DmitriyLewen
DmitriyLewen
## Description Use first version of constraint for dependencies using SDK version. e.g. in this case the version of `flutter_test` should be `3.3.0`: ```yaml flutter_test: dependency: "direct dev" description: flutter...
## Description We added `--show-suppressed` flag to show suppressed vulns. But when all vulnerabilities for language package was filtered out - we still show empty table. before: ```bash ➜ trivy...
## Description `--vuln-type` flag was added in v0.0.1 even before SBOM. It makes sense to add support for packages. ### Discussed in https://github.com/aquasecurity/trivy/discussions/6225
## Description Trivy detects different versions of Gobinary modules during multiple scans. This happens when gobinari uses 2 ldflags with the suffix versions. e.g.: ``` build -ldflags="-X github.com/argoproj/argo-cd/v2/common.version=2.11.0 -X github.com/argoproj/argo-cd/v2/common.kubectlVersion=v0.26.11...
## Description We use [severity](https://github.com/aquasecurity/trivy-db/blob/b8fe1376ffcdc69fe454f0a8a481ab485e47aea5/pkg/types/types.go#L175) field if [vendor severity](https://github.com/aquasecurity/trivy-db/blob/b8fe1376ffcdc69fe454f0a8a481ab485e47aea5/pkg/types/types.go#L177) doesn't contain `nvd`, `ghsa` (for `GHSA-xxxx-xxx` vulns) or `source` severity: https://github.com/aquasecurity/trivy/blob/696f2ae0ecdd4f90303f41249924a09ace70dd78/pkg/vulnerability/vulnerability.go#L112-L134 But we [fill severity field](https://github.com/aquasecurity/trivy/blob/696f2ae0ecdd4f90303f41249924a09ace70dd78/pkg/vulnerability/vulnerability.go#L112-L134) with the first severity found...
## Description `dpkg` contains all installed packages in `var/lib/dpkg/status` file. But installed files for each package are stored in`var/lib/dpkg/info/.list` files. Therefore, when we work with packages at different levels, we...
## Description We already use full path for nested jar files - https://github.com/aquasecurity/trivy/pull/3992. It looks like adding a support dependency tree shouldn't be a problem. ## Related Discussions: - https://github.com/aquasecurity/trivy/discussions/5469
### Discussed in https://github.com/aquasecurity/trivy/discussions/5565 ## Descrtiption Dependencies under `dependenciesMeta` field use same pattern as package. e.g.: ```yaml # This file is generated by running "yarn install" inside your project. #...
## Description See https://github.com/aquasecurity/trivy/issues/6714#issuecomment-2116927641 Example:  ## Related issues - Close #6714 ## Checklist - [x] I've read the [guidelines for contributing](https://aquasecurity.github.io/trivy/latest/community/contribute/pr/) to this repository. - [x] I've followed the...
## Description `Dependabot` PRs [grouping](https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/customizing-dependency-updates#grouping-dependabot-updates-into-one-pull-request): - GH actions - Docker files - `github.com/docker/*` from `go.mod`. - `github.com/aws/*` from `go.mod`. - `github.com/testcontainers-go/*` from `go.mod`. - others Example:  ## Checklist -...