Comments (3)
knqyf263
commented on June 30, 2024
1
We definitely need to add information about what relationships are available for files.
e.g. only go and Rust binaries, pom and gomod files support root relationships.
Yes, we should document it. In most cases, -f json helps to understand relationship types.
from trivy.
knqyf263
commented on June 30, 2024
@DmitriyLewen Any comments?
from trivy.
DmitriyLewen
commented on June 30, 2024
--relationship root,direct
We definitely need to add information about what relationships are available for files.
e.g. only go and Rust binaries, pom and gomod files support root relationships.
it may be necessary to either disable the --relationship flag or remove the dependencies section from the SBOM output.
I think we need to start from disabling relationship flag for all sbom formats (cyclonedx, spdx, github).
For templates we can leave this flag (it will be same logic as for table format).
Otherwise looks like a very good idea 👍
from trivy.
Related Issues (20)
- HuggingFace token detector not working properly (wrong number of characters) HOT 1
- DB download error HOT 1
- feat: add flag to pass credentials to different Git hosting platforms
- bug(pnpm): infinity loop for `markRootPkgs` function
- bug(npm): runtime: out of memory HOT 7
- feat(cloudformation): support for `AWS::ApiGateway::RestApi` resource
- bug(bom): overwrite `epoch` if srcEpoch is 0
- BREAKING(aws): Deprecating `trivy aws` subcommand
- ci: migrate to GoReleaser v2
- feat(scala): support sbt-dependency-lock
- feat(sbom): migrate to `CycloneDX v1.6`
- feat(misconf): Add selector support for all providers
- bug(licenses): Trivy doesn't separate licenses by `,`, `or`, etc.
- Conan lockfile V2 license parsing uses incorrect folder structure HOT 1
- feat(misconf): Ignore duplicate checks if found
- chore(misconf): Transition Go checks to Rego
- bug(conan): Trivy doesn't parse the `.conan2/p` directory to detect the license for the v2 lock file.
- feat(misconf): support for Impact for Rego HOT 4
- bug(terraform): inline ignore doesn't work in remote modules
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from trivy.