DmitriyLewen

Usually we mark a field as deprecated and only after a few releases (e.g. we remove the AWS command after 1 year) we remove the field. But in this case...

You can take a look [config file](https://github.com/user-attachments/files/20101689/trivy-syftcompatible.txt) of the user from #8847 He uses full license name and license texts: ``` license: forbidden: - AGPL-1.0-only - AGPL-1.0-or-later - AGPL-3.0-only -...

We use license name only (for single expressions). I guess to avoid inserting same license with different suffixes in `mapping`. https://github.com/aquasecurity/trivy/blob/2d30dd72414be1ef94bc9d92cb655e9b5e72e91d/pkg/licensing/scanner.go#L28-L38 So in this case mapping contains `AGPL-1.0-only` (from config...

Sounds great and justified. This functionality has been coming for a long time. Another point that needs to be worked out (I think it will be enough to write about...

> Can we simply use --enable-analyzer and --disable-analyzer and use the union of these two sets to determine what scanners we need to enable? what if we add groups for...

> Does this mean that --scanners will be deprecated? Or does it simply mean that using --enable-analyzer and --scanners together will result in an error? I also think that we...

> I think this may introduce an element of surprise for users as they've only specified --scanners=vuln but the misconfig scanner was also turned on because of passing in --enable-analyzer=terraform....

Hello @dheerajkadri But BlobInfo already contains installed files in `Package`: `BlobInfo`->`PackageInfos` ->`Package` ->`InstalledFiles` Is this not enough?

maybe I don't understand you correctly. let's figure it out: you need information about `installed files` from one layer, right? `BlobInfo` contains information about one layer. It contains information about...

Yes, we've already seen that. I'll do that a little later.