DmitriyLewen issues

Results 134 issues of


                                            DmitriyLewen

feat(dart): use minimum SDK version for packages that use SDK for package version

## Description Some dart packages use `SDK` version as package versions. But `pubspec.lock` and `pubspec.yaml` files contain version range for `SDK`. More details here - https://github.com/aquasecurity/trivy/discussions/5984#discussioncomment-8229400 ```[tasklist] ### Tasks -...

scan/vulnerability

refactor(template): change `source_location` in `github` template for aggregated packages

## Description We use `target` field for `source_location` in `github` template. But we aggregate some packages: https://github.com/aquasecurity/trivy/blob/fb36c4ed09efc3fc241d02713c4cc864b6c6a2c8/pkg/fanal/applier/docker.go#L263-L291 For these packages target is `Python`, `Java`, etc. This is problem for GitHub...

scan/sbom

feat(php): add installed.json file support

## Description Add `installed.json` file support. Supported modes - `image` and `rootfs`. **Scanning `composer.lock` files is only possible in `fs` and `repo` modes now** Example of work: ``` ➜ ./trivy...

lifecycle/stale

feat(java): add license support for jar files

## Description We can try to add licenses for `jar` files. I have 2 ideas: 1) Some `jar` files contains `LICENSE` file inside. We can try to parse these files....

kind/feature

scan/license

feat: add third party flag for os packages

## Description There are cases when package has been installed from package manager (apk/dpkg/rpm), but that package is not vendor package. Add `third-party-os-pkgs` flag to skip this package and parse...

bug(cyclonedx): Trivy image scan reports and counts the same CVE for the same package multiple times

### Discussed in https://github.com/aquasecurity/trivy/discussions/5788 Originally posted by **LesSyner** December 15, 2023 ### Description Trivy sometimes reports the same CVE for te same package multiple times (in single scan) resulting in...

kind/bug

feat(oci): add support OCI tarballs

## Description `Buildx` supports creating OCI images - https://docs.docker.com/build/exporters/oci-docker/ By default, images are compressed into `tar` archives. So we need to add support for scanning OCI tar images. ### Discussed...

kind/feature

fea(slack): add skip tls verification

## Description Add skip tls verification for Slack. Use `tls-verify` for this. ## Related Issue - #496

feat(dpkg): license parser added

## Description Debian based system hasn't requirement to write license information. But almost every package in Debian contains a copyright file in `/usr/share/doc//copyright`. More information [here](https://github.com/daald/dpkg-licenses). Added parser for copyright...

feat(ubuntu): added support for Ubuntu ESM versions

## Description Ubuntu has [ESM program](https://ubuntu.com/security/esm). ESM status information is stored in the`var/lib/ubuntu-advantage/status.json` file. - added parsing `status.json` file. - added function for merging OS versions. ## Blockers - [x]...