DmitriyLewen

## Description We need to init logger before flags parsing to avoid wrong log messages format. before: ```bash ➜ trivy -d image alpine -c config.yaml --vuln-type os 2024/08/22 14:09:16 WARN...

## Description Check all `importers` to detect dev deps from pnpm-lock.yaml file. More details in #7386 before: ```bash ➜ trivy -q fs ./pnpm-lock.yaml --list-all-pkgs -f json --include-dev-deps ... { "ID":...

### Discussed in https://github.com/aquasecurity/trivy/discussions/7381 Originally posted by **SemProvoost** August 25, 2024 ### Description Bug Summary: Trivy is incorrectly identifying subdirectory packages, which is listed as a dependency in the package.json...

## Description Use `--file-patterns` flag for all post analyzers. ## Related issues - Close #6962 ## Checklist - [x] I've read the [guidelines for contributing](https://aquasecurity.github.io/trivy/latest/community/contribute/pr/) to this repository. - [x]...

## Description See #7276 CI/CD test - https://github.com/aquasecurity/trivy/actions/runs/10214386342/job/28261673506?pr=7299#step:5:1044 ## Related issues - Close #7276 ## Checklist - [x] I've read the [guidelines for contributing](https://aquasecurity.github.io/trivy/latest/community/contribute/pr/) to this repository. - [x] I've...

fix(sbom): detect OS from `purl` if OS component not found

11

## Description There are cases when SBOM file doesn't contain `OS component`. To avoid missing OS packages -we can try to get OS from `purl`. More details - https://github.com/aquasecurity/trivy/discussions/7073#discussioncomment-9932362 ##...

feat: add an option to skip the files greater than a particular size

6

## Description Add `--max-file-size` flag to skip files greater than a particular size. See https://github.com/aquasecurity/trivy/discussions/7151 for more context requirements: 1. Update analyzers logic: 1.1. Add `Description() string` function into [analyzer](https://github.com/aquasecurity/trivy/blob/92695630c04398a5e8b763a7da14160de9e41a5d/pkg/fanal/analyzer/analyzer.go#L71-L76)...

feat(go): use `toolchain` as `stdlib` version for `go.mod` files

7

## Description Use `toolchain` as `stdlib` version. ```bash ➜ cat ./go.mod module github.com/aquasecurity/trivy go 1.22.0 toolchain go1.22.4 ➜ trivy -q fs ./go.mod go.mod (gomod) Total: 1 (UNKNOWN: 0, LOW: 0,...

## Description Incorrect log format for flag messages: ``` 2024/07/09 10:08:31 WARN '--vuln-type' is deprecated. Use '--pkg-types' instead. 2024-07-09T10:08:31+04:00 INFO Vulnerability scanning is enabled ``` We need to init logger...

fix(sbom): detect OS from `purl` if OS component not found

3

## Description Detect OS from `purl` if OS component not found. See #7073 for more details. ### Discussed in https://github.com/aquasecurity/trivy/discussions/7073