simar7
simar7
@DmitriyLewen should we exclude references to external modules in SARIF output as references to them won't be processable by GitHub anyway? Maybe we can optionally combine this with `--tf-exclude-downloaded-modules`, if...
Unfortunately this change is currently blocked by a bug in upstream k8s where it cannot fallback to other types https://github.com/kubernetes/kubernetes/issues/86253 I've added more details in this doc https://github.com/aquasecurity/trivy-operator/discussions/2674
> NOTE: By design, the operator does not allow setting different usernames and passwords for multiple registries. Therefore, when downloading trivy-db and trivy-java-db from repositories that require authentication, you must...
> @simar7 could you please prioritize this PR? > > > > The key change here is the removal of duplicate logic shared between the server and standalone modes. >...
@afdesk could you rebase this PR?
hi @hhcs9527 sure go ahead!
> @simar7 I remember you have a meticulous attitude toward testing, and I was thinking about how to add tests here. > > A simple table-driven test for `createEnvAndVolumeForGcr` doesn’t...
Do you see the same issue if you run Trivy as a CLI tool locally? If so, it'd be an issue with Trivy itself and not the Action. In that...
Are you able to provide an input image which we can use to reproduce this?
Is this a public image? If so, where is it available? I'm unable to find it in the regions I looked at.