DmitriyLewen

for `convert` mode - it's not big deal because we ask users to always use `--list-all-pkgs` for the base json file. for client/server mode I still couldn't reproduce the bug...

A year has passed since I created this PR, so I don’t remember all the nuances anymore. It’s possible that I was trying to keep the hash reproducible from one...

closed in favor of #9880

Hello all! `setup-trivy` uses `jaxxstorm/action-install-gh-release`. `jaxxstorm/action-install-gh-release` is not verified in GH marketplace. Some actions do not allow actions to be used without verification. We are already working on `setup-trivy` v0.2.0...

FYI - i created https://github.com/aquasecurity/setup-trivy/pull/5 to use `git` package instead of `jaxxstorm/action-install-gh-release`

Looks like `v0.28.0` fixes this problem. @simar7 i think we can close this issue.

Hi @StounhandJ , Thank you for your work! Could you share more about the use cases for these changes? When scanning an SBOM file and outputting the result as an...

Hello @StounhandJ I’m still not sure that we need to add this functionality to Trivy. Could you create a new discussion (https://github.com/aquasecurity/trivy/discussions)? If users need this in the future, we...

Hello @gabrielss4ntos Thanks for your report! > the github/codeql-action/upload-sarif action consistently fails with the error message: Code Scanning could not process the submitted SARIF file: Can you share "wrong" sarif...

> as references to them won't be processable by GitHub anyway? Can you clarify why? (Unfortunately, I don't know the nuances of how GitHub processes information from Terraform and its...