DmitriyLewen issues

Results 134 issues of


                                            DmitriyLewen

bug(scan): `--file-patterns` doesn't work for some `post-analyzers`

## Description In most `post-analyzers` we use `required` function in `PostAnalyze`. https://github.com/aquasecurity/trivy/blob/3eecfc6b6e1d6cef1497f7ff0044e676da159243/pkg/fanal/analyzer/language/nodejs/npm/npm.go#L49-L51 But we don't have info about `file-patterns` in `PostAnalyze` function. That is why `--file-patterns` flag may not work....

kind/bug

nuget: different package names fo same packages

## Description Hello all! Thanks for your work! I detected that some `nuget` vulnerabilities use different package names for same packages. e.g. `Microsoft.NETCore.App.Runtime.linux-arm` and `Microsoft.NetCore.App.Runtime.linux-arm` (`NET` and `Net`). Example for...

fix(secret): use only line with secret for long secret lines

## Description For long secret lines use only the line with the secret before: ```bash ───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── j.txt:3 ───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── 1 asd 2 aaaa 3 [ asd aaaa jwt: *********************************************************************************************************************************************************** asda 4...

feat(java): add `test` scope support for `pom.xml` files

## Description Add `test` scope support and mark these dependencies as `Dev`. To show these deps - use `--include-dev-deps` flag. ## Related issues - Close #7384 ## Checklist - [x]...

fix(secret): use `.ey` keyword for JWT secret

## Description use `.ey` keyword for JWT secret ## Related issues - Close #6802 ## Checklist - [x] I've read the [guidelines for contributing](https://aquasecurity.github.io/trivy/latest/community/contribute/pr/) to this repository. - [x] I've...

bug(secret): long secrets with short line prefix/suffix contain characters from other lines

## Description long secrets with short line prefix/suffix (characters before and after secret) contain characters from other strings. We limit long lines, but we need to include characters only from...

kind/bug

scan/secret

feat(java): detect and mark as `Dev` dependencies with `test` scope from `pom.xml` files

## Description Define dependencies with [test scope](https://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html#dependency-scope) and mark them as `Dev` for show using `--include-dev-deps` flag. ### Discussed in https://github.com/aquasecurity/trivy/discussions/7346

kind/feature

scan/vulnerability

target/filesystem

feat(report): add `Supported` field for `json` and `SBOM` formats

## Description See #6971 ## Related Issues - Close #8256 ## Checklist - [x] I've read the [guidelines for contributing](https://aquasecurity.github.io/trivy/latest/community/contribute/pr/) to this repository. - [x] I've followed the [conventions](https://aquasecurity.github.io/trivy/latest/community/contribute/pr/#title) in...

Unknown license and download location information should be NOASSERTION instead of NONE in SPDX

## Description We use `NONE` field for `licenseConcluded` and `licenseDeclared`. But `NOASSERTION` field is more suitable. See more in #7397 ### Discussed in https://github.com/aquasecurity/trivy/discussions/7397

scan/sbom

fix(sbom): use `NOASSERTION` for licenses fields in SPDX formats

## Description See more in #7397 Before: ```bash "licenseConcluded": "NONE", "licenseDeclared": "NONE", ``` After: ```bash "licenseConcluded": "NOASSERTION", "licenseDeclared": "NOASSERTION", ``` ## Related issues - Close #7402 ## Checklist - [x]...