Masahiro331

icon indicating an email [email protected]

icon location Japan,Tokyo icon location Sorry, I'm not good at English. I may write some terrible expressions. I am always looking for work.

Results 14 issues of Masahiro331

feat(sbom): add purl to spdx

## Description Add purl to SPDX. This change is necessary for vulnerability detection using SPDX. https://github.com/aquasecurity/trivy/issues/2170#event-7032087014 Before ``` { "SPDXID": "SPDXRef-fe2fe0f208812c6b", "filesAnalyzed": false, "licenseConcluded": "GPLv2+", "licenseDeclared": "GPLv2+", "name": "hostname", "versionInfo":...

feat(spdx): add trivy-version in spdx

## Description Add Trivy version for spdx. before ``` { "SPDXID": "SPDXRef-DOCUMENT", "creationInfo": { "created": "2022-07-23T13:42:32.955489Z", "creators": [ "Tool: trivy", "Organization: aquasecurity" ] }, ... } ``` after ``` {...

docs(types): rpm version combined epoch number

issue: #151

About Epoch in RPM and DEB Package Versioning

1 comment

# About Epoch in RPM and DEB Package Versioning In [DEB](https://github.com/package-url/purl-spec/blob/master/PURL-TYPES.rst#deb) Type, the epoch is included in the version. ``` pkg:deb/debian/attr@1:2.4.47-2%2Bb1?arch=amd64 ``` But, [RPM](https://github.com/package-url/purl-spec/blob/master/PURL-TYPES.rst#rpm) Type, the epoch is included in...

PURL type definition
PURL qualifiers component
PURL version component

docs(types): oci type qualifiers must be percent encoding

4 comment

This PR modified qualifiers values like url. Some url-like values ​​in qualifiers have been URL-encoded. * vcs_url * repository_url * download_url --- [OCI specification](https://github.com/package-url/purl-spec/blob/master/PURL-TYPES.rst#oci) > repository_url: A repository URL where...

PURL component: qualifiers
PURL encoding
1 high priority

feat(spec): remove invocate in vuln predicate

7 comment

Ref: #1381 #### Summar Many vulnerability scanners are unaware of the type of environment in which they are used. The consensus in some issues for this spec seemed to be...

feat: add virtual machine scan command

## Description Add new scanner for virtual machine image. ``` $ trivy vm Scan a virtual machine image Usage: trivy vm [flags] VM_IMAGE Examples: # Scan your virtual machine image...

fix(sbom): fix incompliant license format for spdx

4 comment

## Description A licence parser has been added to support the SPDX licence format. It is only used within the SPDX package so as not to affect the normalisation of...

Speed up ebs scanning

EBS Scan calls EBS API and fetches the EBS blocks in a single thread. I'd like to parallelize the fetch of EBS Block for these speedups. To parallelize the fetch...

kind/feature

feat(containerd): support rootless containerd

Support rootless containerd. Ref: https://github.com/aquasecurity/fanal/pull/348 Issue: https://github.com/aquasecurity/trivy/issues/2310 ## TODO: - [ ] Add containerd integration-test