DmitriyLewen

## Description When the --distro flag is used, we update metadata.OS, but the PURLs for OS packages remain unchanged. This leads to two problems: 1. OS initially not detected If...

## Summary When scanning Maven projects, Trivy’s Java POM parser persists remote repositories discovered while parsing one dependency and then reuses them for other, sibling dependencies. As a result, the...

feat(sbom): add `BOMID` field to match packages and decoded BOM components

1

## Description This PR fixes an issue with matching vulnerabilities to packages and components when working with SBOM (Software Bill of Materials) files. The main problem was that vulnerabilities weren't...

bug(os): Trivy detects CentOS Stream as CentOS

4

## Description Trivy checks CentOS version from two files: - etc/centos-release file - etc/os-release Trivy doesn't detect OS from `centos-release` file. But CentOS Stream uses `CentOS` ID in `os-release` file:...