Nikita Pivkin

feat(misconf): grouping of results in table format

1

## Description The following has been changed in the report: - misconfigurations found for a resource are grouped by status and id - the header shows the number of similar...

Example: ```tf locals { cluster_network_policy = [{ enabled = true }] } resource "google_container_cluster" "primary" { name = "test" dynamic "network_policy" { for_each = local.cluster_network_policy content { enabled = network_policy.value.enabled...

## Description ## Related issues - Close https://github.com/aquasecurity/trivy/issues/5902 ## Checklist - [x] I've read the [guidelines for contributing](https://aquasecurity.github.io/trivy/latest/community/contribute/pr/) to this repository. - [x] I've followed the [conventions](https://aquasecurity.github.io/trivy/latest/community/contribute/pr/#title) in the PR...

Trivy [uses](https://github.com/aquasecurity/trivy/blob/main/pkg/scanner/local/scan.go#L371) the rule ID to create the primary URL, so we should add an `id` field (a copy of `avd_id`) for all Rego rules. Related issues: - https://github.com/aquasecurity/trivy/issues/4993 ###...

fix(terraform): modules with the count meta-argument are not ignored

4

### Discussed in https://github.com/aquasecurity/trivy/discussions/5642 Originally posted by **parviste** November 23, 2023 ### Description In tfsec it's possible to ignore issues within modules (https://aquasecurity.github.io/tfsec/v1.28.4/guides/configuration/ignores/#ignoring-module-issues). This does not seem to be possible...

bug(cloudformation): False Positive detection for AVD-AWS-0088

3

We should not warn about `AVD-AWS-0088` if the `KMSMasterKeyID` attribute references an ARN, id or key alias. Example: ```yaml AWSTemplateFormatVersion: 2010-09-09 Resources: Key: Type: "AWS::KMS::Key" Bucket: Type: AWS::S3::Bucket Properties: BucketEncryption:...

Ref: - JSON [schema](https://github.com/SchemaStore/schemastore/blob/master/src/schemas/json/package.json#L777) `package.json` ### Discussed in https://github.com/aquasecurity/trivy/discussions/6114 Originally posted by **pjungermann** February 13, 2024 ### Description Currently, the `workspaces` field in package.json files is only allowed to be...

### Discussed in https://github.com/aquasecurity/trivy/discussions/6067 Originally posted by **adam-carruthers** February 5, 2024 ### Description Here is the trivy code that finds the token for private terraform registry modules: ```go envVar :=...

npm: inconsistent results when dependency has both a dev and non-dev entry in lockfile

4

### Discussed in https://github.com/aquasecurity/trivy/discussions/5134 Originally posted by **ngraef** September 7, 2023 ### Description Trivy is giving inconsistent results between successive vulnerability scans with the same database version. A sample `package-lock.json`...

feat(terraform): support for `random` provider

5

[Random](https://registry.terraform.io/providers/hashicorp/random/latest/docs) Provider provides resources that generate some values that are available as read-only attributes. But since Trivy does not support these resources, the attributes are left empty, which leads to...