DmitriyLewen
DmitriyLewen
Hello @hlein Thanks for your report! I was able to reproduce your issue and we are working on it. Regards, Dmitriy
I think 3 hooks is overkill. I think only the `fs` subcommand will be used. It is also always necessary to use `--exit-code 1`. We can only use one flag...
@knqyf263 PR looks good. But what do you think about using 2 hooks?
@mxab I checked this config: ``` yaml repos: - repo: https://github.com/mxab/trivy rev: eb31ef229cbd1ed76b7e2becc6bec0614240e389 hooks: - id: trivyfsall args: - --severity=HIGH ``` I don't know how it works, but it works...
ok, let's remove `trivyfsall`. Also, when you will correct docs, you can check docs with `make mkdocs-serve`? If I'm not mistaken, one more empty line is needed [here](https://github.com/aquasecurity/trivy/pull/2490/commits/eb31ef229cbd1ed76b7e2becc6bec0614240e389#diff-6828264893dbf2a68733af90bf5996b5b8afec681e5d6f216edca2ec9c8d1fa5R258-R259).
@mxab , yes, please
Hello @mxab . > is there anything else you require? No, thanks. We need to get approval from @knqyf263. @knqyf263 I approved this PR. Could you take a look when...
Hello @kamil1027 Thank for your report! If i understand correctly `nmp audit fix` doesn't fix dependencies in `yarn.lock` files(https://stackoverflow.com/questions/51732435/is-there-a-yarn-alternative-for-npm-audit). Your report contains vulnerabilities from `yarn.lock` file. Path to file you...
I think you can try to convert `package-lock.json` file into `yarn.lock`: https://stackoverflow.com/a/60878037. This may solve your problem.
Hello @candrews Thanks for your report! Trivy started supporting `Gradle` with version 0.32.0. But in v0.32.0 there is a problem with the Gradle package name separator. I created a [PR](https://github.com/aquasecurity/trivy/pull/2906)...