, I forgot to write about it in the review: We need to add information to the bottlerocket OS documentation.