afdesk

## Description **Notes** this way doesn't detect secrets inside `.odt` (LibreOffice format) and `.pdf`. Demo file: ```python secret1 = "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" print(secret1) ``` ```sh $ python3 -m compileall . ``` Before:...

Extra "db" string in the trivy cache path.

6

## Description Trivy creates new cache folders without read permissions, so any users can't access these data. https://github.com/aquasecurity/trivy/blob/dd9733e950d3127aa2ac90c45ec7e2b88a2b47ca/pkg/cache/fs.go#L24 We can modify this mode for some user. ### Discussed in https://github.com/aquasecurity/trivy/discussions/7380

fix: allow reading from cache folders for any users

1

## Description A new cache folder is created without read access for another users. This PR grants read permissions. Reproduction Steps: ```sh $ trivy server -d --cache-dir ~/Library/Caches/trivy/subpath ``` Before:...

docs(k8s): a note about k8s credentials

2

## Description This PR adds a block with permissions that `Trivy k8s` needs for scans: ## Checklist - [ ] I've read the [guidelines for contributing](https://aquasecurity.github.io/trivy/latest/community/contribute/pr/) to this repository. -...

fix(license): stop spliting a long license text

20

## Description When we looks for licenses Trivy tries to split information about license through a regex. but for some cases `License` field contains a long descriptive text. This PR...

fix(sbom): export bom-ref when converting a package to a component

4

## Description Reproduction Steps ```sh $ wget https://pastebin.com/raw/iD0PiatU $ trivy sbom --format cyclonedx --scanners vuln iD0PiatU ``` Before: ```json "affects": [ { "ref": "ca36a16f-8acd-4d6a-b9d9-6e9e265bc0d8", "versions": [ { "version": "227", "status":...

test(k8s): improve testing for k8s scanner

6

## Description ## Related issues - Close #7768 ## Checklist - [x] I've read the [guidelines for contributing](https://aquasecurity.github.io/trivy/latest/community/contribute/pr/) to this repository. - [x] I've followed the [conventions](https://aquasecurity.github.io/trivy/latest/community/contribute/pr/#title) in the PR...

refactor(k8s): scan config files as a folder

7

## Description Trivy kubernetes scan tries to process the k8s configs in parallel. but this leads to large overhead, due to initialize the scanner for each file separately (it needs...

ci(helm): auto public Helm chart after PR merged

8

## Description Trivy publishes a new Helm Chart only for major versions (ex 0.55.0). This PR suggests next workflow: * if there are any changes in helm folder ('helm/trivy/**'), the...

## Description *SOMETIMES* a k8s scan fails with a panic. It happens when Trivy executes PostAnalyze yet, but the temporary file is already removed. I managed to enable logs and...