DmitriyLewen
DmitriyLewen
Hello @htcosta I have 2 questions: - Can you send `os-release` file for `Leap Micro`? - Do you have information how we can compare `Leap` and `Leap MIcro` version (to...
You also need to update [integration](https://github.com/aquasecurity/trivy/actions/runs/11332735389/job/31535485265) and [k8s](https://github.com/aquasecurity/trivy/actions/runs/11332735389/job/31535485582) tests. ` mage test:updateGolden` command should help
@Rutam21 don't worry i updated golden files @knqyf263 when I updated the gold files - I thought - do we need to update the docs/other tests? e.g. : - https://aquasecurity.github.io/trivy/v0.56/docs/supply-chain/vex/file/#applying-vex-to-dependency-trees...
@knqyf263 I updated testcases and docs. I didn't update [rekor tests](https://github.com/aquasecurity/trivy/blob/db68d106ce9aa7368ae453592ed54c153b29a579/pkg/rekortest/server.go#L219-L231) (it requires regenerating the digest, so I think we can skip the changes since it's not worth the time)...
@knqyf263 We don't add `v` prefix for `stdlib` of `gobinaries`. I added it in - https://github.com/aquasecurity/trivy/pull/7733/commits/5b5b7f884c3e0d6ebb90a997d4a8b8e90c6f6cff Take a look, please. I also created #7822 for `k8s scanner`
Rebased this PR. Tests now pass.
Hi @d3vv3, Thanks for your work! I checked the image. It contains three identical packages that differ only by the SPDXID suffix. This looks like a bug. ```json ➜ cat...
> I think the previous commit is still important to ensure the output schema is valid. In this case, we must not prioritize a “valid-looking” SBOM over correct package detection....