Teppei Fukuda
Teppei Fukuda
## Description We should use `annotations` for scan metadata instead of `attributionTexts`. ``` "annotations" : [ { "annotationDate" : "2024-10-29T18:30:22Z", "annotationType" : "OTHER", "annotator" : "Tool: Trivy ()", "comment" :...
## Description [the go mod analyzer](https://github.com/aquasecurity/trivy/blob/2d80769c34b118851640411fff9dac0b3e353e82/pkg/dependency/parser/golang/mod/parse.go#L103) should not remove the `v` prefix from versions to get aligned with [the go binary analyzer](https://github.com/aquasecurity/trivy/blob/9b31697274c8743d6e5a8f7a1a05daf60cd15910/pkg/dependency/parser/golang/binary/parse.go). ### Discussed in https://github.com/aquasecurity/trivy/discussions/7709
## Description Trivy should respect [Docker contexts](https://docs.docker.com/engine/manage-resources/contexts/). ### Discussed in https://github.com/aquasecurity/trivy/discussions/7685
## Description Test images are [cached](https://github.com/aquasecurity/trivy/issues/7598) now. The containerd image should also be cached as it tends to [fail](https://github.com/aquasecurity/trivy/actions/runs/11211374548/job/31160117854?pr=7654) to pull. Instead of [pulling the image](https://github.com/aquasecurity/trivy/blob/ab3a3b2e6ed15db90967084fac825ddb2f50e70d/pkg/fanal/test/integration/containerd_test.go#L80), it should load the...
## Description The document still shows v1 schema. They should be updated. https://aquasecurity.github.io/trivy/v0.55/docs/configuration/reporting/#json ### Discussed in https://github.com/aquasecurity/trivy/discussions/7552
## Description Parse [uv.lock](https://docs.astral.sh/uv/concepts/projects/#configuring-the-project-environment-path) to identify dependencies ([example](https://github.com/astral-sh/uv/blob/312eeb8f573d36f6df658f85ecadc52799647bb3/scripts/benchmark/uv.lock)). ### Discussed in https://github.com/aquasecurity/trivy/discussions/7647
## Description The [troubleshooting documentation](https://aquasecurity.github.io/trivy/v0.55/docs/references/troubleshooting/#github-rate-limiting) currently suggests setting the `GITHUB_TOKEN` to avoid rate limiting. However, this information was outdated, created when the `image` subcommand didn't even exist. We've identified that...
## Description OVALv2 is in maintenance mode now. https://www.redhat.com/en/blog/red-hat-vex-files-cves-are-now-generally-available
## Description There is no guarantee that [this approach](https://github.com/aquasecurity/trivy/pull/7340) will reliably identify identical components. In the current implementation, it is [possible](https://github.com/aquasecurity/trivy/discussions/7532 ) for multiple components to have the same name...