Masahiro331
Masahiro331
Let me join this discussion. I'm deep respect this community. IaC only defines the infrastructure of the product. Probably If it is created as a BOM specification, it is necessary...
@jdolitsky @dlorenc My apologies to direct PR. I wish to reopen and finalize the discussion against this specification.
@dlorenc Yes, I hope. I'm a contributor to Trivy. It is difficult to meet these specifications when supporting the intoto_attestation format as the output of Trivy's vulnerability detection results. If...
Trivy's issue. https://github.com/aquasecurity/trivy/issues/1646
@dlorenc The discussion on Invocation had stopped, so I reopened via PR. If possible, we would like to check if it is optional as well as scanner.db. Currently, there is...
The Alpine repository information (edge) is not output as SBOM, the data source to be referenced differs between when detecting from an image and when detecting from SBOM, and the...
> Any estimated date when this would be merged? Refactoring. Please wait a little longer.
I think it's a great idea! Trivy needs to determine which OS package or which application. And Trivy needs to select a Driver during vulnerability detection. e.g. https://github.com/aquasecurity/trivy/blob/master/pkg/detector/library/driver.go#L29-L47 https://github.com/aquasecurity/trivy/blob/master/pkg/detector/ospkg/detect.go#L59-L86 In...
Thank you. I'm currently working on VM support.
VHDX and VHD will be supported, but the guest operating systems are those currently supported by Trivy. So Windows OS is not supported in this feature.