Teppei Fukuda
Teppei Fukuda
imports: use the sibling files preferentially even when the package name mismatch the directory name
If the package name and the last element of import path are different, sibling will not be hit. https://github.com/golang/tools/blob/master/imports/fix.go#L315 The following sibling file has the last component of import path...
fanal supported `-` to take an image content from stdin before, but the feature was dropped when moving to `containers/image`. But some users want this feature, so this PR makes...
## Description Parse pnpm-lock.yaml so as to extract package names/versions. Specification: https://github.com/pnpm/spec/blob/master/lockfile/5.md Example: https://github.com/pnpm/pnpm/blob/main/pnpm-lock.yaml ## Issue https://github.com/aquasecurity/trivy/issues/1200
See the following issues/PRs for the details. - https://github.com/aquasecurity/trivy-db/issues/379 - https://github.com/aquasecurity/vuln-list-update/pull/271 - https://github.com/aquasecurity/trivy-db/pull/382
## Motivation Trivy recently added support for output plugins ([#4863](https://github.com/aquasecurity/trivy/pull/4863)). To further promote plugin adoption, I propose creating a plugin index. ## Plugin Index Inspired by [Krew](https://krew.sigs.k8s.io/), the proposed plugin...
## Description This PR unifies package addition and vulnerability scanning into a single method to make it easier for projects importing Trivy to customise vulnerability scanning's behaviour. ## Checklist -...
## Description Currently, we have the `--scanners` flag, which supports the following options: vuln, misconf, secret, and license. To align with this structure, I'm considering renaming the `--list-all-pkgs` flag to`...