DmitriyLewen issues

Results 134 issues of


                                            DmitriyLewen

refactor: disable vuln analyzers when --security-checks != vuln

## Description Trivy always parses language and lock files, but doesn't result to report if `--security-checks != vuln`. But it wastes time and resources. Added disabling analyzers for these files...

refactor(secret): keep detected secrets removed or overwritten in upper layer

## Description Secrets can be deleted or overwritten in the upper layer. We still have to keep these secrets. Which layer contains the secret file, you can see in the...

test(cli): add test for config file and env combination

## Description add tests that config file and env work properly and have the correct priority. ## Checklist - [x] I've read the [guidelines for contributing](https://aquasecurity.github.io/trivy/latest/community/contribute/pr/) to this repository. -...

feat(ubuntu): added support ubuntu ESM versions

## Description added support [Ubuntu ESM](https://ubuntu.com/security/esm). [fanal PR](https://github.com/aquasecurity/fanal/pull/430) has been close after merge `fanal` into `Trivy`. ## Related issues - Close #1663 ## Related PRs - [x] aquasecurity/trivy-db/pull/200 ## Checklist...

Custom filename for config files

Users may use non-default filenames for `dockerfile` files or other file types(https://github.com/aquasecurity/trivy/issues/2608). But [IsType](https://github.com/aquasecurity/defsec/blob/master/pkg/detection/detect.go#L283) function does not allow you to add file patterns. Previously, Trivy [used](https://github.com/aquasecurity/trivy/tree/f9c17bd2d87b9c02da1eebd21dd45ce1ccf97995/examples/misconf/file-patterns) file-patterns, but this is...

ready

feature

accepted

fix(cli): split env values with ',' for slice flags

## Description `Viper` always [returns a string](https://github.com/spf13/viper/blob/419fd86e49ef061d0d33f4d1d56d5e2a480df5bb/viper.go#L545-L553) for ENVs. And it [uses](https://github.com/spf13/cast/blob/2b0eb0f724e320b655240e331aef36d1175986c2/caste.go#L1275-L1276) `strings.Field` to separate values (by space only). Added separation of env values with ','. ## Related issues -...

feat(fs): merge licenses from package.json from node_modules folder to package-lock.json

## Description `package-lock.json` files do not contain dependency license information. Licensing scan skip `node_modules` folder. And we skip licenses for node projects. Added handler for merging licenses from package.json from...

lifecycle/stale

fix(sbom): fix package name separation for gradle

## Description `Gradle` package name uses the ":" separator like `Maven`. ## Related issues - Close #2886 ## Checklist - [x] I've read the [guidelines for contributing](https://aquasecurity.github.io/trivy/latest/community/contribute/pr/) to this repository....

docs: add java vulnerability page

## Description Add java vulnerability page ## Checklist - [x] I've read the [guidelines for contributing](https://aquasecurity.github.io/trivy/latest/community/contribute/pr/) to this repository. - [x] I've followed the [conventions](https://aquasecurity.github.io/trivy/latest/community/contribute/pr/#title) in the PR title. -...

fix(image): fix problem with open jar files

## Description fixes for following error: `PROTOCOL_ERROR; received from peer` - Increase timeout for getting remote image to fix `unexpected EOF` - Save layers smaller than 50MB to files and...