simar7

We don't have any plans at the moment but are curious if you tried to run it on Windows and ran into any errors?

@uRhos that's interesting. I tested this earlier as you can see [here](https://github.com/simar7/trivy-action-composite-test/actions/runs/11242990462/job/31257882280) and it was fine. Is it possible for you run the same scan locally with the Trivy CLI...

@uRhos could you try with the latest release https://github.com/aquasecurity/trivy-action/releases/tag/0.27.0 we had an issue where env var were not getting set and it should be addressed hopefully in this release. Let...

New (v0.28.0) release of trivy-action should address this. Please give it a try.

@nikpivkin I didn't get around reviewing this PR in time for v0.67.0, can we keep it for the next release?

> @simar7 before I start working the refactor - do you have any thoughts or concerns on this feature (introduction of additional metadata, CVSS score updating, and severity source customization...

I ran some benchmarks but I actually found that the newer approach isn't vastly superior in terms of performance. I only a marginal 8% performance bump which to me isn't...

> @simar7 I left small comments, but it doesn't matter and up to you. actually I can't run Trivy-operator with this change: > > ```shell > $ kind delete cluster...

@afdesk in my testing - removing more annotations isn't stable as we can see with failing envtests because of race conditions. I will move this PR into draft until we...

> Issue 2: In some executions, in this same Trivy repo, the scan fails with a fatal error indicating a timeout. Are you able to share the repo with us?...