DmitriyLewen

fix(cyclonedx): fix work when there are same pkgs from different dirs

1

## Description Fixes for cases when same packages are found in different directories: ```bash ➜ tree dir dir ├── dir1 │   └── jackson-databind-2.13.4.jar └── dir2 └── jackson-databind-2.13.4.jar ``` 1) return...

## Description - [x] parse pom files from Gradle cache dir to get licenses - [x] parse pom files from Gradle cache dir to get child dependencies - [ ]...

feat(license): add struct with types for licenses

8

## Description Add new `License` struct to exclude prefixes for licenses. TODO: - add filePath for licenses (https://github.com/aquasecurity/trivy/discussions/6117#discussioncomment-8463597) ## Related issues - Close #5204 ## Related PRs - [ ]...

feat: add support of OCI tarballs

1

## Description Buildx supports creating OCI images - https://docs.docker.com/build/exporters/oci-docker/ By default, images are compressed into `tar` archives. We need to unzip archive before reading `index.json` file. Before: ```bash ➜ docker...

don't split licenses from `License` field from python packaging

10

### Discussed in https://github.com/aquasecurity/trivy/discussions/5155 `License` field in `.dist-info/METADATA` files contains textual information about license/exceptions/specific versions/etc... - https://packaging.python.org/en/latest/specifications/core-metadata/#license We can't split this text correctly. Save this field without division.

## Description The format of `conan.lock` file has changed significantly in Conan 2. Announcement: https://docs.conan.io/2/whatsnew.html#new-lockfiles Lockfiles: https://docs.conan.io/2/tutorial/consuming_packages/intro_to_versioning.html#tutorial-consuming-packages-versioning-lockfiles

refactor: rename `--list-all-pkgs` to `--scanners pkg`

10

## Description See #5183 TODO: - [x] fix tests - [x] update integration tests - [x] update docs ## Related issues - Close #5183 ## Checklist - [x] I've read...

fix(oracle): add architectures support for advisories

6

## Description Add architectures support for Oracle Linux advisories ## Related issues - Close #4663 ## Related PRs - [ ] aquasecurity/trivy-db/pull/331 ## Checklist - [x] I've read the [guidelines...

Inconsistencies on SBOM vulnerabilities scanning

4

### Discussed in https://github.com/aquasecurity/trivy/discussions/5790 Originally posted by **juan131** December 15, 2023 ### Description SBOM scanning with more than one Python applications result on inconsistent reported vulns. > Note: it also...

bug(template): incorrect image name for asff template

1

## Description `asff` template uses incorrect image name for language packages. See example in #6003 Also we don't add image name for misconfigurations and secrets. ### Discussed in https://github.com/aquasecurity/trivy/discussions/6003