DmitriyLewen
DmitriyLewen
@0intro do you have time to update this PR as per notes from https://github.com/aquasecurity/trivy/pull/8653#pullrequestreview-2766898083?
@0intro Great! run `mage lint:fix` please.
LGTM. left a couple comments: > We iterate through the key/value pairs in .product_status, processing only 'fixed' and 'known_affected' statuses: Perhaps we need to check other statuses (I haven't had...
[issues.redhat.com/browse/SECDATA-856](https://issues.redhat.com/browse/SECDATA-856) has been solved. But there are other problem: https://issues.redhat.com/browse/SECDATA-1152 https://issues.redhat.com/browse/SECDATA-1067
@itaysk I'm still not sure about these changes, because these changes also affect KBOM (e.g. dependencies - https://github.com/aquasecurity/trivy/pull/8965#discussion_r2120744890). I started working on it after https://github.com/aquasecurity/trivy/discussions/8863. But we are still discussing...
Hello @OverOrion I have seen cases where examples use real secrets. So we will never be able to avoid all false positives. We already have some allow rules to avoid...
Related PR - https://github.com/aquasecurity/go-dep-parser/pull/258
we don't work on this issue at the moment. If you have time - you can create PR and we will review it.
Hello @ricardo-kh Sorry for the delay, and thank you for your patience. The team is currently occupied with the recent release and partner-related tasks. We’ll review this PR as soon...
I feel that these changes are very radical and could affect a lot of people. What if we split the changes into two parts: First, use AVDID as ID and...