aquasecurity trivy · Discussions · GitHub

Discussions

You must be logged in to vote

pnpm workspace with overlapping direct dependencies causes non-deterministic package resolution
kind/bug Categorizes issue or PR as related to a bug.
Riolku started Jun 26, 2026 in Bugs

0
You must be logged in to vote

panic: value is marked, so must be unmarked first
kind/bug Categorizes issue or PR as related to a bug.
dynek started Aug 15, 2025 in Bugs · Closed

7
You must be logged in to vote

False positive CVE-2025-35036 — hibernate-validator 6.0.23.SP1-redhat-00001 flagged but Red Hat backported the fix
scan/vulnerability Issues relating to vulnerability scanning target/container-image Issues relating to container image scanning
etarast asked Jun 24, 2026 in Q&A · Unanswered

1
You must be logged in to vote

[Java/Maven] Filesystem scan runs into 429 - Too many requests
scan/vulnerability Issues relating to vulnerability scanning target/filesystem Issues relating to filesystem scanning
AB-xdev asked May 18, 2026 in Q&A · Closed · Unanswered

6
You must be logged in to vote

Can't scan
target/container-image Issues relating to container image scanning
fco-code-org asked Jun 22, 2026 in Q&A · Unanswered

3
You must be logged in to vote

False positive: web-token/jwt-framework 3.4.10 flagged for GHSA-jc38-x7x8-2xc8 (patched version)

jogoossens started Jun 22, 2026 in False Detection

1
You must be logged in to vote

Unable to parse container in AKS
triage/support Indicates an issue that is a support question.
CapKenR asked Feb 25, 2026 in Q&A · Unanswered

1
You must be logged in to vote

Comparison between OSV-Scanner and Trivy
triage/support Indicates an issue that is a support question.
natenho asked Apr 13, 2026 in Q&A · Unanswered

1
You must be logged in to vote

how we can ignore false positive alerts in trivy
triage/support Indicates an issue that is a support question.
jainpratik163 asked Jun 20, 2026 in Q&A · Unanswered

3
You must be logged in to vote

[Feature] Post-quantum cryptography (PQC) detection - bridge Trivy to CBOM scanning
kind/feature Categorizes issue or PR as related to a new feature. scan/vulnerability Issues relating to vulnerability scanning
netanmangal started Jun 21, 2026 in Ideas

0
You must be logged in to vote

Add support for PDM lockfile
kind/feature Categorizes issue or PR as related to a new feature. scan/vulnerability Issues relating to vulnerability scanning target/filesystem Issues relating to filesystem scanning
patriknordlen started Jun 20, 2026 in Ideas

0
You must be logged in to vote

Bad CVE URLs generated
kind/bug Categorizes issue or PR as related to a bug.
stealthrabbi started Jun 16, 2026 in Bugs · Closed

3
You must be logged in to vote

v0.71.2

github-actions Bot started Jun 19, 2026 in Development

0
You must be logged in to vote

Add support for Tuist's .package.resolved SPM lockfile
kind/feature Categorizes issue or PR as related to a new feature. scan/vulnerability Issues relating to vulnerability scanning target/filesystem Issues relating to filesystem scanning
patriknordlen started Jun 19, 2026 in Ideas

0
You must be logged in to vote

Update supported package managers for --include-dev-deps flag
kind/documentation Categorizes issue or PR as related to documentation.
patrik-csak started Jun 18, 2026 in Documentation

0
You must be logged in to vote

Filesystem scan ignores all pnpm dependencies if pnpm-lock.yaml contains multiple YAML documents
kind/bug Categorizes issue or PR as related to a bug.
patrik-csak started Jun 18, 2026 in Bugs · Closed

1
You must be logged in to vote

Expose nested Terraform blocks in terraform-raw input
kind/feature Categorizes issue or PR as related to a new feature. scan/misconfiguration Issues relating to misconfiguration scanning
kuzaxak started May 20, 2026 in Ideas

2
You must be logged in to vote

Lots of CVEs not detected
kind/bug Categorizes issue or PR as related to a bug.
devtobi started Jun 16, 2026 in Bugs

4
You must be logged in to vote

Detect Ubuntu 26.04 LTS as a supported OS
kind/feature Categorizes issue or PR as related to a new feature. scan/vulnerability Issues relating to vulnerability scanning
chrisnovakovic started Apr 27, 2026 in Development · Closed

1
You must be logged in to vote

feat(secret): add detection rules for AI & Vector Database API keys
kind/feature Categorizes issue or PR as related to a new feature. scan/secret Issues relating to secret scanning target/repository Issues relating to VCS repository scanning
mkouchaoui started May 7, 2026 in Ideas

1
You must be logged in to vote

Dev for trivy-azure-pipelines-task?
triage/support Indicates an issue that is a support question.
commitToStahl asked Jun 12, 2026 in Q&A · Unanswered

2
You must be logged in to vote

Incorrect component hash for jars repackaged in Spring Boot app
kind/bug Categorizes issue or PR as related to a bug.
mguillem started Jun 15, 2026 in Bugs · Closed

1
You must be logged in to vote

CycloneDX export of redhat/ubi10-minimal produces cyclic dependencies
target/container-image Issues relating to container image scanning
seebi asked Jun 16, 2026 in Q&A · Closed · Answered

2
You must be logged in to vote

Allow selecting older CycloneDX spec versions when generating BOMs
kind/feature Categorizes issue or PR as related to a new feature.
ch8matt started Jun 16, 2026 in Ideas

0
You must be logged in to vote

Trivy wrongly flagging positive alerts to CVEs in the fixed version of Go library.
scan/vulnerability Issues relating to vulnerability scanning
evadivu asked Jun 12, 2026 in Q&A · Unanswered

2