Itay Shakury
Itay Shakury
The table I referenced is linked from the trivy documentation under "Out of Scope Features". The table includes a section titled "Compiled binaries" which puts "identifies popular applications by huristics"...
Hello, this repo wasn't actively developed for a while due to capacity and prioritization considerations. but we are planning to resume investing in this (as well as other trivy extensions)...
If I understand correctly this is a warning, and not disrupting pipeline runs. Then we will address in time when we resume maintenance of this repo, around next month.
@simar7 what is the action item here?
I'm also wondering about this. we have `--db-repository` and `--java-db-repository` flags, why in the air-gapped doc we are telling people to surgically replace the db in the cache and not...
yes that's what I meant. I guess we created those flags for this use case, but in the doc that was supposed to highlight them it's missing.
Hello from team Trivy :) Trivy detects Go standard library as a dependency and will report vulnerabilities in it. As @jeremyrickard mentioned, Trivy (or any other SCA scanner) doesn’t do...
> I don't know that we want to be investing more time in supporting scanners, as-is they consume a lot of our time for questionable benefit to the project. Fair...
> I think we also need to create a new page for privacy. @itaysk should know some examples from other OSS projects. yes I already have a draft for a...
I may have some more comment after writing the doc, so don't merge it yet please