chore(deps): bump the docker group across 1 directory with 2 updates

Bumps the docker group with 2 updates in the / directory: [github.com/docker/cli](https://github.com/docker/cli) and [github.com/moby/buildkit](https://github.com/moby/buildkit). Updates `github.com/docker/cli` from 29.1.1+incompatible to 29.1.3+incompatible - [Commits](https://github.com/docker/cli/compare/v29.1.1...v29.1.3) Updates `github.com/moby/buildkit` from 0.26.2 to 0.26.3 - [Release notes](https://github.com/moby/buildkit/releases) - [Commits](https://github.com/moby/buildkit/compare/v0.26.2...v0.26.3) --- updated-dependencies: - dependency-name: github.com/docker/cli dependency-version: 29.1.3+incompatible dependency-type: direct:production update-type: version-update:semver-patch dependency-group: docker - dependency-name: github.com/moby/buildkit dependency-version: 0.26.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: docker ... Signed-off-by: dependabot[bot] <support@github.com>
chore(deps): bump golang.org/x/tools to v0.40.0 + gopls to v0.21.0 (#9973 )
2025-12-23 07:29:00 -08:00 · 2025-12-22 14:02:14 +00:00 · 2025-12-22 12:20:10 +00:00 · 2025-12-22 11:45:49 +00:00 · 2025-12-22 10:56:30 +00:00 · 2025-12-22 08:55:26 +00:00
171 changed files with 13430 additions and 1647 deletions
--- a/.github/workflows/apidiff.yaml
+++ b/.github/workflows/apidiff.yaml
@@ -65,6 +65,7 @@ jobs:
        uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
        with:
          go-version-file: go.mod
          check-latest: true # Ensure we use the latest Go patch version
          cache: false
      # Ensure the base commit exists locally for go-apidiff to compare against.
--- a/.github/workflows/auto-update-labels.yaml
+++ b/.github/workflows/auto-update-labels.yaml
@@ -18,6 +18,7 @@ jobs:
        with:
          go-version-file: go.mod
          cache: false
          check-latest: true # Ensure we use the latest Go patch version
      - name: Install Go tools
        run: go install tool # GOBIN is added to the PATH by the setup-go action
--- a/.github/workflows/cache-test-assets.yaml
+++ b/.github/workflows/cache-test-assets.yaml
@@ -22,6 +22,7 @@ jobs:
        with:
          go-version-file: go.mod
          cache: false
          check-latest: true # Ensure we use the latest Go patch version
      - name: Install Go tools
        run: go install tool # GOBIN is added to the PATH by the setup-go action
@@ -55,6 +56,7 @@ jobs:
        with:
          go-version-file: go.mod
          cache: false
          check-latest: true # Ensure we use the latest Go patch version
      - name: Install Go tools
        run: go install tool # GOBIN is added to the PATH by the setup-go action
@@ -88,6 +90,7 @@ jobs:
        with:
          go-version-file: go.mod
          cache: false
          check-latest: true # Ensure we use the latest Go patch version
      - name: Run golangci-lint for caching
        uses: golangci/golangci-lint-action@4afd733a84b1f43292c63897423277bb7f4313a9 # v8.0.0
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -74,6 +74,7 @@ jobs:
        uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
        with:
          go-version-file: go.mod
          check-latest: true # Ensure we use the latest Go patch version
          cache: false
      - name: Install Go tools
--- a/.github/workflows/reusable-release.yaml
+++ b/.github/workflows/reusable-release.yaml
@@ -69,6 +69,7 @@ jobs:
        with:
          go-version-file: go.mod
          cache: false # Disable cache to avoid free space issues during `Post Setup Go` step.
          check-latest: true # Ensure we use the latest Go patch version
      - name: Generate SBOM
        uses: CycloneDX/gh-gomod-generate-sbom@efc74245d6802c8cefd925620515442756c70d8f # v2.0.0
--- a/.github/workflows/spdx-cron.yaml
+++ b/.github/workflows/spdx-cron.yaml
@@ -16,6 +16,8 @@ jobs:
        uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
        with:
          go-version-file: go.mod
          cache: false
          check-latest: true # Ensure we use the latest Go patch version
      - name: Install Go tools
        run: go install tool # GOBIN is added to the PATH by the setup-go action
--- a/.github/workflows/test.yaml
+++ b/.github/workflows/test.yaml
@@ -26,6 +26,7 @@ jobs:
        with:
          go-version-file: go.mod
          cache: false
          check-latest: true # Ensure we use the latest Go patch version
      - name: go mod tidy
        run: |
@@ -80,6 +81,7 @@ jobs:
        with:
          go-version-file: go.mod
          cache: false
          check-latest: true # Ensure we use the latest Go patch version
      - name: Install Go tools
        run: go install tool # GOBIN is added to the PATH by the setup-go action
@@ -113,6 +115,7 @@ jobs:
        with:
          go-version-file: go.mod
          cache: false
          check-latest: true # Ensure we use the latest Go patch version
      - name: Install Go tools
        run: go install tool # GOBIN is added to the PATH by the setup-go action
@@ -132,6 +135,7 @@ jobs:
        with:
          go-version-file: go.mod
          cache: false
          check-latest: true # Ensure we use the latest Go patch version
      - name: Install tools
        run: go install tool # GOBIN is added to the PATH by the setup-go action
@@ -167,6 +171,7 @@ jobs:
        with:
          go-version-file: go.mod
          cache: false
          check-latest: true # Ensure we use the latest Go patch version
      - name: Install Go tools
        run: go install tool # GOBIN is added to the PATH by the setup-go action
@@ -201,6 +206,7 @@ jobs:
        with:
          go-version-file: go.mod
          cache: false
          check-latest: true # Ensure we use the latest Go patch version
      - name: Install Go tools
        run: go install tool # GOBIN is added to the PATH by the setup-go action
@@ -236,6 +242,7 @@ jobs:
      with:
        go-version-file: go.mod
        cache: false
        check-latest: true # Ensure we use the latest Go patch version
    - name: Determine GoReleaser ID
      id: goreleaser_id
--- a/.vex/trivy.openvex.json
+++ b/.vex/trivy.openvex.json
@@ -599,6 +599,36 @@
      "status": "not_affected",
      "justification": "vulnerable_code_not_in_execute_path",
      "impact_statement": "Govulncheck determined that the vulnerable code isn't called"
    },
    {
      "vulnerability": {
        "@id": "https://pkg.go.dev/vuln/GO-2025-4192",
        "name": "GO-2025-4192",
        "description": "Sigstore Timestamp Authority allocates excessive memory during request parsing in github.com/sigstore/timestamp-authority",
        "aliases": [
          "CVE-2025-66564",
          "GHSA-4qg8-fj49-pxjh"
        ]
      },
      "products": [
        {
          "@id": "pkg:golang/github.com/aquasecurity/trivy",
          "identifiers": {
            "purl": "pkg:golang/github.com/aquasecurity/trivy"
          },
          "subcomponents": [
            {
              "@id": "pkg:golang/github.com/sigstore/timestamp-authority@v1.2.2",
              "identifiers": {
                "purl": "pkg:golang/github.com/sigstore/timestamp-authority@v1.2.2"
              }
            }
          ]
        }
      ],
      "status": "not_affected",
      "justification": "vulnerable_code_not_present",
      "impact_statement": "Govulncheck determined that the vulnerable code isn't called"
    }
  ]
 }
--- a/2
+++ b/2
@@ -1,4 +1,4 @@
-FROM alpine:3.22.1
+FROM alpine:3.23.0
 RUN apk --no-cache add ca-certificates git
 COPY trivy /usr/local/bin/trivy
 COPY contrib/*.tpl contrib/
--- a/Dockerfile.canary
+++ b/Dockerfile.canary
@@ -1,4 +1,4 @@
-FROM alpine:3.22.1
+FROM alpine:3.23.0
 RUN apk --no-cache add ca-certificates git
 # binaries were created with GoReleaser
--- a/contrib/install.sh
+++ b/contrib/install.sh
@@ -8,9 +8,11 @@ usage() {
  cat <<EOF
 $this: download go binaries for aquasecurity/trivy
-Usage: $this [-b] bindir [-d] [tag]
+Usage: $this [-b] bindir [-c] client [-d] [tag]
  -b sets bindir or installation directory, Defaults to ./bin
  -c sets client identifier for download tracking (letters, digits, and '-' characters are allowed), Defaults to install-script
  -d turns on debug logging
  -x turns on verbose logging
   [tag] is a tag from
   https://github.com/aquasecurity/trivy/releases
   If tag is missing, then the latest will be used.
@@ -27,9 +29,18 @@ parse_args() {
  # over-ridden by flag below
  BINDIR=${BINDIR:-./bin}
-  while getopts "b:dh?x" arg; do
+  CLIENT=${CLIENT:-install-script}
  while getopts "b:c:dh?x" arg; do
    case "$arg" in
      b) BINDIR="$OPTARG" ;;
      c)
        if printf '%s' "$OPTARG" | grep -Eq '^[A-Za-z0-9-]+$'; then
          CLIENT="$OPTARG"
        else
          log_crit "invalid client identifier '${OPTARG}'; allowed characters are: letters, digits, and '-'"
          exit 1
        fi
        ;;
      d) log_set_priority 10 ;;
      h | \?) usage "$0" ;;
      x) set -x ;;
@@ -51,42 +62,14 @@ execute() {
  srcdir="${tmpdir}"
  (cd "${tmpdir}" && untar "${TARBALL}")
  test ! -d "${BINDIR}" && install -d "${BINDIR}"
-  for binexe in $BINARIES; do
+  binexe="trivy"
-    if [ "$OS" = "windows" ]; then
+  if [ "$OS" = "windows" ]; then
-      binexe="${binexe}.exe"
+    binexe="${binexe}.exe"
-    fi
+  fi
-    install "${srcdir}/${binexe}" "${BINDIR}/"
+  install "${srcdir}/${binexe}" "${BINDIR}/"
-    log_info "installed ${BINDIR}/${binexe}"
+  log_info "installed ${BINDIR}/${binexe}"
  done
  rm -rf "${tmpdir}"
 }
 get_binaries() {
  case "$PLATFORM" in
    darwin/386) BINARIES="trivy" ;;
    darwin/amd64) BINARIES="trivy" ;;
    darwin/arm64) BINARIES="trivy" ;;
    darwin/armv7) BINARIES="trivy" ;;
    freebsd/386) BINARIES="trivy" ;;
    freebsd/amd64) BINARIES="trivy" ;;
    freebsd/arm64) BINARIES="trivy" ;;
    freebsd/armv7) BINARIES="trivy" ;;
    linux/386) BINARIES="trivy" ;;
    linux/amd64) BINARIES="trivy" ;;
    linux/ppc64le) BINARIES="trivy" ;;
    linux/arm64) BINARIES="trivy" ;;
    linux/armv7) BINARIES="trivy" ;;
    linux/s390x) BINARIES="trivy" ;;
    openbsd/386) BINARIES="trivy" ;;
    openbsd/amd64) BINARIES="trivy" ;;
    openbsd/arm64) BINARIES="trivy" ;;
    openbsd/armv7) BINARIES="trivy" ;;
    windows/amd64) BINARIES="trivy" ;;
    *)
      log_crit "platform $PLATFORM is not supported.  Make sure this script is up-to-date and file request at https://github.com/${PREFIX}/issues/new"
      exit 1
      ;;
  esac
 }
 tag_to_version() {
  if [ -z "${TAG}" ]; then
    log_info "checking GitHub for latest tag"
@@ -137,12 +120,6 @@ adjust_arch() {
    arm64) ARCH=ARM64 ;;
    ppc64le) ARCH=PPC64LE ;;
    s390x) ARCH=s390x ;;
    darwin) ARCH=macOS ;;
    dragonfly) ARCH=DragonFlyBSD ;;
    freebsd) ARCH=FreeBSD ;;
    linux) ARCH=Linux ;;
    netbsd) ARCH=NetBSD ;;
    openbsd) ARCH=OpenBSD ;;
  esac
  true
 }
@@ -382,7 +359,6 @@ EOF
 PROJECT_NAME="trivy"
 OWNER=aquasecurity
 REPO="trivy"
 BINARY=trivy
 FORMAT=tar.gz
 OS=$(uname_os)
 ARCH=$(uname_arch)
@@ -392,16 +368,15 @@ PREFIX="$OWNER/$REPO"
 log_prefix() {
 	echo "$PREFIX"
 }
-PLATFORM="${OS}/${ARCH}"
+
 GITHUB_DOWNLOAD=https://github.com/${OWNER}/${REPO}/releases/download
 GET_DOWNLOAD=https://get.trivy.dev/trivy
 uname_os_check "$OS"
 uname_arch_check "$ARCH"
 parse_args "$@"
 get_binaries
 tag_to_version
 adjust_format
@@ -414,7 +389,7 @@ log_info "found version: ${VERSION} for ${TAG}/${OS}/${ARCH}"
 NAME=${PROJECT_NAME}_${VERSION}_${OS}-${ARCH}
 TARBALL=${NAME}.${FORMAT}
-TARBALL_URL=${GITHUB_DOWNLOAD}/${TAG}/${TARBALL}
+TARBALL_URL="${GET_DOWNLOAD}?os=${OS}&arch=${ARCH}&version=${VERSION}&type=${FORMAT}&client=${CLIENT}"
 CHECKSUM=${PROJECT_NAME}_${VERSION}_checksums.txt
 CHECKSUM_URL=${GITHUB_DOWNLOAD}/${TAG}/${CHECKSUM}
--- a/docs/getting-started/signature-verification.md
+++ b/docs/getting-started/signature-verification.md
@@ -26,16 +26,26 @@ The following checks were performed on each of these signatures:
 ## Verifying binary
-Download the required tarball, associated signature and certificate files from the [GitHub Release](https://github.com/aquasecurity/trivy/releases).
+Since Trivy v0.68.1, GitHub Releases provide [sigstore signature bundles](https://docs.sigstore.dev/cosign/bundle/). Separate `.sig` and certificate (`.pem`) files are no longer published.
 Download the required tarball and its associated `.sigstore.json` bundle file from the [GitHub Release](https://github.com/aquasecurity/trivy/releases).
 Use the following command for keyless verification:
 ```shell
-cosign verify-blob <path to binary> \
+cosign verify-blob-attestation <path to tarball> \
--certificate <path to cert> \
+    --bundle <path to tarball>.sigstore.json \
--signature <path to sig> \
+    --certificate-oidc-issuer=https://token.actions.githubusercontent.com \
--certificate-identity-regexp 'https://github\.com/aquasecurity/trivy/\.github/workflows/.+' \
+    --certificate-identity 'https://github.com/aquasecurity/trivy/.github/workflows/reusable-release.yaml@refs/tags/<release tag>'
--certificate-oidc-issuer "https://token.actions.githubusercontent.com"
+```
 Example for `trivy_0.68.1_Linux-64bit.tar.gz`:
 ```shell
 cosign verify-blob-attestation trivy_0.68.1_Linux-64bit.tar.gz \
    --bundle trivy_0.68.1_Linux-64bit.tar.gz.sigstore.json \
    --certificate-oidc-issuer=https://token.actions.githubusercontent.com \
    --certificate-identity 'https://github.com/aquasecurity/trivy/.github/workflows/reusable-release.yaml@refs/tags/v0.68.1'
 ```
 You should get the following output
--- a/docs/guide/configuration/skipping.md
+++ b/docs/guide/configuration/skipping.md
@@ -68,10 +68,13 @@ image:
 You can customize which files Trivy scans and how it interprets them with the `--file-patterns` flag.
 A file pattern configuration takes the following form: `<analyzer>:<path>`, such that files matching the `<path>` will be processed with the respective `<analyzer>`.
 !!! Note
    `--file-patterns` flag doesn't disable the default file detection behavior of Trivy. It only adds the file detection based on the specified patterns.
 For example:
 ```bash
-trivy fs --file-patterns "pip:.requirements-test.txt ."
+trivy fs --file-patterns "pip:.requirements-test.txt" .
 ```
 This feature is relevant for the following scanners:
@@ -91,14 +94,14 @@ The file path can use a [regular expression](https://pkg.go.dev/regexp/syntax).
 ```bash
 # interpret any file with .txt extension as a python pip requirements file
-trivy fs --file-patterns "pip:requirements-.*\.txt .
+trivy fs --file-patterns "pip:requirements-.*\.txt" .
 ```
 The flag can be repeated for specifying multiple file patterns. For example:
 ```bash
 # look for Dockerfile called production.docker and a python pip requirements file called requirements-test.txt
-trivy fs --scanners misconfig,vuln --file-patterns "dockerfile:.production.docker" --file-patterns "pip:.requirements-test.txt ."
+trivy fs --scanners misconfig,vuln --file-patterns "dockerfile:.production.docker" --file-patterns "pip:.requirements-test.txt" .
 ```
 [^1]: Only work with the [license-full](../scanner/license.md) flag
--- a/docs/guide/coverage/iac/ansible.md
+++ b/docs/guide/coverage/iac/ansible.md
@@ -0,0 +1,177 @@
 # Ansible
 Trivy analyzes tasks in playbooks and roles for misconfigurations in cloud resources.
 !!! warning "EXPERIMENTAL"
    This feature might change without preserving backwards compatibility.
 !!! warning "LIMITATIONS"
    Not all Ansible features are supported. See the [Limitations](#limitations) section for a detailed list.
 ## Misconfigurations
 Trivy recursively scans directories starting from the root and detects Ansible projects by the presence of key files and folders:
 - `ansible.cfg`, `inventory`, `group_vars`, `host_vars`, `roles` and `playbooks`
 - YAML files that resemble playbooks
 For each project, Trivy performs the following steps:
 - **Playbook discovery** — determines entry points, i.e., playbooks that are not used as imports in other playbooks.
 - **Task and variable resolution** — Trivy resolves tasks and variables from plays, imports, and roles.
 - **Module analysis** — modules used in tasks are scanned for insecure configurations. Currently, only cloud resource modules are supported.
 ### Project scanning
 The Ansible scanner is enabled by default. To run only this scanner, use the `--misconfig-scanners ansible` flag:
 ```bash
 trivy conf --misconfig-scanners ansible .
 ```
 Example playbook:
 ```yaml
 - name: Example playbook
  hosts: localhost
  connection: local
  tasks:
    - name: Create S3 bucket
      amazon.aws.s3_bucket:
        name: "{{ bucket_name }}"
        region: "{{ bucket_region }}"
        state: present
 ```
 Scan result:
 ```bash
 AVD-AWS-0093 (HIGH): Public access block does not restrict public buckets
 ══════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════
 S3 buckets should restrict public policies for the bucket. By enabling, the restrict_public_buckets, only the bucket owner and AWS Services can access if it has a public policy.
 See https://avd.aquasec.com/misconfig/avd-aws-0093
 ──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
 test.yaml:6-9
   via test.yaml:5-9 (tasks)
    via test.yaml:1-9 (play)
 ──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
   1   - name: Example playbook
   2     hosts: localhost
   3     connection: local
   4     tasks:
   5       - name: Create S3 bucket
   6 ┌       amazon.aws.s3_bucket:
   7 │         name: "{{ bucket_name }}"
   8 │         region: "{{ bucket_region }}"
   9 └         state: present
 ──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
 ```
 If the project defines a collection (contains a `galaxy.yaml` file), Trivy can resolve roles using the full name `namespace.collection.role` within the project.
 Example `galaxy.yaml`:
 ```yaml
 namespace: myorg
 name: mycollection
 version: 1.0.0
 ```
 Project structure:
 ```bash
 roles/
  myrole/
    tasks/
      main.yml
 galaxy.yaml
 ```
 Using the role in a playbook:
 ```yaml
 - name: Apply custom role
  hosts: localhost
  tasks:
    - name: Run role from collection
      include_role:
        name: myorg.mycollection.myrole
 ```
 Trivy can correctly locate and analyze the `myrole` role via the full collection name.
 ### Scanning specific playbooks
 To limit scanning to specific playbooks instead of automatically discovering them, use the `--ansible-playbook` flag (can be repeated) with the path to the playbook:
 ```bash
 trivy config --ansible-playbook playbooks/main.yaml .
 ```
 ### Using inventory
 By default, Trivy searches for inventory [in the default location](https://docs.ansible.com/ansible/latest/inventory_guide/intro_inventory.html#how-to-build-your-inventory): `/etc/ansible/hosts`. If an `ansible.cfg` file exists at the project root, the inventory path is taken from it.
 To specify a custom inventory source, use the `--ansible-inventory` flag (same as Ansible’s `--inventory`). The flag can be repeated:
 ```bash
 trivy config --ansible-inventory hosts.ini \
    --ansible-inventory inventory .
 ```
 ### Passing extra variables
 To pass extra variables, use the `--ansible-extra-vars` flag (same as Ansible’s `--extra-vars`). The flag can be repeated:
 ```bash
 trivy config --ansible-extra-vars region=us-east-1 \
    --ansible-extra-vars @vars.json .
 ```
 ### Rendering misconfiguration snippet
 To display the rendered snippet, use the `--render-cause` flag.
 Example output for an S3 bucket task using the `amazon.aws.s3_bucket` module:
 ```bash
 trivy config --render-cause ansible .
 ...
 ──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
 447       - name: "Hetzner Cloud: Create Object Storage (S3 bucket) {{ hetzner_object_storage_name }}"
 448 ┌       amazon.aws.s3_bucket:
 449 │         endpoint_url: "{{ hetzner_object_storage_endpoint }}"
 450 │         ceph: true
 451 │         aws_access_key: "{{ hetzner_object_storage_access_key }}"
 452 │         aws_secret_key: "{{ hetzner_object_storage_secret_key }}"
 453 │         name: "{{ hetzner_object_storage_name }}"
 454 │         region: "{{ hetzner_object_storage_region }}"
 455 └         requester_pays: false
 ...   
 ──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
 Rendered cause:
 ──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
 amazon.aws.s3_bucket:
    endpoint_url: https://us-east-1.your-objectstorage.com
    ceph: true
    aws_access_key: ""
    aws_secret_key: ""
    name: test-pgcluster-backup
    region: us-east-1
    requester_pays: false
    state: present
 ──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
 ```
 ## Limitations
 Ansible scanning has several limitations and does not support the following:
 - Resolving remote collections
 - Inventory, lookup, and filter plugins (except `dirname`)
 - Setting facts (`set_fact`)
 - Loops: `loop`, `with_<lookup>`, etc.
 - Patterns in a play’s hosts field
 - Host ranges in inventory, e.g., `www[01:50:2].example.com`
 - Only supports the following services: AWS S3. If you have other services or clouds that you would like to see support for, please open a discussion in the Trivy project.
--- a/docs/guide/coverage/iac/index.md
+++ b/docs/guide/coverage/iac/index.md
@@ -8,17 +8,18 @@ Trivy scans Infrastructure as Code (IaC) files for
 ## Supported configurations
-| Config type                         | File patterns                    |
+| Config type                         | File patterns                                       |
-|-------------------------------------|----------------------------------|
+|-------------------------------------|-----------------------------------------------------|
-| [Kubernetes](kubernetes.md)         | \*.yml, \*.yaml, \*.json         |
+| [Kubernetes](kubernetes.md)         | \*.yml, \*.yaml, \*.json                            |
-| [Docker](docker.md)                 | Dockerfile, Containerfile        |
+| [Docker](docker.md)                 | Dockerfile, Containerfile                           |
-| [Terraform](terraform.md)           | \*.tf, \*.tf.json, \*.tfvars     |
+| [Terraform](terraform.md)           | \*.tf, \*.tf.json, \*.tfvars                        |
-| [Terraform Plan](terraform.md)      | tfplan, \*.tfplan, \*.json       |
+| [Terraform Plan](terraform.md)      | tfplan, \*.tfplan, \*.json                          |
-| [CloudFormation](cloudformation.md) | \*.yml, \*.yaml, \*.json         |
+| [CloudFormation](cloudformation.md) | \*.yml, \*.yaml, \*.json                            |
-| [Azure ARM Template](azure-arm.md)  | \*.json                          |
+| [Azure ARM Template](azure-arm.md)  | \*.json                                             |
-| [Helm](helm.md)                     | \*.yaml, \*.tpl, \*.tar.gz, etc. |
+| [Helm](helm.md)                     | \*.yml, \*.yaml, \*.tpl, \*.tar.gz, etc.            |
-| [YAML][json-and-yaml]               | \*.yaml, \*.yml                  |
+| [YAML][json-and-yaml]               | \*.yaml, \*.yml                                     |
-| [JSON][json-and-yaml]               | \*.json                          |
+| [JSON][json-and-yaml]               | \*.json                                             |
 | [Ansible](ansible.md)               | \*.yml, \*.yaml, \*.json, \*.ini, without extension |
 [misconf]: ../../scanner/misconfiguration/index.md
 [secret]: ../../scanner/secret.md
--- a/docs/guide/coverage/language/julia.md
+++ b/docs/guide/coverage/language/julia.md
@@ -7,7 +7,7 @@ The following scanners are supported.
 | Package manager | SBOM | Vulnerability | License |
 |-----------------|:----:|:-------------:|:-------:|
-| Pkg.jl          |  ✓   |       -       |    -    |
+| Pkg.jl          |  ✓   |       ✓       |    -    |
 The following table provides an outline of the features Trivy offers.
--- a/docs/guide/coverage/language/php.md
+++ b/docs/guide/coverage/language/php.md
@@ -11,10 +11,10 @@ The following scanners are supported.
 The following table provides an outline of the features Trivy offers.
-| Package manager | File           | Transitive dependencies | Dev dependencies | [Dependency graph][dependency-graph] | Position |
+| Package manager | File           | Transitive dependencies |          Dev dependencies          | [Dependency graph][dependency-graph] | Position |
-|-----------------|----------------|:-----------------------:|:----------------:|:------------------------------------:|:--------:|
+|-----------------|----------------|:-----------------------:|:----------------------------------:|:------------------------------------:|:--------:|
-| Composer        | composer.lock  |            ✓            |     Excluded     |                  ✓                   |    ✓     |
+| Composer        | composer.lock  |            ✓            | [Excluded](#development-dependencies) |                  ✓                   |    ✓     |
-| Composer        | installed.json |            ✓            |     Excluded     |                  -                   |    ✓     |
+| Composer        | installed.json |            ✓            |              Excluded              |                  -                   |    ✓     |
 ## composer.lock
 In order to detect dependencies, Trivy searches for `composer.lock`.
@@ -23,6 +23,12 @@ Trivy also supports dependency trees; however, to display an accurate tree, it n
 Since this information is not included in `composer.lock`, Trivy parses `composer.json`, which should be located next to `composer.lock`.
 If you want to see the dependency tree, please ensure that `composer.json` is present.
 ### Development dependencies
 By default, Trivy doesn't report development dependencies (`packages-dev` in `composer.lock`).
 Use the `--include-dev-deps` flag to include them.
 To correctly identify direct development dependencies, Trivy parses `require-dev` from `composer.json`, which should be located next to `composer.lock`.
 ## installed.json
 Trivy also supports dependency detection for `installed.json` files. By default, you can find this file at `path_to_app/vendor/composer/installed.json`.
--- a/docs/guide/references/configuration/cli/trivy_config.md
+++ b/docs/guide/references/configuration/cli/trivy_config.md
@@ -9,6 +9,9 @@ trivy config [flags] DIR
 ### Options
 ```
      --ansible-extra-vars strings        set additional variables as key=value or @file (YAML/JSON)
      --ansible-inventory strings         specify inventory host path or comma separated host list
      --ansible-playbook strings          specify playbook file path(s) to scan
      --cache-backend string              [EXPERIMENTAL] cache backend (e.g. redis://localhost:6379) (default "memory")
      --cache-ttl duration                cache TTL when using redis as cache backend
      --cf-params strings                 specify paths to override the CloudFormation parameters files
@@ -46,7 +49,7 @@ trivy config [flags] DIR
      --include-deprecated-checks         include deprecated checks
      --include-non-failures              include successes, available with '--scanners misconfig'
      --k8s-version string                specify k8s version to validate outdated api by it (example: 1.21.0)
-      --misconfig-scanners strings        comma-separated list of misconfig scanners to use for misconfiguration scanning (default [azure-arm,cloudformation,dockerfile,helm,kubernetes,terraform,terraformplan-json,terraformplan-snapshot])
+      --misconfig-scanners strings        comma-separated list of misconfig scanners to use for misconfiguration scanning (default [azure-arm,cloudformation,dockerfile,helm,kubernetes,terraform,terraformplan-json,terraformplan-snapshot,ansible])
      --module-dir string                 specify directory to the wasm modules that will be loaded (default "$HOME/.trivy/modules")
  -o, --output string                     output file name
      --output-plugin-arg string          [EXPERIMENTAL] output plugin arguments
@@ -59,7 +62,7 @@ trivy config [flags] DIR
      --redis-tls                         enable redis TLS with public certificates, if using redis as cache backend
      --registry-token string             registry token
      --rego-error-limit int              maximum number of compile errors allowed during Rego policy evaluation (default 10)
-      --render-cause strings              specify configuration types for which the rendered causes will be shown in the table report (allowed values: terraform)
+      --render-cause strings              specify configuration types for which the rendered causes will be shown in the table report (allowed values: terraform,ansible)
      --report string                     specify a compliance report format for the output (allowed values: all,summary) (default "all")
  -s, --severity strings                  severities of security issues to be displayed
                                          Allowed values:
--- a/docs/guide/references/configuration/cli/trivy_filesystem.md
+++ b/docs/guide/references/configuration/cli/trivy_filesystem.md
@@ -19,6 +19,9 @@ trivy filesystem [flags] PATH
 ### Options
 ```
      --ansible-extra-vars strings        set additional variables as key=value or @file (YAML/JSON)
      --ansible-inventory strings         specify inventory host path or comma separated host list
      --ansible-playbook strings          specify playbook file path(s) to scan
      --cache-backend string              [EXPERIMENTAL] cache backend (e.g. redis://localhost:6379) (default "memory")
      --cache-ttl duration                cache TTL when using redis as cache backend
      --cf-params strings                 specify paths to override the CloudFormation parameters files
@@ -82,7 +85,7 @@ trivy filesystem [flags] PATH
      --license-confidence-level float    specify license classifier's confidence level (default 0.9)
      --license-full                      eagerly look for licenses in source code headers and license files
      --list-all-pkgs                     output all packages in the JSON report regardless of vulnerability (default true)
-      --misconfig-scanners strings        comma-separated list of misconfig scanners to use for misconfiguration scanning (default [azure-arm,cloudformation,dockerfile,helm,kubernetes,terraform,terraformplan-json,terraformplan-snapshot])
+      --misconfig-scanners strings        comma-separated list of misconfig scanners to use for misconfiguration scanning (default [azure-arm,cloudformation,dockerfile,helm,kubernetes,terraform,terraformplan-json,terraformplan-snapshot,ansible])
      --module-dir string                 specify directory to the wasm modules that will be loaded (default "$HOME/.trivy/modules")
      --no-progress                       suppress progress bar
      --offline-scan                      do not issue API requests to identify dependencies
@@ -108,7 +111,7 @@ trivy filesystem [flags] PATH
      --registry-token string             registry token
      --rego-error-limit int              maximum number of compile errors allowed during Rego policy evaluation (default 10)
      --rekor-url string                  [EXPERIMENTAL] address of rekor STL server (default "https://rekor.sigstore.dev")
-      --render-cause strings              specify configuration types for which the rendered causes will be shown in the table report (allowed values: terraform)
+      --render-cause strings              specify configuration types for which the rendered causes will be shown in the table report (allowed values: terraform,ansible)
      --report string                     specify a compliance report format for the output (allowed values: all,summary) (default "all")
      --sbom-sources strings              [EXPERIMENTAL] try to retrieve SBOM from the specified sources (allowed values: oci,rekor)
      --scanners strings                  comma-separated list of what security issues to detect (allowed values: vuln,misconfig,secret,license) (default [vuln,secret])
@@ -168,6 +171,7 @@ trivy filesystem [flags] PATH
                                            - chainguard
                                            - bitnami
                                            - govulndb
                                            - julia
                                            - echo
                                            - minimos
                                            - rootio
--- a/docs/guide/references/configuration/cli/trivy_image.md
+++ b/docs/guide/references/configuration/cli/trivy_image.md
@@ -34,6 +34,9 @@ trivy image [flags] IMAGE_NAME
 ### Options
 ```
      --ansible-extra-vars strings        set additional variables as key=value or @file (YAML/JSON)
      --ansible-inventory strings         specify inventory host path or comma separated host list
      --ansible-playbook strings          specify playbook file path(s) to scan
      --cache-backend string              [EXPERIMENTAL] cache backend (e.g. redis://localhost:6379) (default "fs")
      --cache-ttl duration                cache TTL when using redis as cache backend
      --check-namespaces strings          Rego namespaces
@@ -101,7 +104,7 @@ trivy image [flags] IMAGE_NAME
      --license-full                      eagerly look for licenses in source code headers and license files
      --list-all-pkgs                     output all packages in the JSON report regardless of vulnerability (default true)
      --max-image-size string             [EXPERIMENTAL] maximum image size to process, specified in a human-readable format (e.g., '44kB', '17MB'); an error will be returned if the image exceeds this size
-      --misconfig-scanners strings        comma-separated list of misconfig scanners to use for misconfiguration scanning (default [azure-arm,cloudformation,dockerfile,helm,kubernetes,terraform,terraformplan-json,terraformplan-snapshot])
+      --misconfig-scanners strings        comma-separated list of misconfig scanners to use for misconfiguration scanning (default [azure-arm,cloudformation,dockerfile,helm,kubernetes,terraform,terraformplan-json,terraformplan-snapshot,ansible])
      --module-dir string                 specify directory to the wasm modules that will be loaded (default "$HOME/.trivy/modules")
      --no-progress                       suppress progress bar
      --offline-scan                      do not issue API requests to identify dependencies
@@ -130,7 +133,7 @@ trivy image [flags] IMAGE_NAME
      --rego-error-limit int              maximum number of compile errors allowed during Rego policy evaluation (default 10)
      --rekor-url string                  [EXPERIMENTAL] address of rekor STL server (default "https://rekor.sigstore.dev")
      --removed-pkgs                      detect vulnerabilities of removed packages (only for Alpine)
-      --render-cause strings              specify configuration types for which the rendered causes will be shown in the table report (allowed values: terraform)
+      --render-cause strings              specify configuration types for which the rendered causes will be shown in the table report (allowed values: terraform,ansible)
      --report string                     specify a format for the compliance report. (allowed values: all,summary) (default "summary")
      --sbom-sources strings              [EXPERIMENTAL] try to retrieve SBOM from the specified sources (allowed values: oci,rekor)
      --scanners strings                  comma-separated list of what security issues to detect (allowed values: vuln,misconfig,secret,license) (default [vuln,secret])
@@ -189,6 +192,7 @@ trivy image [flags] IMAGE_NAME
                                            - chainguard
                                            - bitnami
                                            - govulndb
                                            - julia
                                            - echo
                                            - minimos
                                            - rootio
--- a/docs/guide/references/configuration/cli/trivy_kubernetes.md
+++ b/docs/guide/references/configuration/cli/trivy_kubernetes.md
@@ -29,6 +29,9 @@ trivy kubernetes [flags] [CONTEXT]
 ### Options
 ```
      --ansible-extra-vars strings        set additional variables as key=value or @file (YAML/JSON)
      --ansible-inventory strings         specify inventory host path or comma separated host list
      --ansible-playbook strings          specify playbook file path(s) to scan
      --burst int                         specify the maximum burst for throttle (default 10)
      --cache-backend string              [EXPERIMENTAL] cache backend (e.g. redis://localhost:6379) (default "fs")
      --cache-ttl duration                cache TTL when using redis as cache backend
@@ -92,7 +95,7 @@ trivy kubernetes [flags] [CONTEXT]
      --k8s-version string                specify k8s version to validate outdated api by it (example: 1.21.0)
      --kubeconfig string                 specify the kubeconfig file path to use
      --list-all-pkgs                     output all packages in the JSON report regardless of vulnerability (default true)
-      --misconfig-scanners strings        comma-separated list of misconfig scanners to use for misconfiguration scanning (default [azure-arm,cloudformation,dockerfile,helm,kubernetes,terraform,terraformplan-json,terraformplan-snapshot])
+      --misconfig-scanners strings        comma-separated list of misconfig scanners to use for misconfiguration scanning (default [azure-arm,cloudformation,dockerfile,helm,kubernetes,terraform,terraformplan-json,terraformplan-snapshot,ansible])
      --no-progress                       suppress progress bar
      --node-collector-imageref string    indicate the image reference for the node-collector scan job (default "ghcr.io/aquasecurity/node-collector:0.3.1")
      --node-collector-namespace string   specify the namespace in which the node-collector job should be deployed (default "trivy-temp")
@@ -120,7 +123,7 @@ trivy kubernetes [flags] [CONTEXT]
      --registry-token string             registry token
      --rego-error-limit int              maximum number of compile errors allowed during Rego policy evaluation (default 10)
      --rekor-url string                  [EXPERIMENTAL] address of rekor STL server (default "https://rekor.sigstore.dev")
-      --render-cause strings              specify configuration types for which the rendered causes will be shown in the table report (allowed values: terraform)
+      --render-cause strings              specify configuration types for which the rendered causes will be shown in the table report (allowed values: terraform,ansible)
      --report string                     specify a report format for the output (allowed values: all,summary) (default "all")
      --sbom-sources strings              [EXPERIMENTAL] try to retrieve SBOM from the specified sources (allowed values: oci,rekor)
      --scanners strings                  comma-separated list of what security issues to detect (allowed values: vuln,misconfig,secret,rbac) (default [vuln,misconfig,secret,rbac])
@@ -177,6 +180,7 @@ trivy kubernetes [flags] [CONTEXT]
                                            - chainguard
                                            - bitnami
                                            - govulndb
                                            - julia
                                            - echo
                                            - minimos
                                            - rootio
--- a/docs/guide/references/configuration/cli/trivy_repository.md
+++ b/docs/guide/references/configuration/cli/trivy_repository.md
@@ -18,6 +18,9 @@ trivy repository [flags] (REPO_PATH | REPO_URL)
 ### Options
 ```
      --ansible-extra-vars strings        set additional variables as key=value or @file (YAML/JSON)
      --ansible-inventory strings         specify inventory host path or comma separated host list
      --ansible-playbook strings          specify playbook file path(s) to scan
      --branch string                     pass the branch name to be scanned
      --cache-backend string              [EXPERIMENTAL] cache backend (e.g. redis://localhost:6379) (default "fs")
      --cache-ttl duration                cache TTL when using redis as cache backend
@@ -81,7 +84,7 @@ trivy repository [flags] (REPO_PATH | REPO_URL)
      --license-confidence-level float    specify license classifier's confidence level (default 0.9)
      --license-full                      eagerly look for licenses in source code headers and license files
      --list-all-pkgs                     output all packages in the JSON report regardless of vulnerability (default true)
-      --misconfig-scanners strings        comma-separated list of misconfig scanners to use for misconfiguration scanning (default [azure-arm,cloudformation,dockerfile,helm,kubernetes,terraform,terraformplan-json,terraformplan-snapshot])
+      --misconfig-scanners strings        comma-separated list of misconfig scanners to use for misconfiguration scanning (default [azure-arm,cloudformation,dockerfile,helm,kubernetes,terraform,terraformplan-json,terraformplan-snapshot,ansible])
      --module-dir string                 specify directory to the wasm modules that will be loaded (default "$HOME/.trivy/modules")
      --no-progress                       suppress progress bar
      --offline-scan                      do not issue API requests to identify dependencies
@@ -107,7 +110,7 @@ trivy repository [flags] (REPO_PATH | REPO_URL)
      --registry-token string             registry token
      --rego-error-limit int              maximum number of compile errors allowed during Rego policy evaluation (default 10)
      --rekor-url string                  [EXPERIMENTAL] address of rekor STL server (default "https://rekor.sigstore.dev")
-      --render-cause strings              specify configuration types for which the rendered causes will be shown in the table report (allowed values: terraform)
+      --render-cause strings              specify configuration types for which the rendered causes will be shown in the table report (allowed values: terraform,ansible)
      --sbom-sources strings              [EXPERIMENTAL] try to retrieve SBOM from the specified sources (allowed values: oci,rekor)
      --scanners strings                  comma-separated list of what security issues to detect (allowed values: vuln,misconfig,secret,license) (default [vuln,secret])
      --secret-config string              specify a path to config file for secret scanning (default "trivy-secret.yaml")
@@ -167,6 +170,7 @@ trivy repository [flags] (REPO_PATH | REPO_URL)
                                            - chainguard
                                            - bitnami
                                            - govulndb
                                            - julia
                                            - echo
                                            - minimos
                                            - rootio
--- a/docs/guide/references/configuration/cli/trivy_rootfs.md
+++ b/docs/guide/references/configuration/cli/trivy_rootfs.md
@@ -22,6 +22,9 @@ trivy rootfs [flags] ROOTDIR
 ### Options
 ```
      --ansible-extra-vars strings        set additional variables as key=value or @file (YAML/JSON)
      --ansible-inventory strings         specify inventory host path or comma separated host list
      --ansible-playbook strings          specify playbook file path(s) to scan
      --cache-backend string              [EXPERIMENTAL] cache backend (e.g. redis://localhost:6379) (default "memory")
      --cache-ttl duration                cache TTL when using redis as cache backend
      --cf-params strings                 specify paths to override the CloudFormation parameters files
@@ -84,7 +87,7 @@ trivy rootfs [flags] ROOTDIR
      --license-confidence-level float    specify license classifier's confidence level (default 0.9)
      --license-full                      eagerly look for licenses in source code headers and license files
      --list-all-pkgs                     output all packages in the JSON report regardless of vulnerability (default true)
-      --misconfig-scanners strings        comma-separated list of misconfig scanners to use for misconfiguration scanning (default [azure-arm,cloudformation,dockerfile,helm,kubernetes,terraform,terraformplan-json,terraformplan-snapshot])
+      --misconfig-scanners strings        comma-separated list of misconfig scanners to use for misconfiguration scanning (default [azure-arm,cloudformation,dockerfile,helm,kubernetes,terraform,terraformplan-json,terraformplan-snapshot,ansible])
      --module-dir string                 specify directory to the wasm modules that will be loaded (default "$HOME/.trivy/modules")
      --no-progress                       suppress progress bar
      --offline-scan                      do not issue API requests to identify dependencies
@@ -110,7 +113,7 @@ trivy rootfs [flags] ROOTDIR
      --registry-token string             registry token
      --rego-error-limit int              maximum number of compile errors allowed during Rego policy evaluation (default 10)
      --rekor-url string                  [EXPERIMENTAL] address of rekor STL server (default "https://rekor.sigstore.dev")
-      --render-cause strings              specify configuration types for which the rendered causes will be shown in the table report (allowed values: terraform)
+      --render-cause strings              specify configuration types for which the rendered causes will be shown in the table report (allowed values: terraform,ansible)
      --sbom-sources strings              [EXPERIMENTAL] try to retrieve SBOM from the specified sources (allowed values: oci,rekor)
      --scanners strings                  comma-separated list of what security issues to detect (allowed values: vuln,misconfig,secret,license) (default [vuln,secret])
      --secret-config string              specify a path to config file for secret scanning (default "trivy-secret.yaml")
@@ -169,6 +172,7 @@ trivy rootfs [flags] ROOTDIR
                                            - chainguard
                                            - bitnami
                                            - govulndb
                                            - julia
                                            - echo
                                            - minimos
                                            - rootio
--- a/docs/guide/references/configuration/cli/trivy_sbom.md
+++ b/docs/guide/references/configuration/cli/trivy_sbom.md
@@ -137,6 +137,7 @@ trivy sbom [flags] SBOM_PATH
                                         - chainguard
                                         - bitnami
                                         - govulndb
                                         - julia
                                         - echo
                                         - minimos
                                         - rootio
--- a/docs/guide/references/configuration/cli/trivy_vm.md
+++ b/docs/guide/references/configuration/cli/trivy_vm.md
@@ -20,6 +20,9 @@ trivy vm [flags] VM_IMAGE
 ### Options
 ```
      --ansible-extra-vars strings        set additional variables as key=value or @file (YAML/JSON)
      --ansible-inventory strings         specify inventory host path or comma separated host list
      --ansible-playbook strings          specify playbook file path(s) to scan
      --aws-region string                 AWS region to scan
      --cache-backend string              [EXPERIMENTAL] cache backend (e.g. redis://localhost:6379) (default "fs")
      --cache-ttl duration                cache TTL when using redis as cache backend
@@ -76,7 +79,7 @@ trivy vm [flags] VM_IMAGE
      --include-non-failures              include successes, available with '--scanners misconfig'
      --java-db-repository strings        OCI repository(ies) to retrieve trivy-java-db in order of priority (default [mirror.gcr.io/aquasec/trivy-java-db:1,ghcr.io/aquasecurity/trivy-java-db:1])
      --list-all-pkgs                     output all packages in the JSON report regardless of vulnerability (default true)
-      --misconfig-scanners strings        comma-separated list of misconfig scanners to use for misconfiguration scanning (default [azure-arm,cloudformation,dockerfile,helm,kubernetes,terraform,terraformplan-json,terraformplan-snapshot])
+      --misconfig-scanners strings        comma-separated list of misconfig scanners to use for misconfiguration scanning (default [azure-arm,cloudformation,dockerfile,helm,kubernetes,terraform,terraformplan-json,terraformplan-snapshot,ansible])
      --module-dir string                 specify directory to the wasm modules that will be loaded (default "$HOME/.trivy/modules")
      --no-progress                       suppress progress bar
      --offline-scan                      do not issue API requests to identify dependencies
@@ -98,7 +101,7 @@ trivy vm [flags] VM_IMAGE
      --redis-key string                  redis key file location, if using redis as cache backend
      --redis-tls                         enable redis TLS with public certificates, if using redis as cache backend
      --rekor-url string                  [EXPERIMENTAL] address of rekor STL server (default "https://rekor.sigstore.dev")
-      --render-cause strings              specify configuration types for which the rendered causes will be shown in the table report (allowed values: terraform)
+      --render-cause strings              specify configuration types for which the rendered causes will be shown in the table report (allowed values: terraform,ansible)
      --sbom-sources strings              [EXPERIMENTAL] try to retrieve SBOM from the specified sources (allowed values: oci,rekor)
      --scanners strings                  comma-separated list of what security issues to detect (allowed values: vuln,misconfig,secret,license) (default [vuln,secret])
      --secret-config string              specify a path to config file for secret scanning (default "trivy-secret.yaml")
@@ -153,6 +156,7 @@ trivy vm [flags] VM_IMAGE
                                            - chainguard
                                            - bitnami
                                            - govulndb
                                            - julia
                                            - echo
                                            - minimos
                                            - rootio
--- a/docs/guide/references/configuration/config-file.md
+++ b/docs/guide/references/configuration/config-file.md
@@ -379,6 +379,16 @@ license:
 ## Misconfiguration options
 ```yaml
 ansible:
  # Same as '--ansible-extra-vars'
  extra-vars: []
  # Same as '--ansible-inventory'
  inventories: []
  # Same as '--ansible-playbook'
  playbooks: []
 misconfiguration:
  # Same as '--checks-bundle-repository'
  checks-bundle-repository: "mirror.gcr.io/aquasec/trivy-checks:1"
@@ -428,6 +438,7 @@ misconfiguration:
   - terraform
   - terraformplan-json
   - terraformplan-snapshot
   - ansible
  terraform:
    # Same as '--tf-exclude-downloaded-modules'
--- a/docs/guide/scanner/vulnerability.md
+++ b/docs/guide/scanner/vulnerability.md
@@ -137,6 +137,7 @@ See [here](../coverage/language/index.md#supported-languages) for the supported
 | Dart     | [GitHub Advisory Database (Pub)][pub-ghsa]          |       ✅        |     -     |
 | Elixir   | [GitHub Advisory Database (Erlang)][erlang-ghsa]    |       ✅        |     -     |
 | Swift    | [GitHub Advisory Database (Swift)][swift-ghsa]      |       ✅        |     -     |
 | Julia    | [Open Source Vulnerabilities (Julia)][julia-osv]    |       ✅        |     -     |
 [^1]: Intentional delay between vulnerability disclosure and registration in the DB
@@ -426,13 +427,14 @@ Example logic for the following vendor severity levels when scanning an Alpine i
 [python-osv]: https://osv.dev/list?q=&ecosystem=PyPI
 [rust-osv]: https://osv.dev/list?q=&ecosystem=crates.io
 [julia-osv]: https://osv.dev/list?q=&ecosystem=Julia
 [nvd]: https://nvd.nist.gov/vuln
 [k8s-cve]: https://kubernetes.io/docs/reference/issues-security/official-cve-feed/
 [CVE-2023-32681]: https://nvd.nist.gov/vuln/detail/CVE-2023-32681
-[RHSA-2023:4520]: https://access.redhat.com/errata/RHSA-2023:4520 
+[RHSA-2023:4520]: https://access.redhat.com/errata/RHSA-2023:4520
 [ghsa]: https://github.com/advisories
 [requests]: https://pypi.org/project/requests/
 [precision-recall]: https://developers.google.com/machine-learning/crash-course/classification/precision-and-recall
--- a/go.mod
+++ b/go.mod
@@ -24,7 +24,7 @@ require (
 	github.com/aquasecurity/testdocker v0.0.0-20250616060700-ba6845ac6d17
 	github.com/aquasecurity/tml v0.6.1
 	github.com/aquasecurity/trivy-checks v1.11.3-0.20250604022615-9a7efa7c9169
-	github.com/aquasecurity/trivy-db v0.0.0-20250929072116-eba1ced2340a
+	github.com/aquasecurity/trivy-db v0.0.0-20251222105351-a833f47f8f0d
 	github.com/aquasecurity/trivy-java-db v0.0.0-20240109071736-184bd7481d48
 	github.com/aquasecurity/trivy-kubernetes v0.9.1
 	github.com/aws/aws-sdk-go-v2 v1.40.0
@@ -41,17 +41,17 @@ require (
 	github.com/containerd/containerd/v2 v2.2.0
 	github.com/containerd/platforms v1.0.0-rc.2
 	github.com/distribution/reference v0.6.0
-	github.com/docker/cli v29.0.3+incompatible
+	github.com/docker/cli v29.1.3+incompatible
 	github.com/docker/docker v28.5.2+incompatible
 	github.com/docker/go-connections v0.6.0
 	github.com/docker/go-units v0.5.0
 	github.com/fatih/color v1.18.0
-	github.com/go-git/go-git/v5 v5.16.3
+	github.com/go-git/go-git/v5 v5.16.4
 	github.com/go-redis/redis/v8 v8.11.5
 	github.com/go-viper/mapstructure/v2 v2.4.0
-	github.com/gocsaf/csaf/v3 v3.4.0
+	github.com/gocsaf/csaf/v3 v3.5.0
 	github.com/golang-jwt/jwt/v5 v5.3.0
-	github.com/google/go-containerregistry v0.20.6
+	github.com/google/go-containerregistry v0.20.7
 	github.com/google/go-github/v62 v62.0.0
 	github.com/google/licenseclassifier/v2 v2.0.0
 	github.com/google/uuid v1.6.0
@@ -59,7 +59,7 @@ require (
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/hashicorp/go-retryablehttp v0.7.8
 	github.com/hashicorp/go-uuid v1.0.3
-	github.com/hashicorp/go-version v1.7.0
+	github.com/hashicorp/go-version v1.8.0
 	github.com/hashicorp/golang-lru/v2 v2.0.7
 	github.com/hashicorp/hc-install v0.9.2
 	github.com/hashicorp/hcl/v2 v2.24.0
@@ -81,9 +81,10 @@ require (
 	github.com/mattn/go-shellwords v1.0.12
 	github.com/mitchellh/go-homedir v1.1.0
 	github.com/mitchellh/hashstructure/v2 v2.0.2
-	github.com/moby/buildkit v0.26.2
+	github.com/moby/buildkit v0.26.3
 	github.com/moby/docker-image-spec v1.3.1
-	github.com/open-policy-agent/opa v1.10.1
+	github.com/moby/moby/client v0.2.1 // indirect
 	github.com/open-policy-agent/opa v1.11.0
 	github.com/opencontainers/go-digest v1.0.0
 	github.com/opencontainers/image-spec v1.1.1
 	github.com/openvex/discovery v0.1.1-0.20240802171711-7c54efc57553
@@ -101,7 +102,7 @@ require (
 	github.com/sosedoff/gitkit v0.4.0
 	github.com/spdx/tools-golang v0.5.5 // v0.5.3 with necessary changes. Can be upgraded to version 0.5.4 after release.
 	github.com/spf13/cast v1.10.0
-	github.com/spf13/cobra v1.10.1
+	github.com/spf13/cobra v1.10.2
 	github.com/spf13/pflag v1.0.10
 	github.com/spf13/viper v1.21.0
 	github.com/stretchr/testify v1.11.1
@@ -115,13 +116,13 @@ require (
 	github.com/zclconf/go-cty v1.17.0
 	github.com/zclconf/go-cty-yaml v1.1.0
 	go.etcd.io/bbolt v1.4.3
-	golang.org/x/crypto v0.45.0
+	golang.org/x/crypto v0.46.0
-	golang.org/x/mod v0.30.0
+	golang.org/x/mod v0.31.0
-	golang.org/x/net v0.47.0
+	golang.org/x/net v0.48.0
-	golang.org/x/sync v0.18.0
+	golang.org/x/sync v0.19.0
-	golang.org/x/term v0.37.0
+	golang.org/x/term v0.38.0
-	golang.org/x/text v0.31.0
+	golang.org/x/text v0.32.0
-	golang.org/x/tools v0.38.0
+	golang.org/x/tools v0.40.0
 	golang.org/x/vuln v1.1.4
 	golang.org/x/xerrors v0.0.0-20240716161551-93cc26a95ae9
 	google.golang.org/protobuf v1.36.10
@@ -132,6 +133,11 @@ require (
 	modernc.org/sqlite v1.40.1
 )
 require (
 	github.com/go-ini/ini v1.67.0
 	github.com/nikolalohinski/gonja/v2 v2.4.2
 )
 require (
 	buf.build/gen/go/bufbuild/bufplugin/protocolbuffers/go v1.36.6-20250718181942-e35f9b667443.1 // indirect
 	buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.36.6-20250717185734-6c6e0d3c608e.1 // indirect
@@ -219,7 +225,7 @@ require (
 	github.com/containerd/fifo v1.1.0 // indirect
 	github.com/containerd/log v0.1.0 // indirect
 	github.com/containerd/plugin v1.0.0 // indirect
-	github.com/containerd/stargz-snapshotter/estargz v0.17.0 // indirect
+	github.com/containerd/stargz-snapshotter/estargz v0.18.1 // indirect
 	github.com/containerd/ttrpc v1.2.7 // indirect
 	github.com/containerd/typeurl/v2 v2.2.3 // indirect
 	github.com/cpuguy83/dockercfg v0.3.2 // indirect
@@ -253,7 +259,6 @@ require (
 	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
 	github.com/go-git/go-billy/v5 v5.6.2 // indirect
 	github.com/go-gorp/gorp/v3 v3.1.0 // indirect
 	github.com/go-ini/ini v1.67.0 // indirect
 	github.com/go-jose/go-jose/v4 v4.1.2 // indirect
 	github.com/go-logr/logr v1.4.3 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
@@ -281,7 +286,7 @@ require (
 	github.com/go-openapi/validate v0.25.1 // indirect
 	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/goccy/go-json v0.10.5 // indirect
-	github.com/goccy/go-yaml v1.15.23 // indirect
+	github.com/goccy/go-yaml v1.19.0 // indirect
 	github.com/gofrs/flock v0.13.0 // indirect
 	github.com/gofrs/uuid v4.3.1+incompatible // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
@@ -314,6 +319,7 @@ require (
 	github.com/jdx/go-netrc v1.0.0 // indirect
 	github.com/jedisct1/go-minisign v0.0.0-20230811132847-661be99b8267 // indirect
 	github.com/jmoiron/sqlx v1.4.0 // indirect
 	github.com/josephburnett/jd/v2 v2.3.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/kevinburke/ssh_config v1.2.0 // indirect
 	github.com/klauspost/compress v1.18.1 // indirect
@@ -326,7 +332,7 @@ require (
 	github.com/lestrrat-go/dsig-secp256k1 v1.0.0 // indirect
 	github.com/lestrrat-go/httpcc v1.0.1 // indirect
 	github.com/lestrrat-go/httprc/v3 v3.0.1 // indirect
-	github.com/lestrrat-go/jwx/v3 v3.0.11 // indirect
+	github.com/lestrrat-go/jwx/v3 v3.0.12 // indirect
 	github.com/lestrrat-go/option v1.0.1 // indirect
 	github.com/lestrrat-go/option/v2 v2.0.0 // indirect
 	github.com/letsencrypt/boulder v0.0.0-20240620165639-de9c06129bec // indirect
@@ -345,7 +351,6 @@ require (
 	github.com/moby/go-archive v0.1.0 // indirect
 	github.com/moby/locker v1.0.1 // indirect
 	github.com/moby/moby/api v1.52.0 // indirect
 	github.com/moby/moby/client v0.1.0 // indirect
 	github.com/moby/patternmatcher v0.6.0 // indirect
 	github.com/moby/spdystream v0.5.0 // indirect
 	github.com/moby/sys/atomicwriter v0.1.0 // indirect
@@ -365,8 +370,6 @@ require (
 	github.com/nozzle/throttler v0.0.0-20180817012639-2ea982251481 // indirect
 	github.com/oklog/ulid v1.3.1 // indirect
 	github.com/oklog/ulid/v2 v2.1.1 // indirect
 	github.com/onsi/ginkgo/v2 v2.23.4 // indirect
 	github.com/onsi/gomega v1.36.3 // indirect
 	github.com/opencontainers/runtime-spec v1.2.1 // indirect
 	github.com/opencontainers/selinux v1.13.0 // indirect
 	github.com/owenrumney/squealer v1.2.11 // indirect
@@ -384,8 +387,8 @@ require (
 	github.com/prometheus/client_model v0.6.2 // indirect
 	github.com/prometheus/common v0.66.1 // indirect
 	github.com/prometheus/procfs v0.17.0 // indirect
-	github.com/quic-go/qpack v0.5.1 // indirect
+	github.com/quic-go/qpack v0.6.0 // indirect
-	github.com/quic-go/quic-go v0.54.1 // indirect
+	github.com/quic-go/quic-go v0.57.0 // indirect
 	github.com/rcrowley/go-metrics v0.0.0-20250401214520-65e299d6c5c9 // indirect
 	github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
 	github.com/rivo/uniseg v0.4.7 // indirect
@@ -396,7 +399,7 @@ require (
 	github.com/samber/oops v1.18.1 // indirect
 	github.com/santhosh-tekuri/jsonschema/v6 v6.0.2 // indirect
 	github.com/sassoftware/relic v7.2.1+incompatible // indirect
-	github.com/segmentio/asm v1.2.0 // indirect
+	github.com/segmentio/asm v1.2.1 // indirect
 	github.com/segmentio/encoding v0.5.3 // indirect
 	github.com/sergi/go-diff v1.4.0 // indirect
 	github.com/shibumi/go-pathspec v1.3.0 // indirect
@@ -426,7 +429,7 @@ require (
 	github.com/ulikunitz/xz v0.5.15 // indirect
 	github.com/valyala/fastjson v1.6.4 // indirect
 	github.com/vbatts/tar-split v0.12.2 // indirect
-	github.com/vektah/gqlparser/v2 v2.5.30 // indirect
+	github.com/vektah/gqlparser/v2 v2.5.31 // indirect
 	github.com/vmihailenco/msgpack/v5 v5.4.1 // indirect
 	github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
@@ -457,23 +460,22 @@ require (
 	go.opentelemetry.io/otel/sdk/metric v1.38.0 // indirect
 	go.opentelemetry.io/otel/trace v1.38.0 // indirect
 	go.opentelemetry.io/proto/otlp v1.7.1 // indirect
 	go.uber.org/mock v0.5.2 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.27.0 // indirect
 	go.yaml.in/yaml/v2 v2.4.2 // indirect
 	go.yaml.in/yaml/v3 v3.0.4 // indirect
 	go.yaml.in/yaml/v4 v4.0.0-rc.3 // indirect
 	golang.org/x/exp v0.0.0-20250911091902-df9299821621 // indirect
-	golang.org/x/oauth2 v0.32.0 // indirect
+	golang.org/x/oauth2 v0.33.0 // indirect
-	golang.org/x/sys v0.38.0 // indirect
+	golang.org/x/sys v0.39.0 // indirect
-	golang.org/x/telemetry v0.0.0-20251008203120-078029d740a8 // indirect
+	golang.org/x/telemetry v0.0.0-20251203150158-8fff8a5912fc // indirect
 	golang.org/x/time v0.14.0 // indirect
-	golang.org/x/tools/gopls v0.0.0-20251008221726-a22b5e8a9b8d // indirect
+	golang.org/x/tools/gopls v0.21.0 // indirect
 	google.golang.org/api v0.254.0 // indirect
 	google.golang.org/genproto v0.0.0-20250603155806-513f23925822 // indirect
 	google.golang.org/genproto/googleapis/api v0.0.0-20250825161204-c5933d9347a5 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20251022142026-3a174f9686a8 // indirect
 	google.golang.org/grpc v1.76.0 // indirect
 	gopkg.in/cheggaaa/pb.v1 v1.0.28 // indirect
 	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
--- a/go.sum
+++ b/go.sum
@@ -222,8 +222,8 @@ github.com/aquasecurity/tml v0.6.1 h1:y2ZlGSfrhnn7t4ZJ/0rotuH+v5Jgv6BDDO5jB6A9gw
 github.com/aquasecurity/tml v0.6.1/go.mod h1:OnYMWY5lvI9ejU7yH9LCberWaaTBW7hBFsITiIMY2yY=
 github.com/aquasecurity/trivy-checks v1.11.3-0.20250604022615-9a7efa7c9169 h1:TckzIxUX7lZaU9f2lNxCN0noYYP8fzmSQf6a4JdV83w=
 github.com/aquasecurity/trivy-checks v1.11.3-0.20250604022615-9a7efa7c9169/go.mod h1:nT69xgRcBD4NlHwTBpWMYirpK5/Zpl8M+XDOgmjMn2k=
-github.com/aquasecurity/trivy-db v0.0.0-20250929072116-eba1ced2340a h1:Wmvjq3zQGsZ8Wlqh75zvujh7LZNTXU4YoEf8tyL1LoM=
+github.com/aquasecurity/trivy-db v0.0.0-20251222105351-a833f47f8f0d h1:mwCxwhDRnW5UkSQdZfekTCjaLyWp1rqfIa6KKRdMDAo=
-github.com/aquasecurity/trivy-db v0.0.0-20250929072116-eba1ced2340a/go.mod h1:upAJqDQkN5FdIJbtJMpokncGNhYAPGkpoCbaGciWPt4=
+github.com/aquasecurity/trivy-db v0.0.0-20251222105351-a833f47f8f0d/go.mod h1:B0cbg/BEHbJg2RcS7PLdlbGCzz2TkChcZAiI4oSs0VI=
 github.com/aquasecurity/trivy-java-db v0.0.0-20240109071736-184bd7481d48 h1:JVgBIuIYbwG+ekC5lUHUpGJboPYiCcxiz06RCtz8neI=
 github.com/aquasecurity/trivy-java-db v0.0.0-20240109071736-184bd7481d48/go.mod h1:Ldya37FLi0e/5Cjq2T5Bty7cFkzUDwTcPeQua+2M8i8=
 github.com/aquasecurity/trivy-kubernetes v0.9.1 h1:bSErQcavKXDh7XMwbGX7Vy//jR5+xhe/bOgfn9G+9lQ=
@@ -316,8 +316,8 @@ github.com/buildkite/go-pipeline v0.3.2 h1:SW4EaXNwfjow7xDRPGgX0Rcx+dPj5C1kV9LKC
 github.com/buildkite/go-pipeline v0.3.2/go.mod h1:iY5jzs3Afc8yHg6KDUcu3EJVkfaUkd9x/v/OH98qyUA=
 github.com/buildkite/interpolate v0.0.0-20200526001904-07f35b4ae251 h1:k6UDF1uPYOs0iy1HPeotNa155qXRWrzKnqAaGXHLZCE=
 github.com/buildkite/interpolate v0.0.0-20200526001904-07f35b4ae251/go.mod h1:gbPR1gPu9dB96mucYIR7T3B7p/78hRVSOuzIWLHK2Y4=
-github.com/bytecodealliance/wasmtime-go/v37 v37.0.0 h1:DPjdn2V3JhXHMoZ2ymRqGK+y1bDyr9wgpyYCvhjMky8=
+github.com/bytecodealliance/wasmtime-go/v39 v39.0.1 h1:RibaT47yiyCRxMOj/l2cvL8cWiWBSqDXHyqsa9sGcCE=
-github.com/bytecodealliance/wasmtime-go/v37 v37.0.0/go.mod h1:Pf1l2JCTUFMnOqDIwkjzx1qfVJ09xbaXETKgRVE4jZ0=
+github.com/bytecodealliance/wasmtime-go/v39 v39.0.1/go.mod h1:miR4NYIEBXeDNamZIzpskhJ0z/p8al+lwMWylQ/ZJb4=
 github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8=
 github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
 github.com/cenkalti/backoff/v5 v5.0.3 h1:ZN+IMa753KfX5hd8vVaMixjnqRZ3y8CuJKRKj1xcsSM=
@@ -370,8 +370,8 @@ github.com/containerd/platforms v1.0.0-rc.2 h1:0SPgaNZPVWGEi4grZdV8VRYQn78y+nm6a
 github.com/containerd/platforms v1.0.0-rc.2/go.mod h1:J71L7B+aiM5SdIEqmd9wp6THLVRzJGXfNuWCZCllLA4=
 github.com/containerd/plugin v1.0.0 h1:c8Kf1TNl6+e2TtMHZt+39yAPDbouRH9WAToRjex483Y=
 github.com/containerd/plugin v1.0.0/go.mod h1:hQfJe5nmWfImiqT1q8Si3jLv3ynMUIBB47bQ+KexvO8=
-github.com/containerd/stargz-snapshotter/estargz v0.17.0 h1:+TyQIsR/zSFI1Rm31EQBwpAA1ovYgIKHy7kctL3sLcE=
+github.com/containerd/stargz-snapshotter/estargz v0.18.1 h1:cy2/lpgBXDA3cDKSyEfNOFMA/c10O1axL69EU7iirO8=
-github.com/containerd/stargz-snapshotter/estargz v0.17.0/go.mod h1:s06tWAiJcXQo9/8AReBCIo/QxcXFZ2n4qfsRnpl71SM=
+github.com/containerd/stargz-snapshotter/estargz v0.18.1/go.mod h1:ALIEqa7B6oVDsrF37GkGN20SuvG/pIMm7FwP7ZmRb0Q=
 github.com/containerd/ttrpc v1.2.7 h1:qIrroQvuOL9HQ1X6KHe2ohc7p+HP/0VE6XPU7elJRqQ=
 github.com/containerd/ttrpc v1.2.7/go.mod h1:YCXHsb32f+Sq5/72xHubdiJRQY9inL4a4ZQrAbN1q9o=
 github.com/containerd/typeurl/v2 v2.2.3 h1:yNA/94zxWdvYACdYO8zofhrTVuQY73fFU1y++dYSw40=
@@ -424,8 +424,8 @@ github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5
 github.com/dlclark/regexp2 v1.4.0/go.mod h1:2pZnwuY/m+8K6iRw6wQdMtk+rH5tNGR1i55kozfMjCc=
 github.com/dlclark/regexp2 v1.11.0 h1:G/nrcoOa7ZXlpoa/91N3X7mM3r8eIlMBBJZvsz/mxKI=
 github.com/dlclark/regexp2 v1.11.0/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8=
-github.com/docker/cli v29.0.3+incompatible h1:8J+PZIcF2xLd6h5sHPsp5pvvJA+Sr2wGQxHkRl53a1E=
+github.com/docker/cli v29.1.3+incompatible h1:+kz9uDWgs+mAaIZojWfFt4d53/jv0ZUOOoSh5ZnH36c=
-github.com/docker/cli v29.0.3+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
+github.com/docker/cli v29.1.3+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk=
 github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
 github.com/docker/docker v28.5.2+incompatible h1:DBX0Y0zAjZbSrm1uzOkdr1onVghKaftjlSWt4AFexzM=
@@ -508,8 +508,8 @@ github.com/go-git/go-billy/v5 v5.6.2 h1:6Q86EsPXMa7c3YZ3aLAQsMA0VlWmy43r6FHqa/UN
 github.com/go-git/go-billy/v5 v5.6.2/go.mod h1:rcFC2rAsp/erv7CMz9GczHcuD0D32fWzH+MJAU+jaUU=
 github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMje31YglSBqCdIqdhKBW8lokaMrL3uTkpGYlE2OOT4=
 github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399/go.mod h1:1OCfN199q1Jm3HZlxleg+Dw/mwps2Wbk9frAWm+4FII=
-github.com/go-git/go-git/v5 v5.16.3 h1:Z8BtvxZ09bYm/yYNgPKCzgWtaRqDTgIKRgIRHBfU6Z8=
+github.com/go-git/go-git/v5 v5.16.4 h1:7ajIEZHZJULcyJebDLo99bGgS0jRrOxzZG4uCk2Yb2Y=
-github.com/go-git/go-git/v5 v5.16.3/go.mod h1:4Ge4alE/5gPs30F2H1esi2gPd69R0C39lolkucHBOp8=
+github.com/go-git/go-git/v5 v5.16.4/go.mod h1:4Ge4alE/5gPs30F2H1esi2gPd69R0C39lolkucHBOp8=
 github.com/go-gorp/gorp/v3 v3.1.0 h1:ItKF/Vbuj31dmV4jxA1qblpSwkl9g1typ24xoe70IGs=
 github.com/go-gorp/gorp/v3 v3.1.0/go.mod h1:dLEjIyyRNiXvNZ8PSmzpt1GsWAUK8kjVhEpjH8TixEw=
 github.com/go-ini/ini v1.67.0 h1:z6ZrTEZqSWOTyH2FlglNbNgARyHG8oLW9gMELqKr06A=
@@ -598,10 +598,10 @@ github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJA
 github.com/goccy/go-json v0.10.5 h1:Fq85nIqj+gXn/S5ahsiTlK3TmC85qgirsdTP/+DeaC4=
 github.com/goccy/go-json v0.10.5/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
 github.com/goccy/go-yaml v1.8.1/go.mod h1:wS4gNoLalDSJxo/SpngzPQ2BN4uuZVLCmbM4S3vd4+Y=
-github.com/goccy/go-yaml v1.15.23 h1:WS0GAX1uNPDLUvLkNU2vXq6oTnsmfVFocjQ/4qA48qo=
+github.com/goccy/go-yaml v1.19.0 h1:EmkZ9RIsX+Uq4DYFowegAuJo8+xdX3T/2dwNPXbxEYE=
-github.com/goccy/go-yaml v1.15.23/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA=
+github.com/goccy/go-yaml v1.19.0/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA=
-github.com/gocsaf/csaf/v3 v3.4.0 h1:rzVTiA5WmzTHumgGfK/823h0zQ0y4WAS+Rorhcm2LDE=
+github.com/gocsaf/csaf/v3 v3.5.0 h1:tj8l1vK2V8GwjCh3axwKF/yJ9d28xuFn3NsZDdPSkJ8=
-github.com/gocsaf/csaf/v3 v3.4.0/go.mod h1:MmKPoT9IhckqbC590XvKbCkRstuba9vbL+HT3bsuQLk=
+github.com/gocsaf/csaf/v3 v3.5.0/go.mod h1:JKOjRGPvEFalUm5u2vP1itqqgUaojWTpBtGlhEUI7g0=
 github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk=
 github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/gofrs/flock v0.13.0 h1:95JolYOvGMqeH31+FC7D2+uULf6mG61mEZ/A8dRYMzw=
@@ -662,8 +662,8 @@ github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeN
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
 github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
-github.com/google/go-containerregistry v0.20.6 h1:cvWX87UxxLgaH76b4hIvya6Dzz9qHB31qAwjAohdSTU=
+github.com/google/go-containerregistry v0.20.7 h1:24VGNpS0IwrOZ2ms2P1QE3Xa5X9p4phx0aUgzYzHW6I=
-github.com/google/go-containerregistry v0.20.6/go.mod h1:T0x8MuoAoKX/873bkeSfLD2FAkwCDf9/HZgsFJ02E2Y=
+github.com/google/go-containerregistry v0.20.7/go.mod h1:Lx5LCZQjLH1QBaMPeGwsME9biPeo1lPx6lbGj/UmzgM=
 github.com/google/go-github/v31 v31.0.0 h1:JJUxlP9lFK+ziXKimTCprajMApV1ecWD4NB6CCb0plo=
 github.com/google/go-github/v31 v31.0.0/go.mod h1:NQPZol8/1sMoWYGN2yaALIBytu17gAWfhbweiEed3pM=
 github.com/google/go-github/v55 v55.0.0 h1:4pp/1tNMB9X/LuAhs5i0KQAE40NmiR/y6prLNb9x9cg=
@@ -737,8 +737,8 @@ github.com/hashicorp/go-sockaddr v1.0.5 h1:dvk7TIXCZpmfOlM+9mlcrWmWjw/wlKT+VDq2w
 github.com/hashicorp/go-sockaddr v1.0.5/go.mod h1:uoUUmtwU7n9Dv3O4SNLeFvg0SxQ3lyjsj6+CCykpaxI=
 github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8=
 github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
-github.com/hashicorp/go-version v1.7.0 h1:5tqGy27NaOTB8yJKUZELlFAS/LTKJkrmONwQKeRZfjY=
+github.com/hashicorp/go-version v1.8.0 h1:KAkNb1HAiZd1ukkxDFGmokVZe1Xy9HG6NUp+bPle2i4=
-github.com/hashicorp/go-version v1.7.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
+github.com/hashicorp/go-version v1.8.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
 github.com/hashicorp/golang-lru/arc/v2 v2.0.5 h1:l2zaLDubNhW4XO3LnliVj0GXO3+/CGNJAg1dcN2Fpfw=
 github.com/hashicorp/golang-lru/arc/v2 v2.0.5/go.mod h1:ny6zBSQZi2JxIeYcv7kt2sH2PXJtirBN7RDhRpxPkxU=
 github.com/hashicorp/golang-lru/v2 v2.0.7 h1:a+bsQ5rvGLjzHuww6tVxozPZFVghXaHOwFs4luLUK2k=
@@ -784,6 +784,8 @@ github.com/jmhodges/clock v1.2.0 h1:eq4kys+NI0PLngzaHEe7AmPT90XMGIEySD1JfV1PDIs=
 github.com/jmhodges/clock v1.2.0/go.mod h1:qKjhA7x7u/lQpPB1XAqX1b1lCI/w3/fNuYpI/ZjLynI=
 github.com/jmoiron/sqlx v1.4.0 h1:1PLqN7S1UYp5t4SrVVnt4nUVNemrDAtxlulVe+Qgm3o=
 github.com/jmoiron/sqlx v1.4.0/go.mod h1:ZrZ7UsYB/weZdl2Bxg6jCRO9c3YHl8r3ahlKmRT4JLY=
 github.com/josephburnett/jd/v2 v2.3.0 h1:AyNT0zSStJ2j28zutWDO4fkc95JoICryWQRmDTRzPTQ=
 github.com/josephburnett/jd/v2 v2.3.0/go.mod h1:0I5+gbo7y8diuajJjm79AF44eqTheSJy1K7DSbIUFAQ=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
 github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4=
@@ -834,8 +836,8 @@ github.com/lestrrat-go/httpcc v1.0.1 h1:ydWCStUeJLkpYyjLDHihupbn2tYmZ7m22BGkcvZZ
 github.com/lestrrat-go/httpcc v1.0.1/go.mod h1:qiltp3Mt56+55GPVCbTdM9MlqhvzyuL6W/NMDA8vA5E=
 github.com/lestrrat-go/httprc/v3 v3.0.1 h1:3n7Es68YYGZb2Jf+k//llA4FTZMl3yCwIjFIk4ubevI=
 github.com/lestrrat-go/httprc/v3 v3.0.1/go.mod h1:2uAvmbXE4Xq8kAUjVrZOq1tZVYYYs5iP62Cmtru00xk=
-github.com/lestrrat-go/jwx/v3 v3.0.11 h1:yEeUGNUuNjcez/Voxvr7XPTYNraSQTENJgtVTfwvG/w=
+github.com/lestrrat-go/jwx/v3 v3.0.12 h1:p25r68Y4KrbBdYjIsQweYxq794CtGCzcrc5dGzJIRjg=
-github.com/lestrrat-go/jwx/v3 v3.0.11/go.mod h1:XSOAh2SiXm0QgRe3DulLZLyt+wUuEdFo81zuKTLcvgQ=
+github.com/lestrrat-go/jwx/v3 v3.0.12/go.mod h1:HiUSaNmMLXgZ08OmGBaPVvoZQgJVOQphSrGr5zMamS8=
 github.com/lestrrat-go/option v1.0.1 h1:oAzP2fvZGQKWkvHa1/SAcFolBEca1oN+mQ7eooNBEYU=
 github.com/lestrrat-go/option v1.0.1/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I=
 github.com/lestrrat-go/option/v2 v2.0.0 h1:XxrcaJESE1fokHy3FpaQ/cXW8ZsIdWcdFzzLOcID3Ss=
@@ -900,8 +902,8 @@ github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyua
 github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ=
 github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
-github.com/moby/buildkit v0.26.2 h1:EIh5j0gzRsCZmQzvgNNWzSDbuKqwUIiBH7ssqLv8RU8=
+github.com/moby/buildkit v0.26.3 h1:D+ruZVAk/3ipRq5XRxBH9/DIFpRjSlTtMbghT5gQP9g=
-github.com/moby/buildkit v0.26.2/go.mod h1:ylDa7IqzVJgLdi/wO7H1qLREFQpmhFbw2fbn4yoTw40=
+github.com/moby/buildkit v0.26.3/go.mod h1:4T4wJzQS4kYWIfFRjsbJry4QoxDBjK+UGOEOs1izL7w=
 github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0=
 github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo=
 github.com/moby/go-archive v0.1.0 h1:Kk/5rdW/g+H8NHdJW2gsXyZ7UnzvJNOy6VKJqueWdcQ=
@@ -910,8 +912,8 @@ github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg=
 github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc=
 github.com/moby/moby/api v1.52.0 h1:00BtlJY4MXkkt84WhUZPRqt5TvPbgig2FZvTbe3igYg=
 github.com/moby/moby/api v1.52.0/go.mod h1:8mb+ReTlisw4pS6BRzCMts5M49W5M7bKt1cJy/YbAqc=
-github.com/moby/moby/client v0.1.0 h1:nt+hn6O9cyJQqq5UWnFGqsZRTS/JirUqzPjEl0Bdc/8=
+github.com/moby/moby/client v0.2.1 h1:1Grh1552mvv6i+sYOdY+xKKVTvzJegcVMhuXocyDz/k=
-github.com/moby/moby/client v0.1.0/go.mod h1:O+/tw5d4a1Ha/ZA/tPxIZJapJRUS6LNZ1wiVRxYHyUE=
+github.com/moby/moby/client v0.2.1/go.mod h1:O+/tw5d4a1Ha/ZA/tPxIZJapJRUS6LNZ1wiVRxYHyUE=
 github.com/moby/patternmatcher v0.6.0 h1:GmP9lR19aU5GqSSFko+5pRqHi+Ohk1O69aFiKkVGiPk=
 github.com/moby/patternmatcher v0.6.0/go.mod h1:hDPoyOpDY7OrrMDLaYoY3hf52gNCR/YOUYxkhApJIxc=
 github.com/moby/spdystream v0.5.0 h1:7r0J1Si3QO/kjRitvSLVVFUjxMEb/YLj6S9FF62JBCU=
@@ -949,6 +951,8 @@ github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+
 github.com/ncruces/go-strftime v0.1.9 h1:bY0MQC28UADQmHmaF5dgpLmImcShSi2kHU9XLdhx/f4=
 github.com/ncruces/go-strftime v0.1.9/go.mod h1:Fwc5htZGVVkseilnfgOVb9mKy6w1naJmn9CehxcKcls=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
 github.com/nikolalohinski/gonja/v2 v2.4.2 h1:1tmj/ICrskH8/9dtuQ9MNnQsyId4AkUe9qlCFmVQ9eI=
 github.com/nikolalohinski/gonja/v2 v2.4.2/go.mod h1:UIzXPVuOsr5h7dZ5DUbqk3/Z7oFA/NLGQGMjqT4L2aU=
 github.com/nozzle/throttler v0.0.0-20180817012639-2ea982251481 h1:Up6+btDp321ZG5/zdSLo48H9Iaq0UQGthrhWC6pCxzE=
 github.com/nozzle/throttler v0.0.0-20180817012639-2ea982251481/go.mod h1:yKZQO8QE2bHlgozqWDiRVqTFlLQSj30K/6SAK8EeYFw=
 github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
@@ -973,10 +977,10 @@ github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7J
 github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
 github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY=
 github.com/onsi/gomega v1.19.0/go.mod h1:LY+I3pBVzYsTBU1AnDwOSxaYi9WoWiqgwooUqq9yPro=
-github.com/onsi/gomega v1.36.3 h1:hID7cr8t3Wp26+cYnfcjR6HpJ00fdogN6dqZ1t6IylU=
+github.com/onsi/gomega v1.37.0 h1:CdEG8g0S133B4OswTDC/5XPSzE1OeP29QOioj2PID2Y=
-github.com/onsi/gomega v1.36.3/go.mod h1:8D9+Txp43QWKhM24yyOBEdpkzN8FvJyAwecBgsU4KU0=
+github.com/onsi/gomega v1.37.0/go.mod h1:8D9+Txp43QWKhM24yyOBEdpkzN8FvJyAwecBgsU4KU0=
-github.com/open-policy-agent/opa v1.10.1 h1:haIvxZSPky8HLjRrvQwWAjCPLg8JDFSZMbbG4yyUHgY=
+github.com/open-policy-agent/opa v1.11.0 h1:eOd/jJrbavakiX477yT4LrXZfUWViAot/AsKsjsfe7o=
-github.com/open-policy-agent/opa v1.10.1/go.mod h1:7uPI3iRpOalJ0BhK6s1JALWPU9HvaV1XeBSSMZnr/PM=
+github.com/open-policy-agent/opa v1.11.0/go.mod h1:QimuJO4T3KYxWzrmAymqlFvsIanCjKrGjmmC8GgAdgE=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040=
@@ -1039,10 +1043,10 @@ github.com/protocolbuffers/txtpbfmt v0.0.0-20231025115547-084445ff1adf h1:014O62
 github.com/protocolbuffers/txtpbfmt v0.0.0-20231025115547-084445ff1adf/go.mod h1:jgxiZysxFPM+iWKwQwPR+y+Jvo54ARd4EisXxKYpB5c=
 github.com/quasilyte/go-ruleguard/dsl v0.3.23 h1:lxjt5B6ZCiBeeNO8/oQsegE6fLeCzuMRoVWSkXC4uvY=
 github.com/quasilyte/go-ruleguard/dsl v0.3.23/go.mod h1:KeCP03KrjuSO0H1kTuZQCWlQPulDV6YMIXmpQss17rU=
-github.com/quic-go/qpack v0.5.1 h1:giqksBPnT/HDtZ6VhtFKgoLOWmlyo9Ei6u9PqzIMbhI=
+github.com/quic-go/qpack v0.6.0 h1:g7W+BMYynC1LbYLSqRt8PBg5Tgwxn214ZZR34VIOjz8=
-github.com/quic-go/qpack v0.5.1/go.mod h1:+PC4XFrEskIVkcLzpEkbLqq1uCoxPhQuvK5rH1ZgaEg=
+github.com/quic-go/qpack v0.6.0/go.mod h1:lUpLKChi8njB4ty2bFLX2x4gzDqXwUpaO1DP9qMDZII=
-github.com/quic-go/quic-go v0.54.1 h1:4ZAWm0AhCb6+hE+l5Q1NAL0iRn/ZrMwqHRGQiFwj2eg=
+github.com/quic-go/quic-go v0.57.0 h1:AsSSrrMs4qI/hLrKlTH/TGQeTMY0ib1pAOX7vA3AdqE=
-github.com/quic-go/quic-go v0.54.1/go.mod h1:e68ZEaCdyviluZmy44P6Iey98v/Wfz6HCjQEm+l8zTY=
+github.com/quic-go/quic-go v0.57.0/go.mod h1:ly4QBAjHA2VhdnxhojRsCUOeJwKYg+taDlos92xb1+s=
 github.com/rcrowley/go-metrics v0.0.0-20250401214520-65e299d6c5c9 h1:bsUq1dX0N8AOIL7EB/X911+m4EHsnWEHeJ0c+3TTBrg=
 github.com/rcrowley/go-metrics v0.0.0-20250401214520-65e299d6c5c9/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
 github.com/redis/go-redis/extra/rediscmd/v9 v9.0.5 h1:EaDatTxkdHG+U3Bk4EUr+DZ7fOGwTfezUiUJMaIcaho=
@@ -1085,8 +1089,8 @@ github.com/sassoftware/relic/v7 v7.6.2 h1:rS44Lbv9G9eXsukknS4mSjIAuuX+lMq/FnStgm
 github.com/sassoftware/relic/v7 v7.6.2/go.mod h1:kjmP0IBVkJZ6gXeAu35/KCEfca//+PKM6vTAsyDPY+k=
 github.com/secure-systems-lab/go-securesystemslib v0.9.1 h1:nZZaNz4DiERIQguNy0cL5qTdn9lR8XKHf4RUyG1Sx3g=
 github.com/secure-systems-lab/go-securesystemslib v0.9.1/go.mod h1:np53YzT0zXGMv6x4iEWc9Z59uR+x+ndLwCLqPYpLXVU=
-github.com/segmentio/asm v1.2.0 h1:9BQrFxC+YOHJlTlHGkTrFWf59nbL3XnCoFLTwDCI7ys=
+github.com/segmentio/asm v1.2.1 h1:DTNbBqs57ioxAD4PrArqftgypG4/qNpXoJx8TVXxPR0=
-github.com/segmentio/asm v1.2.0/go.mod h1:BqMnlJP91P8d+4ibuonYZw9mfnzI9HfxselHZr5aAcs=
+github.com/segmentio/asm v1.2.1/go.mod h1:BqMnlJP91P8d+4ibuonYZw9mfnzI9HfxselHZr5aAcs=
 github.com/segmentio/encoding v0.5.3 h1:OjMgICtcSFuNvQCdwqMCv9Tg7lEOXGwm1J5RPQccx6w=
 github.com/segmentio/encoding v0.5.3/go.mod h1:HS1ZKa3kSN32ZHVZ7ZLPLXWvOVIiZtyJnO1gPH1sKt0=
 github.com/segmentio/ksuid v1.0.4 h1:sBo2BdShXjmcugAMwjugoGUdUV0pcxY5mW4xKRn3v4c=
@@ -1142,8 +1146,8 @@ github.com/spf13/cast v1.10.0 h1:h2x0u2shc1QuLHfxi+cTJvs30+ZAHOGRic8uyGTDWxY=
 github.com/spf13/cast v1.10.0/go.mod h1:jNfB8QC9IA6ZuY2ZjDp0KtFO2LZZlg4S/7bzP6qqeHo=
 github.com/spf13/cobra v0.0.0-20170130214531-35136c09d8da/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
 github.com/spf13/cobra v1.4.0/go.mod h1:Wo4iy3BUC+X2Fybo0PDqwJIv3dNRiZLHQymsfxlB84g=
-github.com/spf13/cobra v1.10.1 h1:lJeBwCfmrnXthfAupyUTzJ/J4Nc1RsHC/mSRU2dll/s=
+github.com/spf13/cobra v1.10.2 h1:DMTTonx5m65Ic0GOoRY2c16WCbHxOOw6xxezuLaBpcU=
-github.com/spf13/cobra v1.10.1/go.mod h1:7SmJGaTHFVBY0jW4NXGluQoLvhqFQM+6XSKD+P4XaB0=
+github.com/spf13/cobra v1.10.2/go.mod h1:7C1pvHqHw5A4vrJfjNwvOdzYu0Gml16OCs2GRiTUUS4=
 github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/spf13/pflag v1.0.9/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
@@ -1226,8 +1230,8 @@ github.com/valyala/fastjson v1.6.4 h1:uAUNq9Z6ymTgGhcm0UynUAB6tlbakBrz6CQFax3BXV
 github.com/valyala/fastjson v1.6.4/go.mod h1:CLCAqky6SMuOcxStkYQvblddUtoRxhYMGLrsQns1aXY=
 github.com/vbatts/tar-split v0.12.2 h1:w/Y6tjxpeiFMR47yzZPlPj/FcPLpXbTUi/9H7d3CPa4=
 github.com/vbatts/tar-split v0.12.2/go.mod h1:eF6B6i6ftWQcDqEn3/iGFRFRo8cBIMSJVOpnNdfTMFA=
-github.com/vektah/gqlparser/v2 v2.5.30 h1:EqLwGAFLIzt1wpx1IPpY67DwUujF1OfzgEyDsLrN6kE=
+github.com/vektah/gqlparser/v2 v2.5.31 h1:YhWGA1mfTjID7qJhd1+Vxhpk5HTgydrGU9IgkWBTJ7k=
-github.com/vektah/gqlparser/v2 v2.5.30/go.mod h1:D1/VCZtV3LPnQrcPBeR/q5jkSQIPti0uYCP/RI0gIeo=
+github.com/vektah/gqlparser/v2 v2.5.31/go.mod h1:c1I28gSOVNzlfc4WuDlqU7voQnsqI6OG2amkBAFmgts=
 github.com/vmihailenco/msgpack/v4 v4.3.12/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+NXzzngzBKDPIqw4=
 github.com/vmihailenco/msgpack/v5 v5.4.1 h1:cQriyiUvjTwOHg8QZaPihLWeRAAVoCpE00IUPn0Bjt8=
 github.com/vmihailenco/msgpack/v5 v5.4.1/go.mod h1:GaZTsDaehaPpQVyxrf5mtQlH+pc21PIudVV/E3rRQok=
@@ -1351,13 +1355,15 @@ go.yaml.in/yaml/v2 v2.4.2 h1:DzmwEr2rDGHl7lsFgAHxmNz/1NlQ7xLIrlN2h5d1eGI=
 go.yaml.in/yaml/v2 v2.4.2/go.mod h1:081UH+NErpNdqlCXm3TtEran0rJZGxAYx9hb/ELlsPU=
 go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc=
 go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg=
 go.yaml.in/yaml/v4 v4.0.0-rc.3 h1:3h1fjsh1CTAPjW7q/EMe+C8shx5d8ctzZTrLcs/j8Go=
 go.yaml.in/yaml/v4 v4.0.0-rc.3/go.mod h1:aZqd9kCMsGL7AuUv/m/PvWLdg5sjJsZ4oHDEnfPPfY0=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8=
 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.45.0 h1:jMBrvKuj23MTlT0bQEOBcAE0mjg8mK9RXFhRH6nyF3Q=
+golang.org/x/crypto v0.46.0 h1:cKRW/pmt1pKAfetfu+RCEvjvZkA9RimPbh7bhFjGVBU=
-golang.org/x/crypto v0.45.0/go.mod h1:XTGrrkGJve7CYK7J8PEww4aY7gM3qMCElcJQ8n8JdX4=
+golang.org/x/crypto v0.46.0/go.mod h1:Evb/oLKmMraqjZ2iQTwDwvCtJkczlDuTmdJXoZVzqU0=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20250911091902-df9299821621 h1:2id6c1/gto0kaHYyrixvknJ8tUK/Qs5IsmBtrc+FtgU=
 golang.org/x/exp v0.0.0-20250911091902-df9299821621/go.mod h1:TwQYMMnGpvZyc+JpB/UAuTNIsVJifOlSkrZkhcvpVUk=
@@ -1366,8 +1372,8 @@ golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvx
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.30.0 h1:fDEXFVZ/fmCKProc/yAXXUijritrDzahmwwefnjoPFk=
+golang.org/x/mod v0.31.0 h1:HaW9xtz0+kOcWKwli0ZXy79Ix+UW/vOfmWI5QVd2tgI=
-golang.org/x/mod v0.30.0/go.mod h1:lAsf5O2EvJeSFMiBxXDki7sCgAxEUcZHXoXMKT4GJKc=
+golang.org/x/mod v0.31.0/go.mod h1:43JraMp9cGx1Rx3AqioxrbrhNsLl2l/iNAvuBkrezpg=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -1386,18 +1392,18 @@ golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220607020251-c690dde0001d/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
-golang.org/x/net v0.47.0 h1:Mx+4dIFzqraBXUugkia1OOvlD6LemFo1ALMHjrXDOhY=
+golang.org/x/net v0.48.0 h1:zyQRTTrjc33Lhh0fBgT/H3oZq9WuvRR5gPC70xpDiQU=
-golang.org/x/net v0.47.0/go.mod h1:/jNxtkgq5yWUGYkaZGqo27cfGZ1c5Nen03aYrrKpVRU=
+golang.org/x/net v0.48.0/go.mod h1:+ndRgGjkh8FGtu1w1FGbEC31if4VrNVMuKTgcAAnQRY=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.32.0 h1:jsCblLleRMDrxMN29H3z/k1KliIvpLgCkE6R8FXXNgY=
+golang.org/x/oauth2 v0.33.0 h1:4Q+qn+E5z8gPRJfmRy7C2gGG3T4jIprK6aSYgTXGRpo=
-golang.org/x/oauth2 v0.32.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA=
+golang.org/x/oauth2 v0.33.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.18.0 h1:kr88TuHDroi+UVf+0hZnirlk8o8T+4MrK6mr60WkH/I=
+golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4=
-golang.org/x/sync v0.18.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
+golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -1431,22 +1437,22 @@ golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.38.0 h1:3yZWxaJjBmCWXqhN1qh02AkOnCQ1poK6oF+a7xWL6Gc=
+golang.org/x/sys v0.39.0 h1:CvCKL8MeisomCi6qNZ+wbb0DN9E5AATixKsvNtMoMFk=
-golang.org/x/sys v0.38.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
-golang.org/x/telemetry v0.0.0-20251008203120-078029d740a8 h1:LvzTn0GQhWuvKH/kVRS3R3bVAsdQWI7hvfLHGgh9+lU=
+golang.org/x/telemetry v0.0.0-20251203150158-8fff8a5912fc h1:bH6xUXay0AIFMElXG2rQ4uiE+7ncwtiOdPfYK1NK2XA=
-golang.org/x/telemetry v0.0.0-20251008203120-078029d740a8/go.mod h1:Pi4ztBfryZoJEkyFTI5/Ocsu2jXyDr6iSdgJiYE/uwE=
+golang.org/x/telemetry v0.0.0-20251203150158-8fff8a5912fc/go.mod h1:hKdjCMrbv9skySur+Nek8Hd0uJ0GuxJIoIX2payrIdQ=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.37.0 h1:8EGAD0qCmHYZg6J17DvsMy9/wJ7/D/4pV/wfnld5lTU=
+golang.org/x/term v0.38.0 h1:PQ5pkm/rLO6HnxFR7N2lJHOZX6Kez5Y1gDSJla6jo7Q=
-golang.org/x/term v0.37.0/go.mod h1:5pB4lxRNYYVZuTLmy8oR2BH8dflOR+IbTYFD8fi3254=
+golang.org/x/term v0.38.0/go.mod h1:bSEAKrOT1W+VSu9TSCMtoGEOUcKxOKgl3LE5QEF/xVg=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/text v0.31.0 h1:aC8ghyu4JhP8VojJ2lEHBnochRno1sgL6nEi9WGFGMM=
+golang.org/x/text v0.32.0 h1:ZD01bjUt1FQ9WJ0ClOL5vxgxOI/sVCNgX1YtKwcY0mU=
-golang.org/x/text v0.31.0/go.mod h1:tKRAlv61yKIjGGHX/4tP1LTbc13YSec1pxVEWXzfoeM=
+golang.org/x/text v0.32.0/go.mod h1:o/rUWzghvpD5TXrTIBuJU77MTaN0ljMWE47kxGJQ7jY=
 golang.org/x/time v0.14.0 h1:MRx4UaLrDotUKUdCIqzPC48t1Y9hANFKIRpNx+Te8PI=
 golang.org/x/time v0.14.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@@ -1458,14 +1464,14 @@ golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtn
 golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.38.0 h1:Hx2Xv8hISq8Lm16jvBZ2VQf+RLmbd7wVUsALibYI/IQ=
+golang.org/x/tools v0.40.0 h1:yLkxfA+Qnul4cs9QA3KnlFu0lVmd8JJfoq+E41uSutA=
-golang.org/x/tools v0.38.0/go.mod h1:yEsQ/d/YK8cjh0L6rZlY8tgtlKiBNTL14pGDJPJpYQs=
+golang.org/x/tools v0.40.0/go.mod h1:Ik/tzLRlbscWpqqMRjyWYDisX8bG13FrdXp3o4Sr9lc=
 golang.org/x/tools/go/expect v0.1.1-deprecated h1:jpBZDwmgPhXsKZC6WhL20P4b/wmnpsEAGHaNy0n/rJM=
 golang.org/x/tools/go/expect v0.1.1-deprecated/go.mod h1:eihoPOH+FgIqa3FpoTwguz/bVUSGBlGQU67vpBeOrBY=
 golang.org/x/tools/go/packages/packagestest v0.1.1-deprecated h1:1h2MnaIAIXISqTFKdENegdpAgUXz6NrPEsbIeWaBRvM=
 golang.org/x/tools/go/packages/packagestest v0.1.1-deprecated/go.mod h1:RVAQXBGNv1ib0J382/DPCRS/BPnsGebyM1Gj5VSDpG8=
-golang.org/x/tools/gopls v0.0.0-20251008221726-a22b5e8a9b8d h1:6bY3I4SaYYyjRr2TVIK+OHCsZi4p+/JML81sG2SQqV0=
+golang.org/x/tools/gopls v0.21.0 h1:k8RlBm3ES+GVe+fbTSkzwKgarmNwN+6aDalb0T0xfag=
-golang.org/x/tools/gopls v0.0.0-20251008221726-a22b5e8a9b8d/go.mod h1:X0eOMgDrjTIsou7ZNWeP60nlRFUVEtxFuzXzwUa2e8s=
+golang.org/x/tools/gopls v0.21.0/go.mod h1:x/34IonzHuKpDDlMUjYezcjbwNOJ32FtrYOLqAuOmNo=
 golang.org/x/vuln v1.1.4 h1:Ju8QsuyhX3Hk8ma3CesTbO8vfJD9EvUBgHvkxHBzj0I=
 golang.org/x/vuln v1.1.4/go.mod h1:F+45wmU18ym/ca5PLTPLsSzr2KppzswxPP603ldA67s=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -1518,8 +1524,6 @@ gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8
 gopkg.in/check.v1 v1.0.0-20200902074654-038fdea0a05b/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
 gopkg.in/cheggaaa/pb.v1 v1.0.28 h1:n1tBJnnK2r7g9OW2btFH91V92STTUevLXYFb8gy9EMk=
 gopkg.in/cheggaaa/pb.v1 v1.0.28/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw=
 gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSPG+6V4=
 gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M=
 gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
--- a/helm/trivy/Chart.yaml
+++ b/helm/trivy/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v2
 name: trivy
-version: 0.19.1
+version: 0.20.1
-appVersion: 0.67.2
+appVersion: 0.68.2
 description: Trivy helm chart
 keywords:
  - scanner
--- a/helm/trivy/README.md
+++ b/helm/trivy/README.md
@@ -78,6 +78,7 @@ The following table lists the configurable parameters of the Trivy chart and the
 | `trivy.existingSecret`                | existingSecret if an existing secret has been created outside the chart. Overrides gitHubToken, registryUsername, registryPassword, serverToken | `` |
 | `trivy.podAnnotations`                | Annotations for pods created by statefulset                             | `{}` |
 | `trivy.extraEnvVars`                  | extraEnvVars to be set on the container                                 | `{}` |
 | `trivy.sslCertDir`                    | Can be used to override the system default locations for SSL certificate files directory, example: `/ssl/certs` | `` |
 | `service.name`                        | If specified, the name used for the Trivy service                       |     |
 | `service.type`                        | Kubernetes service type                                                 | `ClusterIP` |
 | `service.port`                        | Kubernetes service port                                                 | `4954`      |
--- a/helm/trivy/templates/configmap.yaml
+++ b/helm/trivy/templates/configmap.yaml
@@ -27,3 +27,6 @@ data:
 {{- with .Values.trivy.extraEnvVars }}
  {{- . | toYaml | nindent 2 }}
 {{- end }}
 {{- if .Values.trivy.sslCertDir }}
  SSL_CERT_DIR: {{ .Values.trivy.sslCertDir | quote }}
 {{- end }}
--- a/helm/trivy/templates/statefulset.yaml
+++ b/helm/trivy/templates/statefulset.yaml
@@ -17,7 +17,7 @@ spec:
      app.kubernetes.io/instance: {{ .Release.Name }}
  {{- if .Values.persistence.enabled }}
  volumeClaimTemplates:
-    - apiVersion: v1	
+    - apiVersion: v1
      kind: PersistentVolumeClaim
      metadata:
        name: data
@@ -125,6 +125,11 @@ spec:
            - mountPath: /home/scanner/.cache
              name: data
              readOnly: false
          {{- with .Values.trivy.sslCertDir }}
            - mountPath: {{ . }}
              name: ssl-cert-dir
              readOnly: true
          {{- end }}
          {{- if .Values.resources }}
          resources:
 {{ toYaml .Values.resources | indent 12 }}
@@ -136,3 +141,8 @@ spec:
        - name: data
          emptyDir: {}
        {{- end }}
        {{- with .Values.trivy.sslCertDir }}
        - name: ssl-cert-dir
          hostPath:
            path: {{ . }}
        {{- end }}
--- a/helm/trivy/values.yaml
+++ b/helm/trivy/values.yaml
@@ -128,6 +128,8 @@ trivy:
  existingSecret: ""
  # extraEnvVars to be set on the container
  extraEnvVars: {}
  # sslCertDir can be used to override the system default locations for SSL certificate files directory, example: /ssl/certs
  sslCertDir: ""
 service:
  # If specified, the name used for the Trivy service.
--- a/integration/testdata/almalinux-8.json.golden
+++ b/integration/testdata/almalinux-8.json.golden
@@ -72,7 +72,7 @@
          "PkgName": "openssl-libs",
          "PkgIdentifier": {
            "PURL": "pkg:rpm/alma/openssl-libs@1.1.1k-4.el8?arch=x86_64\u0026distro=alma-8.5\u0026epoch=1",
-            "UID": "3f965238234faa63"
+            "UID": "3ff1aff39832f37f"
          },
          "InstalledVersion": "1:1.1.1k-4.el8",
          "FixedVersion": "1:1.1.1k-5.el8_5",
--- a/integration/testdata/amazon-1.json.golden
+++ b/integration/testdata/amazon-1.json.golden
@@ -73,7 +73,7 @@
          "PkgName": "curl",
          "PkgIdentifier": {
            "PURL": "pkg:rpm/amazon/curl@7.61.1-11.91.amzn1?arch=x86_64\u0026distro=amazon-AMI+release+2018.03",
-            "UID": "9fafb1be522b1e7"
+            "UID": "6120700171ade460"
          },
          "InstalledVersion": "7.61.1-11.91.amzn1",
          "FixedVersion": "7.61.1-12.93.amzn1",
--- a/integration/testdata/amazon-2.json.golden
+++ b/integration/testdata/amazon-2.json.golden
@@ -73,7 +73,7 @@
          "PkgName": "curl",
          "PkgIdentifier": {
            "PURL": "pkg:rpm/amazon/curl@7.61.1-9.amzn2.0.1?arch=x86_64\u0026distro=amazon-2+%28Karoo%29",
-            "UID": "c5998529d683c5c3"
+            "UID": "6ae14ab68a9937a4"
          },
          "InstalledVersion": "7.61.1-9.amzn2.0.1",
          "FixedVersion": "7.61.1-12.amzn2.0.1",
@@ -146,7 +146,7 @@
          "PkgName": "curl",
          "PkgIdentifier": {
            "PURL": "pkg:rpm/amazon/curl@7.61.1-9.amzn2.0.1?arch=x86_64\u0026distro=amazon-2+%28Karoo%29",
-            "UID": "c5998529d683c5c3"
+            "UID": "6ae14ab68a9937a4"
          },
          "InstalledVersion": "7.61.1-9.amzn2.0.1",
          "FixedVersion": "7.61.1-11.amzn2.0.2",
--- a/integration/testdata/centos-6.json.golden
+++ b/integration/testdata/centos-6.json.golden
@@ -95,7 +95,7 @@
          "PkgName": "glibc",
          "PkgIdentifier": {
            "PURL": "pkg:rpm/centos/glibc@2.12-1.212.el6?arch=x86_64\u0026distro=centos-6.10",
-            "UID": "24b11591bb7262c4"
+            "UID": "8a375d9a81c8ed09"
          },
          "InstalledVersion": "2.12-1.212.el6",
          "Status": "end_of_life",
@@ -153,7 +153,7 @@
          "PkgName": "openssl",
          "PkgIdentifier": {
            "PURL": "pkg:rpm/centos/openssl@1.0.1e-57.el6?arch=x86_64\u0026distro=centos-6.10",
-            "UID": "935959fd0ed81eb9"
+            "UID": "3250412c84ceb835"
          },
          "InstalledVersion": "1.0.1e-57.el6",
          "FixedVersion": "1.0.1e-58.el6_10",
--- a/integration/testdata/centos-7-ignore-unfixed.json.golden
+++ b/integration/testdata/centos-7-ignore-unfixed.json.golden
@@ -88,7 +88,7 @@
          "PkgName": "openssl-libs",
          "PkgIdentifier": {
            "PURL": "pkg:rpm/centos/openssl-libs@1.0.2k-16.el7?arch=x86_64\u0026distro=centos-7.6.1810\u0026epoch=1",
-            "UID": "20f09cdcea6545a2"
+            "UID": "74d0a3456f5c43a3"
          },
          "InstalledVersion": "1:1.0.2k-16.el7",
          "FixedVersion": "1:1.0.2k-19.el7",
@@ -183,7 +183,7 @@
          "PkgName": "openssl-libs",
          "PkgIdentifier": {
            "PURL": "pkg:rpm/centos/openssl-libs@1.0.2k-16.el7?arch=x86_64\u0026distro=centos-7.6.1810\u0026epoch=1",
-            "UID": "20f09cdcea6545a2"
+            "UID": "74d0a3456f5c43a3"
          },
          "InstalledVersion": "1:1.0.2k-16.el7",
          "FixedVersion": "1:1.0.2k-19.el7",
--- a/integration/testdata/centos-7-medium.json.golden
+++ b/integration/testdata/centos-7-medium.json.golden
@@ -88,7 +88,7 @@
          "PkgName": "openssl-libs",
          "PkgIdentifier": {
            "PURL": "pkg:rpm/centos/openssl-libs@1.0.2k-16.el7?arch=x86_64\u0026distro=centos-7.6.1810\u0026epoch=1",
-            "UID": "20f09cdcea6545a2"
+            "UID": "74d0a3456f5c43a3"
          },
          "InstalledVersion": "1:1.0.2k-16.el7",
          "FixedVersion": "1:1.0.2k-19.el7",
--- a/integration/testdata/centos-7.json.golden
+++ b/integration/testdata/centos-7.json.golden
@@ -85,7 +85,7 @@
          "PkgName": "bash",
          "PkgIdentifier": {
            "PURL": "pkg:rpm/centos/bash@4.2.46-31.el7?arch=x86_64\u0026distro=centos-7.6.1810",
-            "UID": "64aff37eb11b9c25"
+            "UID": "1e73732cad16e536"
          },
          "InstalledVersion": "4.2.46-31.el7",
          "Status": "will_not_fix",
@@ -147,7 +147,7 @@
          "PkgName": "openssl-libs",
          "PkgIdentifier": {
            "PURL": "pkg:rpm/centos/openssl-libs@1.0.2k-16.el7?arch=x86_64\u0026distro=centos-7.6.1810\u0026epoch=1",
-            "UID": "20f09cdcea6545a2"
+            "UID": "74d0a3456f5c43a3"
          },
          "InstalledVersion": "1:1.0.2k-16.el7",
          "FixedVersion": "1:1.0.2k-19.el7",
@@ -242,7 +242,7 @@
          "PkgName": "openssl-libs",
          "PkgIdentifier": {
            "PURL": "pkg:rpm/centos/openssl-libs@1.0.2k-16.el7?arch=x86_64\u0026distro=centos-7.6.1810\u0026epoch=1",
-            "UID": "20f09cdcea6545a2"
+            "UID": "74d0a3456f5c43a3"
          },
          "InstalledVersion": "1:1.0.2k-16.el7",
          "FixedVersion": "1:1.0.2k-19.el7",
--- a/integration/testdata/debian-buster-ignore-unfixed.json.golden
+++ b/integration/testdata/debian-buster-ignore-unfixed.json.golden
@@ -76,7 +76,7 @@
          "PkgName": "libidn2-0",
          "PkgIdentifier": {
            "PURL": "pkg:deb/debian/libidn2-0@2.0.5-1?arch=amd64\u0026distro=debian-10.1",
-            "UID": "24f9b08969c58720"
+            "UID": "ba4e8c27afaa206c"
          },
          "InstalledVersion": "2.0.5-1",
          "FixedVersion": "2.0.5-1+deb10u1",
--- a/integration/testdata/debian-buster.json.golden
+++ b/integration/testdata/debian-buster.json.golden
@@ -73,7 +73,7 @@
          "PkgName": "bash",
          "PkgIdentifier": {
            "PURL": "pkg:deb/debian/bash@5.0-4?arch=amd64\u0026distro=debian-10.1",
-            "UID": "170e4e5a30145f9c"
+            "UID": "ccac7cdb2b01effd"
          },
          "InstalledVersion": "5.0-4",
          "Status": "affected",
@@ -141,7 +141,7 @@
          "PkgName": "libidn2-0",
          "PkgIdentifier": {
            "PURL": "pkg:deb/debian/libidn2-0@2.0.5-1?arch=amd64\u0026distro=debian-10.1",
-            "UID": "24f9b08969c58720"
+            "UID": "ba4e8c27afaa206c"
          },
          "InstalledVersion": "2.0.5-1",
          "FixedVersion": "2.0.5-1+deb10u1",
--- a/integration/testdata/debian-stretch.json.golden
+++ b/integration/testdata/debian-stretch.json.golden
@@ -73,7 +73,7 @@
          "PkgName": "bash",
          "PkgIdentifier": {
            "PURL": "pkg:deb/debian/bash@4.4-5?arch=amd64\u0026distro=debian-9.9",
-            "UID": "17a77561513a84ba"
+            "UID": "5050d6cecedb6b16"
          },
          "InstalledVersion": "4.4-5",
          "Status": "end_of_life",
@@ -141,7 +141,7 @@
          "PkgName": "e2fslibs",
          "PkgIdentifier": {
            "PURL": "pkg:deb/debian/e2fslibs@1.43.4-2?arch=amd64\u0026distro=debian-9.9",
-            "UID": "f7397849f56886cf"
+            "UID": "4fbd6c91e1a18086"
          },
          "InstalledVersion": "1.43.4-2",
          "FixedVersion": "1.43.4-2+deb9u1",
@@ -216,7 +216,7 @@
          "PkgName": "e2fsprogs",
          "PkgIdentifier": {
            "PURL": "pkg:deb/debian/e2fsprogs@1.43.4-2?arch=amd64\u0026distro=debian-9.9",
-            "UID": "84536029ca820a6c"
+            "UID": "b0c2238df13ced7c"
          },
          "InstalledVersion": "1.43.4-2",
          "FixedVersion": "1.43.4-2+deb9u1",
@@ -291,7 +291,7 @@
          "PkgName": "libcomerr2",
          "PkgIdentifier": {
            "PURL": "pkg:deb/debian/libcomerr2@1.43.4-2?arch=amd64\u0026distro=debian-9.9",
-            "UID": "d911133b560d334c"
+            "UID": "fb99250ee0ffc0d0"
          },
          "InstalledVersion": "1.43.4-2",
          "FixedVersion": "1.43.4-2+deb9u1",
@@ -366,7 +366,7 @@
          "PkgName": "libss2",
          "PkgIdentifier": {
            "PURL": "pkg:deb/debian/libss2@1.43.4-2?arch=amd64\u0026distro=debian-9.9",
-            "UID": "d9396c7f91558633"
+            "UID": "c5648e376c234084"
          },
          "InstalledVersion": "1.43.4-2",
          "FixedVersion": "1.43.4-2+deb9u1",
--- a/integration/testdata/distroless-base.json.golden
+++ b/integration/testdata/distroless-base.json.golden
@@ -76,7 +76,7 @@
          "PkgName": "libssl1.1",
          "PkgIdentifier": {
            "PURL": "pkg:deb/debian/libssl1.1@1.1.0k-1~deb9u1?arch=amd64\u0026distro=debian-9.9",
-            "UID": "96b92444b87304a5"
+            "UID": "4115f1455e5bd09d"
          },
          "InstalledVersion": "1.1.0k-1~deb9u1",
          "Status": "affected",
@@ -162,7 +162,7 @@
          "PkgName": "libssl1.1",
          "PkgIdentifier": {
            "PURL": "pkg:deb/debian/libssl1.1@1.1.0k-1~deb9u1?arch=amd64\u0026distro=debian-9.9",
-            "UID": "96b92444b87304a5"
+            "UID": "4115f1455e5bd09d"
          },
          "InstalledVersion": "1.1.0k-1~deb9u1",
          "FixedVersion": "1.1.0l-1~deb9u1",
@@ -254,7 +254,7 @@
          "PkgName": "openssl",
          "PkgIdentifier": {
            "PURL": "pkg:deb/debian/openssl@1.1.0k-1~deb9u1?arch=amd64\u0026distro=debian-9.9",
-            "UID": "ed86402b9a8c2be6"
+            "UID": "c007f47f4b22b5a9"
          },
          "InstalledVersion": "1.1.0k-1~deb9u1",
          "Status": "affected",
@@ -340,7 +340,7 @@
          "PkgName": "openssl",
          "PkgIdentifier": {
            "PURL": "pkg:deb/debian/openssl@1.1.0k-1~deb9u1?arch=amd64\u0026distro=debian-9.9",
-            "UID": "ed86402b9a8c2be6"
+            "UID": "c007f47f4b22b5a9"
          },
          "InstalledVersion": "1.1.0k-1~deb9u1",
          "FixedVersion": "1.1.0l-1~deb9u1",
--- a/integration/testdata/distroless-python27.json.golden
+++ b/integration/testdata/distroless-python27.json.golden
@@ -103,7 +103,7 @@
          "PkgName": "libssl1.1",
          "PkgIdentifier": {
            "PURL": "pkg:deb/debian/libssl1.1@1.1.0k-1~deb9u1?arch=amd64\u0026distro=debian-9.9",
-            "UID": "96b92444b87304a5"
+            "UID": "4115f1455e5bd09d"
          },
          "InstalledVersion": "1.1.0k-1~deb9u1",
          "Status": "affected",
@@ -189,7 +189,7 @@
          "PkgName": "libssl1.1",
          "PkgIdentifier": {
            "PURL": "pkg:deb/debian/libssl1.1@1.1.0k-1~deb9u1?arch=amd64\u0026distro=debian-9.9",
-            "UID": "96b92444b87304a5"
+            "UID": "4115f1455e5bd09d"
          },
          "InstalledVersion": "1.1.0k-1~deb9u1",
          "FixedVersion": "1.1.0l-1~deb9u1",
@@ -281,7 +281,7 @@
          "PkgName": "openssl",
          "PkgIdentifier": {
            "PURL": "pkg:deb/debian/openssl@1.1.0k-1~deb9u1?arch=amd64\u0026distro=debian-9.9",
-            "UID": "ed86402b9a8c2be6"
+            "UID": "c007f47f4b22b5a9"
          },
          "InstalledVersion": "1.1.0k-1~deb9u1",
          "Status": "affected",
@@ -367,7 +367,7 @@
          "PkgName": "openssl",
          "PkgIdentifier": {
            "PURL": "pkg:deb/debian/openssl@1.1.0k-1~deb9u1?arch=amd64\u0026distro=debian-9.9",
-            "UID": "ed86402b9a8c2be6"
+            "UID": "c007f47f4b22b5a9"
          },
          "InstalledVersion": "1.1.0k-1~deb9u1",
          "FixedVersion": "1.1.0l-1~deb9u1",
--- a/integration/testdata/fluentd-gems.json.golden
+++ b/integration/testdata/fluentd-gems.json.golden
@@ -154,7 +154,7 @@
          "PkgName": "libidn2-0",
          "PkgIdentifier": {
            "PURL": "pkg:deb/debian/libidn2-0@2.0.5-1?arch=amd64\u0026distro=debian-10.2",
-            "UID": "14f80a7091a08e71"
+            "UID": "cd3028817db3f25a"
          },
          "InstalledVersion": "2.0.5-1",
          "FixedVersion": "2.0.5-1+deb10u1",
--- a/integration/testdata/mariner-1.0.json.golden
+++ b/integration/testdata/mariner-1.0.json.golden
@@ -57,7 +57,7 @@
          "PkgName": "vim",
          "PkgIdentifier": {
            "PURL": "pkg:rpm/cbl-mariner/vim@8.2.4081-1.cm1?arch=x86_64\u0026distro=cbl-mariner-1.0",
-            "UID": "3f08cd76fa5ba73d"
+            "UID": "437a9a3c0d29deb9"
          },
          "InstalledVersion": "8.2.4081-1.cm1",
          "Status": "affected",
@@ -95,7 +95,7 @@
          "PkgName": "vim",
          "PkgIdentifier": {
            "PURL": "pkg:rpm/cbl-mariner/vim@8.2.4081-1.cm1?arch=x86_64\u0026distro=cbl-mariner-1.0",
-            "UID": "3f08cd76fa5ba73d"
+            "UID": "437a9a3c0d29deb9"
          },
          "InstalledVersion": "8.2.4081-1.cm1",
          "FixedVersion": "8.2.4082-1.cm1",
--- a/integration/testdata/opensuse-leap-151.json.golden
+++ b/integration/testdata/opensuse-leap-151.json.golden
@@ -81,7 +81,7 @@
          "PkgName": "libopenssl1_1",
          "PkgIdentifier": {
            "PURL": "pkg:rpm/opensuse/libopenssl1_1@1.1.0i-lp151.8.3.1?arch=x86_64\u0026distro=opensuse-leap-15.1",
-            "UID": "898b73ddd0412f57"
+            "UID": "a5c414d06155f471"
          },
          "InstalledVersion": "1.1.0i-lp151.8.3.1",
          "FixedVersion": "1.1.0i-lp151.8.6.1",
@@ -115,7 +115,7 @@
          "PkgName": "openssl-1_1",
          "PkgIdentifier": {
            "PURL": "pkg:rpm/opensuse/openssl-1_1@1.1.0i-lp151.8.3.1?arch=x86_64\u0026distro=opensuse-leap-15.1",
-            "UID": "58980d005de43f54"
+            "UID": "937f6db3d7249e11"
          },
          "InstalledVersion": "1.1.0i-lp151.8.3.1",
          "FixedVersion": "1.1.0i-lp151.8.6.1",
--- a/integration/testdata/opensuse-tumbleweed.json.golden
+++ b/integration/testdata/opensuse-tumbleweed.json.golden
@@ -84,7 +84,7 @@
          "PkgName": "libopenssl3",
          "PkgIdentifier": {
            "PURL": "pkg:rpm/opensuse/libopenssl3@3.1.4-9.1?arch=x86_64\u0026distro=opensuse-tumbleweed-20240607",
-            "UID": "f051425f385d2b99"
+            "UID": "f71b3dc2f2cc0d84"
          },
          "InstalledVersion": "3.1.4-9.1",
          "FixedVersion": "3.1.5-9.1",
--- a/integration/testdata/oraclelinux-8.json.golden
+++ b/integration/testdata/oraclelinux-8.json.golden
@@ -82,7 +82,7 @@
          "PkgName": "curl",
          "PkgIdentifier": {
            "PURL": "pkg:rpm/oracle/curl@7.61.1-8.el8?arch=x86_64\u0026distro=oracle-8.0",
-            "UID": "6837a94bd82971ac"
+            "UID": "a8682a2156651fbe"
          },
          "InstalledVersion": "7.61.1-8.el8",
          "FixedVersion": "7.61.1-11.el8",
@@ -154,7 +154,7 @@
          "PkgName": "curl",
          "PkgIdentifier": {
            "PURL": "pkg:rpm/oracle/curl@7.61.1-8.el8?arch=x86_64\u0026distro=oracle-8.0",
-            "UID": "6837a94bd82971ac"
+            "UID": "a8682a2156651fbe"
          },
          "InstalledVersion": "7.61.1-8.el8",
          "FixedVersion": "7.61.1-12.el8",
--- a/integration/testdata/photon-30.json.golden
+++ b/integration/testdata/photon-30.json.golden
@@ -83,7 +83,7 @@
          "PkgName": "bash",
          "PkgIdentifier": {
            "PURL": "pkg:rpm/photon/bash@4.4.18-1.ph3?arch=x86_64\u0026distro=photon-3.0",
-            "UID": "a092142482df7886"
+            "UID": "8bd74904a15c7d6d"
          },
          "InstalledVersion": "4.4.18-1.ph3",
          "FixedVersion": "4.4.18-2.ph3",
@@ -148,7 +148,7 @@
          "PkgName": "curl",
          "PkgIdentifier": {
            "PURL": "pkg:rpm/photon/curl@7.61.1-4.ph3?arch=x86_64\u0026distro=photon-3.0",
-            "UID": "1f44492024a630e8"
+            "UID": "6b6a4de732e563ee"
          },
          "InstalledVersion": "7.61.1-4.ph3",
          "FixedVersion": "7.61.1-5.ph3",
@@ -221,7 +221,7 @@
          "PkgName": "curl-libs",
          "PkgIdentifier": {
            "PURL": "pkg:rpm/photon/curl-libs@7.61.1-4.ph3?arch=x86_64\u0026distro=photon-3.0",
-            "UID": "434cc417a46529a9"
+            "UID": "b33cf1cac05c76c2"
          },
          "InstalledVersion": "7.61.1-4.ph3",
          "FixedVersion": "7.61.1-5.ph3",
--- a/integration/testdata/rockylinux-8.json.golden
+++ b/integration/testdata/rockylinux-8.json.golden
@@ -72,7 +72,7 @@
          "PkgName": "openssl-libs",
          "PkgIdentifier": {
            "PURL": "pkg:rpm/rocky/openssl-libs@1.1.1k-4.el8?arch=x86_64\u0026distro=rocky-8.5\u0026epoch=1",
-            "UID": "2a2f49f9bf5fc512"
+            "UID": "cb8148bafbe15690"
          },
          "InstalledVersion": "1:1.1.1k-4.el8",
          "FixedVersion": "1:1.1.1k-5.el8_5",
--- a/integration/testdata/ubi-7-comprehensive.json.golden
+++ b/integration/testdata/ubi-7-comprehensive.json.golden
@@ -101,7 +101,7 @@
          "PkgName": "bash",
          "PkgIdentifier": {
            "PURL": "pkg:rpm/redhat/bash@4.2.46-33.el7?arch=x86_64\u0026distro=redhat-7.7",
-            "UID": "f5b786381193ad1b"
+            "UID": "12819dd4d4181abf"
          },
          "InstalledVersion": "4.2.46-33.el7",
          "Status": "will_not_fix",
--- a/integration/testdata/ubi-7.json.golden
+++ b/integration/testdata/ubi-7.json.golden
@@ -101,7 +101,7 @@
          "PkgName": "bash",
          "PkgIdentifier": {
            "PURL": "pkg:rpm/redhat/bash@4.2.46-33.el7?arch=x86_64\u0026distro=redhat-7.7",
-            "UID": "f5b786381193ad1b"
+            "UID": "12819dd4d4181abf"
          },
          "InstalledVersion": "4.2.46-33.el7",
          "Status": "will_not_fix",
--- a/integration/testdata/ubuntu-1804-ignore-unfixed.json.golden
+++ b/integration/testdata/ubuntu-1804-ignore-unfixed.json.golden
@@ -106,7 +106,7 @@
          "PkgName": "e2fsprogs",
          "PkgIdentifier": {
            "PURL": "pkg:deb/ubuntu/e2fsprogs@1.44.1-1ubuntu1.1?arch=amd64\u0026distro=ubuntu-18.04",
-            "UID": "f43bbfe1f933f718"
+            "UID": "eddde4dbdb2df58c"
          },
          "InstalledVersion": "1.44.1-1ubuntu1.1",
          "FixedVersion": "1.44.1-1ubuntu1.2",
@@ -178,7 +178,7 @@
          "PkgName": "libcom-err2",
          "PkgIdentifier": {
            "PURL": "pkg:deb/ubuntu/libcom-err2@1.44.1-1ubuntu1.1?arch=amd64\u0026distro=ubuntu-18.04",
-            "UID": "e7d11d906afeb678"
+            "UID": "87ee4bdeca236f23"
          },
          "InstalledVersion": "1.44.1-1ubuntu1.1",
          "FixedVersion": "1.44.1-1ubuntu1.2",
@@ -250,7 +250,7 @@
          "PkgName": "libext2fs2",
          "PkgIdentifier": {
            "PURL": "pkg:deb/ubuntu/libext2fs2@1.44.1-1ubuntu1.1?arch=amd64\u0026distro=ubuntu-18.04",
-            "UID": "19d89bf66d83962e"
+            "UID": "f5dac6a49dfab96c"
          },
          "InstalledVersion": "1.44.1-1ubuntu1.1",
          "FixedVersion": "1.44.1-1ubuntu1.2",
@@ -322,7 +322,7 @@
          "PkgName": "libss2",
          "PkgIdentifier": {
            "PURL": "pkg:deb/ubuntu/libss2@1.44.1-1ubuntu1.1?arch=amd64\u0026distro=ubuntu-18.04",
-            "UID": "231804324b8f13c6"
+            "UID": "119f1602425ea3a0"
          },
          "InstalledVersion": "1.44.1-1ubuntu1.1",
          "FixedVersion": "1.44.1-1ubuntu1.2",
--- a/integration/testdata/ubuntu-1804.json.golden
+++ b/integration/testdata/ubuntu-1804.json.golden
@@ -106,7 +106,7 @@
          "PkgName": "bash",
          "PkgIdentifier": {
            "PURL": "pkg:deb/ubuntu/bash@4.4.18-2ubuntu1.2?arch=amd64\u0026distro=ubuntu-18.04",
-            "UID": "55652e248d848fa2"
+            "UID": "c9e621778b151be2"
          },
          "InstalledVersion": "4.4.18-2ubuntu1.2",
          "Status": "affected",
@@ -170,7 +170,7 @@
          "PkgName": "e2fsprogs",
          "PkgIdentifier": {
            "PURL": "pkg:deb/ubuntu/e2fsprogs@1.44.1-1ubuntu1.1?arch=amd64\u0026distro=ubuntu-18.04",
-            "UID": "f43bbfe1f933f718"
+            "UID": "eddde4dbdb2df58c"
          },
          "InstalledVersion": "1.44.1-1ubuntu1.1",
          "FixedVersion": "1.44.1-1ubuntu1.2",
@@ -242,7 +242,7 @@
          "PkgName": "libcom-err2",
          "PkgIdentifier": {
            "PURL": "pkg:deb/ubuntu/libcom-err2@1.44.1-1ubuntu1.1?arch=amd64\u0026distro=ubuntu-18.04",
-            "UID": "e7d11d906afeb678"
+            "UID": "87ee4bdeca236f23"
          },
          "InstalledVersion": "1.44.1-1ubuntu1.1",
          "FixedVersion": "1.44.1-1ubuntu1.2",
@@ -314,7 +314,7 @@
          "PkgName": "libext2fs2",
          "PkgIdentifier": {
            "PURL": "pkg:deb/ubuntu/libext2fs2@1.44.1-1ubuntu1.1?arch=amd64\u0026distro=ubuntu-18.04",
-            "UID": "19d89bf66d83962e"
+            "UID": "f5dac6a49dfab96c"
          },
          "InstalledVersion": "1.44.1-1ubuntu1.1",
          "FixedVersion": "1.44.1-1ubuntu1.2",
@@ -386,7 +386,7 @@
          "PkgName": "libss2",
          "PkgIdentifier": {
            "PURL": "pkg:deb/ubuntu/libss2@1.44.1-1ubuntu1.1?arch=amd64\u0026distro=ubuntu-18.04",
-            "UID": "231804324b8f13c6"
+            "UID": "119f1602425ea3a0"
          },
          "InstalledVersion": "1.44.1-1ubuntu1.1",
          "FixedVersion": "1.44.1-1ubuntu1.2",
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -99,15 +99,16 @@ nav:
              - Elixir: guide/coverage/language/elixir.md
              - Go: guide/coverage/language/golang.md
              - Java: guide/coverage/language/java.md
              - Julia: guide/coverage/language/julia.md
              - Node.js: guide/coverage/language/nodejs.md
              - PHP: guide/coverage/language/php.md
              - Python: guide/coverage/language/python.md
              - Ruby: guide/coverage/language/ruby.md
              - Rust: guide/coverage/language/rust.md
              - Swift: guide/coverage/language/swift.md
              - Julia: guide/coverage/language/julia.md
          - IaC:
              - Overview: guide/coverage/iac/index.md
              - Ansible: guide/coverage/iac/ansible.md
              - Azure ARM Template: guide/coverage/iac/azure-arm.md
              - CloudFormation: guide/coverage/iac/cloudformation.md
              - Docker: guide/coverage/iac/docker.md
--- a/pkg/commands/artifact/run.go
+++ b/pkg/commands/artifact/run.go
@@ -1,9 +1,12 @@
 package artifact
 import (
 	"bytes"
 	"context"
 	"encoding/json"
 	"errors"
 	"fmt"
 	"maps"
 	"os"
 	"slices"
 	"strings"
@@ -12,6 +15,7 @@ import (
 	"github.com/samber/lo"
 	"github.com/spf13/viper"
 	"golang.org/x/xerrors"
 	"gopkg.in/yaml.v3"
 	"github.com/aquasecurity/trivy/pkg/cache"
 	"github.com/aquasecurity/trivy/pkg/commands/operation"
@@ -734,6 +738,12 @@ func initMisconfScannerOption(ctx context.Context, opts flag.Options) (misconf.S
 		return misconf.ScannerOption{}, xerrors.Errorf("load schemas error: %w", err)
 	}
 	ansibleExtraVars, err := resolveAnsibleExtraVars(opts.AnsibleExtraVars)
 	if err != nil {
 		log.DebugContext(ctx, "Failed to resolve Ansible extra-vars", log.Err(err))
 		ansibleExtraVars = make(map[string]any)
 	}
 	misconfOpts := misconf.ScannerOption{
 		Trace:                    opts.RegoOptions.Trace,
 		Namespaces:               append(opts.CheckNamespaces, rego.BuiltinNamespaces()...),
@@ -758,6 +768,9 @@ func initMisconfScannerOption(ctx context.Context, opts flag.Options) (misconf.S
 		ConfigFileSchemas:        configSchemas,
 		SkipFiles:                opts.SkipFiles,
 		SkipDirs:                 opts.SkipDirs,
 		AnsiblePlaybooks:         opts.AnsiblePlaybooks,
 		AnsibleInventories:       opts.AnsibleInventories,
 		AnsibleExtraVars:         ansibleExtraVars,
 	}
 	regoScanner, err := misconf.InitRegoScanner(misconfOpts)
@@ -768,3 +781,44 @@ func initMisconfScannerOption(ctx context.Context, opts flag.Options) (misconf.S
 	misconfOpts.RegoScanner = regoScanner
 	return misconfOpts, nil
 }
 func resolveAnsibleExtraVars(inputs []string) (map[string]any, error) {
 	result := make(map[string]any)
 	for _, input := range inputs {
 		var vars map[string]any
 		switch {
 		case strings.HasPrefix(input, "@"):
 			data, err := os.ReadFile(input[1:])
 			if err != nil {
 				return nil, fmt.Errorf("read extra-vars file %s: %w", input[1:], err)
 			}
 			trimmed := bytes.TrimSpace(data)
 			if len(trimmed) > 0 && trimmed[0] == '{' {
 				// parse as JSON object
 				if err := json.Unmarshal(trimmed, &vars); err != nil {
 					return nil, fmt.Errorf("parse extra-vars JSON file %s: %w", input[1:], err)
 				}
 			} else {
 				// parse as YAML
 				if err := yaml.Unmarshal(trimmed, &vars); err != nil {
 					return nil, fmt.Errorf("parse extra-vars YAML file %s: %w", input[1:], err)
 				}
 			}
 		case strings.Contains(input, "="):
 			kv := strings.SplitN(input, "=", 2)
 			var val string
 			if len(kv) == 2 {
 				val = kv[1]
 			}
 			vars = map[string]any{kv[0]: val}
 		default:
 			return nil, fmt.Errorf("invalid extra-vars input: %s", input)
 		}
 		maps.Copy(result, vars)
 	}
 	return result, nil
 }
--- a/pkg/dependency/parser/php/composer/parse.go
+++ b/pkg/dependency/parser/php/composer/parse.go
@@ -17,7 +17,8 @@ import (
 )
 type LockFile struct {
-	Packages []packageInfo `json:"packages"`
+	Packages    []packageInfo `json:"packages"`
 	PackagesDev []packageInfo `json:"packages-dev"`
 }
 type packageInfo struct {
 	Name    string            `json:"name"`
@@ -45,30 +46,11 @@ func (p *Parser) Parse(_ context.Context, r xio.ReadSeekerAt) ([]ftypes.Package,
 	pkgs := make(map[string]ftypes.Package)
 	foundDeps := make(map[string][]string)
 	for _, lpkg := range lockFile.Packages {
 		pkg := ftypes.Package{
 			ID:           dependency.ID(ftypes.Composer, lpkg.Name, lpkg.Version),
 			Name:         lpkg.Name,
 			Version:      lpkg.Version,
 			Relationship: ftypes.RelationshipUnknown, // composer.lock file doesn't have info about direct/indirect dependencies
 			Licenses:     licenses(lpkg.License),
 			Locations:    []ftypes.Location{ftypes.Location(lpkg.Location)},
 		}
 		pkgs[pkg.Name] = pkg
-		var dependsOn []string
+	// Production packages are parsed first to ensure they take precedence
-		for depName := range lpkg.Require {
+	// when the same package exists in both "packages" and "packages-dev".
-			// Require field includes required php version, skip this
+	p.parseProdPackages(lockFile, pkgs, foundDeps)
-			// Also skip PHP extensions
+	p.parseDevPackages(lockFile, pkgs, foundDeps)
 			if depName == "php" || strings.HasPrefix(depName, "ext") {
 				continue
 			}
 			dependsOn = append(dependsOn, depName) // field uses range of versions, so later we will fill in the versions from the packages
 		}
 		if len(dependsOn) > 0 {
 			foundDeps[pkg.ID] = dependsOn
 		}
 	}
 	// fill deps versions
 	var deps ftypes.Dependencies
@@ -95,6 +77,50 @@ func (p *Parser) Parse(_ context.Context, r xio.ReadSeekerAt) ([]ftypes.Package,
 	return pkgSlice, deps, nil
 }
 // parseProdPackages parses packages from the "packages" field in composer.lock.
 func (p *Parser) parseProdPackages(lockFile LockFile, pkgs map[string]ftypes.Package, foundDeps map[string][]string) {
 	p.parsePackages(lockFile.Packages, false, pkgs, foundDeps)
 }
 // parseDevPackages parses packages from the "packages-dev" field in composer.lock.
 // Packages already present in pkgs (i.e., production packages) are skipped.
 func (p *Parser) parseDevPackages(lockFile LockFile, pkgs map[string]ftypes.Package, foundDeps map[string][]string) {
 	p.parsePackages(lockFile.PackagesDev, true, pkgs, foundDeps)
 }
 func (p *Parser) parsePackages(lockPkgs []packageInfo, isDev bool, pkgs map[string]ftypes.Package, foundDeps map[string][]string) {
 	for _, lpkg := range lockPkgs {
 		// Skip if the package already exists (production packages take precedence over dev packages)
 		if _, ok := pkgs[lpkg.Name]; ok {
 			continue
 		}
 		pkg := ftypes.Package{
 			ID:           dependency.ID(ftypes.Composer, lpkg.Name, lpkg.Version),
 			Name:         lpkg.Name,
 			Version:      lpkg.Version,
 			Relationship: ftypes.RelationshipUnknown, // composer.lock file doesn't have info about direct/indirect dependencies
 			Licenses:     licenses(lpkg.License),
 			Locations:    []ftypes.Location{ftypes.Location(lpkg.Location)},
 			Dev:          isDev,
 		}
 		pkgs[pkg.Name] = pkg
 		var dependsOn []string
 		for depName := range lpkg.Require {
 			// Require field includes required php version, skip this
 			// Also skip PHP extensions
 			if depName == "php" || strings.HasPrefix(depName, "ext") {
 				continue
 			}
 			dependsOn = append(dependsOn, depName) // field uses range of versions, so later we will fill in the versions from the packages
 		}
 		if len(dependsOn) > 0 {
 			foundDeps[pkg.ID] = dependsOn
 		}
 	}
 }
 // licenses returns slice of licenses from string, string with separators (`or`, `and`, etc.) or string array
 // cf. https://getcomposer.org/doc/04-schema.md#license
 func licenses(val any) []string {
--- a/pkg/dependency/parser/php/composer/parse_test.go
+++ b/pkg/dependency/parser/php/composer/parse_test.go
@@ -54,6 +54,32 @@ var (
 				},
 			},
 		},
 		{
 			ID:       "pear/log@1.13.3",
 			Name:     "pear/log",
 			Version:  "1.13.3",
 			Dev:      true,
 			Licenses: []string{"MIT"},
 			Locations: []ftypes.Location{
 				{
 					StartLine: 660,
 					EndLine:   719,
 				},
 			},
 		},
 		{
 			ID:       "pear/pear_exception@v1.0.2",
 			Name:     "pear/pear_exception",
 			Version:  "v1.0.2",
 			Dev:      true,
 			Licenses: []string{"BSD-2-Clause"},
 			Locations: []ftypes.Location{
 				{
 					StartLine: 720,
 					EndLine:   778,
 				},
 			},
 		},
 		{
 			ID:       "psr/http-message@1.0.1",
 			Name:     "psr/http-message",
@@ -132,6 +158,12 @@ var (
 				"ralouphie/getallheaders@3.0.3",
 			},
 		},
 		{
 			ID: "pear/log@1.13.3",
 			DependsOn: []string{
 				"pear/pear_exception@v1.0.2",
 			},
 		},
 		{
 			ID: "symfony/polyfill-intl-idn@v1.27.0",
 			DependsOn: []string{
--- a/pkg/detector/library/driver.go
+++ b/pkg/detector/library/driver.go
@@ -83,8 +83,8 @@ func NewDriver(libType ftypes.LangType) (Driver, bool) {
 		eco = ecosystem.Kubernetes
 		comparer = compare.GenericComparer{}
 	case ftypes.Julia:
-		log.Warn("Julia is supported for SBOM, not for vulnerability scanning")
+		eco = ecosystem.Julia
-		return Driver{}, false
+		comparer = compare.GenericComparer{}
 	default:
 		log.Warn("The library type is not supported for vulnerability scanning",
 			log.String("type", string(libType)))
@@ -129,6 +129,7 @@ func (d *Driver) DetectVulnerabilities(pkgID, pkgName, pkgVer string) ([]types.D
 		vuln := types.DetectedVulnerability{
 			VulnerabilityID:  adv.VulnerabilityID,
 			VendorIDs:        adv.VendorIDs, // Any vendors have specific IDs, e.g. GHSA, JLSEC
 			PkgID:            pkgID,
 			PkgName:          pkgName,
 			InstalledVersion: pkgVer,
--- a/pkg/detector/library/driver_test.go
+++ b/pkg/detector/library/driver_test.go
@@ -66,7 +66,10 @@ func TestDriver_Detect(t *testing.T) {
 			},
 			want: []types.DetectedVulnerability{
 				{
-					VulnerabilityID:  "CVE-2022-21235",
+					VulnerabilityID: "CVE-2022-21235",
 					VendorIDs: []string{
 						"GHSA-6635-c626-vj4r",
 					},
 					PkgName:          "github.com/Masterminds/vcs",
 					InstalledVersion: "v1.13.1",
 					FixedVersion:     "v1.13.2",
@@ -78,6 +81,34 @@ func TestDriver_Detect(t *testing.T) {
 				},
 			},
 		},
 		{
 			name: "julia package",
 			fixtures: []string{
 				"testdata/fixtures/julia.yaml",
 				"testdata/fixtures/data-source.yaml",
 			},
 			libType: ftypes.Julia,
 			args: args{
 				pkgName: "HTTP",
 				pkgVer:  "1.10.16",
 			},
 			want: []types.DetectedVulnerability{
 				{
 					VulnerabilityID:  "CVE-2025-52479",
 					PkgName:          "HTTP",
 					InstalledVersion: "1.10.16",
 					FixedVersion:     "1.10.17",
 					DataSource: &dbTypes.DataSource{
 						ID:   vulnerability.Julia,
 						Name: "Julia Ecosystem Security Advisories",
 						URL:  "https://github.com/JuliaLang/SecurityAdvisories.jl",
 					},
 					VendorIDs: []string{
 						"JLSEC-2025-1",
 					},
 				},
 			},
 		},
 		{
 			name:     "non-prefixed buckets",
 			fixtures: []string{"testdata/fixtures/php-without-prefix.yaml"},
--- a/pkg/detector/library/testdata/fixtures/data-source.yaml
+++ b/pkg/detector/library/testdata/fixtures/data-source.yaml
@@ -30,3 +30,8 @@
        ID: "ghsa"
        Name: "GitHub Security Advisory Go"
        URL: "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
    - key: "julia::Julia Ecosystem Security Advisories"
      value:
        ID: "julia"
        Name: "Julia Ecosystem Security Advisories"
        URL: "https://github.com/JuliaLang/SecurityAdvisories.jl"
--- a/pkg/detector/library/testdata/fixtures/go.yaml
+++ b/pkg/detector/library/testdata/fixtures/go.yaml
@@ -8,3 +8,5 @@
              - v1.13.2
            VulnerableVersions:
              - "<v1.13.2"
            VendorIDs:
              - "GHSA-6635-c626-vj4r"
--- a/pkg/detector/library/testdata/fixtures/julia.yaml
+++ b/pkg/detector/library/testdata/fixtures/julia.yaml
@@ -0,0 +1,12 @@
 - bucket: "julia::Julia Ecosystem Security Advisories"
  pairs:
    - bucket: HTTP
      pairs:
        - key: CVE-2025-52479
          value:
            PatchedVersions:
              - 1.10.17
            VulnerableVersions:
              - "<1.10.17"
            VendorIDs:
              - "JLSEC-2025-1"
--- a/pkg/detector/ospkg/alpine/alpine.go
+++ b/pkg/detector/ospkg/alpine/alpine.go
@@ -50,6 +50,7 @@ var eolDates = map[string]time.Time{
 	"3.20": time.Date(2026, 4, 1, 23, 59, 59, 0, time.UTC),
 	"3.21": time.Date(2026, 12, 5, 23, 59, 59, 0, time.UTC),
 	"3.22": time.Date(2027, 4, 30, 23, 59, 59, 0, time.UTC),
 	"3.23": time.Date(2027, 11, 1, 23, 59, 59, 0, time.UTC),
 	"edge": time.Date(9999, 1, 1, 0, 0, 0, 0, time.UTC),
 }
--- a/pkg/detector/ospkg/debian/debian.go
+++ b/pkg/detector/ospkg/debian/debian.go
@@ -63,6 +63,11 @@ func (s *Scanner) Detect(ctx context.Context, osVer string, _ *ftypes.Repository
 	var vulns []types.DetectedVulnerability
 	for _, pkg := range pkgs {
 		// Skip third-party packages as they are not covered by Debian security advisories
 		if pkg.Repository.Class == ftypes.RepositoryClassThirdParty {
 			continue
 		}
 		sourceVersion, err := version.NewVersion(utils.FormatSrcVersion(pkg))
 		if err != nil {
 			log.DebugContext(ctx, "Installed package version error", log.Err(err))
--- a/pkg/detector/ospkg/rootio/rootio.go
+++ b/pkg/detector/ospkg/rootio/rootio.go
@@ -1,7 +1,6 @@
 package rootio
 import (
 	"cmp"
 	"context"
 	"strings"
@@ -104,9 +103,7 @@ func (s *Scanner) Detect(ctx context.Context, osVer string, _ *ftypes.Repository
 					Severity: adv.Severity.String(),
 				}
-				// Datasource contains BaseID + ID for root.io advisories,
+				vuln.SeveritySource = adv.DataSource.ID
 				// But baseOS (e.g. Debian) advisories use ID only.
 				vuln.SeveritySource = cmp.Or(adv.DataSource.BaseID, adv.DataSource.ID)
 			}
 			vulns = append(vulns, vuln)
--- a/pkg/detector/ospkg/rootio/rootio_test.go
+++ b/pkg/detector/ospkg/rootio/rootio_test.go
@@ -51,7 +51,7 @@ func TestScanner_Detect(t *testing.T) {
 					VulnerabilityID:  "CVE-2024-13176", // Debian and Root.io contain this CVE
 					InstalledVersion: "3.0.15-1~deb12u1.root.io.0",
 					FixedVersion:     "3.0.15-1~deb12u1.root.io.1, 3.0.16-1~deb12u1",
-					SeveritySource:   vulnerability.Debian,
+					SeveritySource:   vulnerability.RootIO,
 					DataSource: &dbTypes.DataSource{
 						ID:     vulnerability.RootIO,
 						BaseID: vulnerability.Debian,
@@ -103,12 +103,16 @@ func TestScanner_Detect(t *testing.T) {
 					VulnerabilityID:  "CVE-2023-44487",
 					InstalledVersion: "1.22.1-9+deb12u2.root.io.0",
 					FixedVersion:     "1.22.1-9+deb12u2.root.io.1",
 					SeveritySource:   vulnerability.RootIO,
 					DataSource: &dbTypes.DataSource{
 						ID:     vulnerability.RootIO,
 						BaseID: vulnerability.Ubuntu,
 						Name:   "Root.io Security Patches (ubuntu)",
 						URL:    "https://api.root.io/external/patch_feed",
 					},
 					Vulnerability: dbTypes.Vulnerability{
 						Severity: dbTypes.SeverityHigh.String(),
 					},
 				},
 			},
 		},
--- a/pkg/detector/ospkg/rootio/testdata/fixtures/rootio.yaml
+++ b/pkg/detector/ospkg/rootio/testdata/fixtures/rootio.yaml
@@ -28,6 +28,7 @@
            PatchedVersions:
              - "3.0.15-1~deb12u1.root.io.1"
              - "3.0.16-1~deb12u1"
            Severity: 2
 - bucket: root.io ubuntu 20.04
  pairs:
    - bucket: nginx
@@ -38,6 +39,7 @@
              - "<1.22.1-9+deb12u2.root.io.1"
            PatchedVersions:
              - "1.22.1-9+deb12u2.root.io.1"
            Severity: 3
 - bucket: root.io alpine 3.19
  pairs:
    - bucket: less
--- a/pkg/detector/ospkg/ubuntu/ubuntu.go
+++ b/pkg/detector/ospkg/ubuntu/ubuntu.go
@@ -105,6 +105,11 @@ func (s *Scanner) Detect(ctx context.Context, osVer string, _ *ftypes.Repository
 	var vulns []types.DetectedVulnerability
 	for _, pkg := range pkgs {
 		// Skip third-party packages as they are not covered by Ubuntu security advisories
 		if pkg.Repository.Class == ftypes.RepositoryClassThirdParty {
 			continue
 		}
 		osVer = s.versionFromEolDates(ctx, osVer)
 		advisories, err := s.vs.Get(db.GetParams{
 			Release: osVer,
--- a/pkg/fanal/analyzer/analyzer_test.go
+++ b/pkg/fanal/analyzer/analyzer_test.go
@@ -676,7 +676,7 @@ func TestAnalyzerGroup_AnalyzerVersions(t *testing.T) {
 					"ubuntu-esm":   1,
 				},
 				PostAnalyzers: map[string]int{
-					"dpkg":   5,
+					"dpkg":   6,
 					"jar":    1,
 					"poetry": 1,
 				},
--- a/pkg/fanal/analyzer/config/all/import.go
+++ b/pkg/fanal/analyzer/config/all/import.go
@@ -1,6 +1,7 @@
 package all
 import (
 	_ "github.com/aquasecurity/trivy/pkg/fanal/analyzer/config/ansible"
 	_ "github.com/aquasecurity/trivy/pkg/fanal/analyzer/config/azurearm"
 	_ "github.com/aquasecurity/trivy/pkg/fanal/analyzer/config/cloudformation"
 	_ "github.com/aquasecurity/trivy/pkg/fanal/analyzer/config/dockerfile"
--- a/pkg/fanal/analyzer/config/ansible/ansible.go
+++ b/pkg/fanal/analyzer/config/ansible/ansible.go
@@ -0,0 +1,37 @@
 package ansible
 import (
 	"os"
 	"path/filepath"
 	"slices"
 	"github.com/aquasecurity/trivy/pkg/fanal/analyzer"
 	"github.com/aquasecurity/trivy/pkg/fanal/analyzer/config"
 	"github.com/aquasecurity/trivy/pkg/iac/detection"
 )
 const (
 	version      = 1
 	analyzerType = analyzer.TypeAnsible
 )
 func init() {
 	analyzer.RegisterPostAnalyzer(analyzerType, newAnsibleConfigAnalyzer)
 }
 type ansibleConfigAnalyzer struct {
 	*config.Analyzer
 }
 func newAnsibleConfigAnalyzer(opts analyzer.AnalyzerOptions) (analyzer.PostAnalyzer, error) {
 	a, err := config.NewAnalyzer(analyzerType, version, detection.FileTypeAnsible, opts)
 	if err != nil {
 		return nil, err
 	}
 	return &ansibleConfigAnalyzer{Analyzer: a}, nil
 }
 func (a *ansibleConfigAnalyzer) Required(filePath string, _ os.FileInfo) bool {
 	return filepath.Base(filePath) == "ansible.cfg" ||
 		slices.Contains([]string{"", ".yml", ".yaml", ".json", ".ini"}, filepath.Ext(filePath))
 }
--- a/pkg/fanal/analyzer/config/ansible/ansible_test.go
+++ b/pkg/fanal/analyzer/config/ansible/ansible_test.go
@@ -0,0 +1,61 @@
 package ansible
 import (
 	"testing"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"github.com/aquasecurity/trivy/pkg/fanal/analyzer"
 )
 func Test_ansibleConfigAnalyzer_Required(t *testing.T) {
 	tests := []struct {
 		name     string
 		filePath string
 		want     bool
 	}{
 		{
 			name:     "yaml",
 			filePath: "test.yaml",
 			want:     true,
 		},
 		{
 			name:     "yml",
 			filePath: "test.yml",
 			want:     true,
 		},
 		{
 			name:     "json",
 			filePath: "test.json",
 			want:     true,
 		},
 		{
 			name:     "init",
 			filePath: "test.ini",
 			want:     true,
 		},
 		{
 			name:     "without extension",
 			filePath: "test",
 			want:     true,
 		},
 		{
 			name:     "config file",
 			filePath: "ansible.cfg",
 			want:     true,
 		},
 		{
 			name:     "just cfg",
 			filePath: "test.cfg",
 			want:     false,
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			a, err := newAnsibleConfigAnalyzer(analyzer.AnalyzerOptions{})
 			require.NoError(t, err)
 			assert.Equal(t, tt.want, a.Required(tt.filePath, nil))
 		})
 	}
 }
--- a/pkg/fanal/analyzer/const.go
+++ b/pkg/fanal/analyzer/const.go
@@ -132,6 +132,7 @@ const (
 	TypeTerraformPlanSnapshot Type = Type(detection.FileTypeTerraformPlanSnapshot)
 	TypeYAML                  Type = Type(detection.FileTypeYAML)
 	TypeJSON                  Type = Type(detection.FileTypeJSON)
 	TypeAnsible               Type = Type(detection.FileTypeAnsible)
 	// ========
 	// License
@@ -266,5 +267,6 @@ var (
 		TypeTerraformPlanSnapshot,
 		TypeYAML,
 		TypeJSON,
 		TypeAnsible,
 	}
 )
--- a/pkg/fanal/analyzer/language/php/composer/composer.go
+++ b/pkg/fanal/analyzer/language/php/composer/composer.go
@@ -106,7 +106,7 @@ func (a composerAnalyzer) parseComposerLock(ctx context.Context, path string, r
 func (a composerAnalyzer) mergeComposerJson(fsys fs.FS, dir string, app *types.Application) error {
 	// Parse composer.json to identify the direct dependencies
 	path := filepath.Join(dir, types.ComposerJson)
-	p, err := a.parseComposerJson(fsys, path)
+	cj, err := a.parseComposerJson(fsys, path)
 	if errors.Is(err, fs.ErrNotExist) {
 		// Assume all the packages are direct dependencies as it cannot identify them from composer.lock
 		log.Debug("Unable to determine the direct dependencies, composer.json not found", log.FilePath(path))
@@ -117,7 +117,9 @@ func (a composerAnalyzer) mergeComposerJson(fsys fs.FS, dir string, app *types.A
 	for i, pkg := range app.Packages {
 		// Identify the direct/transitive dependencies
-		if _, ok := p[pkg.Name]; ok {
+		if _, ok := cj.Require[pkg.Name]; ok {
 			app.Packages[i].Relationship = types.RelationshipDirect
 		} else if _, ok := cj.RequireDev[pkg.Name]; ok {
 			app.Packages[i].Relationship = types.RelationshipDirect
 		} else {
 			app.Packages[i].Indirect = true
@@ -129,21 +131,22 @@ func (a composerAnalyzer) mergeComposerJson(fsys fs.FS, dir string, app *types.A
 }
 type composerJson struct {
-	Require map[string]string `json:"require"`
+	Require    map[string]string `json:"require"`
 	RequireDev map[string]string `json:"require-dev"`
 }
-func (a composerAnalyzer) parseComposerJson(fsys fs.FS, path string) (map[string]string, error) {
+func (a composerAnalyzer) parseComposerJson(fsys fs.FS, path string) (composerJson, error) {
 	// Parse composer.json
 	f, err := fsys.Open(path)
 	if err != nil {
-		return nil, xerrors.Errorf("file open error: %w", err)
+		return composerJson{}, xerrors.Errorf("file open error: %w", err)
 	}
 	defer func() { _ = f.Close() }()
-	jsonFile := composerJson{}
+	var jsonFile composerJson
 	err = json.NewDecoder(f).Decode(&jsonFile)
 	if err != nil {
-		return nil, xerrors.Errorf("json decode error: %w", err)
+		return composerJson{}, xerrors.Errorf("json decode error: %w", err)
 	}
-	return jsonFile.Require, nil
+	return jsonFile, nil
 }
--- a/pkg/fanal/analyzer/language/php/composer/composer_test.go
+++ b/pkg/fanal/analyzer/language/php/composer/composer_test.go
@@ -151,6 +151,65 @@ func Test_composerAnalyzer_PostAnalyze(t *testing.T) {
 			dir:  "testdata/composer/sad",
 			want: &analyzer.AnalysisResult{},
 		},
 		{
 			name: "with dev dependencies",
 			dir:  "testdata/composer/with-dev",
 			want: &analyzer.AnalysisResult{
 				Applications: []types.Application{
 					{
 						Type:     types.Composer,
 						FilePath: "composer.lock",
 						Packages: types.Packages{
 							{
 								ID:           "pear/log@1.14.6",
 								Name:         "pear/log",
 								Version:      "1.14.6",
 								Dev:          true,
 								Indirect:     false,
 								Relationship: types.RelationshipDirect,
 								Licenses:     []string{"MIT"},
 								Locations: []types.Location{
 									{
 										StartLine: 61,
 										EndLine:   121,
 									},
 								},
 								DependsOn: []string{"pear/pear_exception@v1.0.2"},
 							},
 							{
 								ID:           "psr/log@1.1.4",
 								Name:         "psr/log",
 								Version:      "1.1.4",
 								Indirect:     false,
 								Relationship: types.RelationshipDirect,
 								Licenses:     []string{"MIT"},
 								Locations: []types.Location{
 									{
 										StartLine: 9,
 										EndLine:   58,
 									},
 								},
 							},
 							{
 								ID:           "pear/pear_exception@v1.0.2",
 								Name:         "pear/pear_exception",
 								Version:      "v1.0.2",
 								Dev:          true,
 								Indirect:     true,
 								Relationship: types.RelationshipIndirect,
 								Licenses:     []string{"BSD-2-Clause"},
 								Locations: []types.Location{
 									{
 										StartLine: 122,
 										EndLine:   180,
 									},
 								},
 							},
 						},
 					},
 				},
 			},
 		},
 	}
 	for _, tt := range tests {
--- a/pkg/fanal/analyzer/language/php/composer/testdata/composer/with-dev/composer.json
+++ b/pkg/fanal/analyzer/language/php/composer/testdata/composer/with-dev/composer.json
@@ -0,0 +1,8 @@
 {
  "require": {
    "psr/log": "^1.0"
  },
  "require-dev": {
    "pear/log": "^1.13"
  }
 }
--- a/pkg/fanal/analyzer/language/php/composer/testdata/composer/with-dev/composer.lock
+++ b/pkg/fanal/analyzer/language/php/composer/testdata/composer/with-dev/composer.lock
@@ -0,0 +1,190 @@
 {
    "_readme": [
        "This file locks the dependencies of your project to a known state",
        "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
        "This file is @generated automatically"
    ],
    "content-hash": "2c9e13a2460669ca09226814c0aefb51",
    "packages": [
        {
            "name": "psr/log",
            "version": "1.1.4",
            "source": {
                "type": "git",
                "url": "https://github.com/php-fig/log.git",
                "reference": "d49695b909c3b7628b6289db5479a1c204601f11"
            },
            "dist": {
                "type": "zip",
                "url": "https://api.github.com/repos/php-fig/log/zipball/d49695b909c3b7628b6289db5479a1c204601f11",
                "reference": "d49695b909c3b7628b6289db5479a1c204601f11",
                "shasum": ""
            },
            "require": {
                "php": ">=5.3.0"
            },
            "type": "library",
            "extra": {
                "branch-alias": {
                    "dev-master": "1.1.x-dev"
                }
            },
            "autoload": {
                "psr-4": {
                    "Psr\\Log\\": "Psr/Log/"
                }
            },
            "notification-url": "https://packagist.org/downloads/",
            "license": [
                "MIT"
            ],
            "authors": [
                {
                    "name": "PHP-FIG",
                    "homepage": "https://www.php-fig.org/"
                }
            ],
            "description": "Common interface for logging libraries",
            "homepage": "https://github.com/php-fig/log",
            "keywords": [
                "log",
                "psr",
                "psr-3"
            ],
            "support": {
                "source": "https://github.com/php-fig/log/tree/1.1.4"
            },
            "time": "2021-05-03T11:20:27+00:00"
        }
    ],
    "packages-dev": [
        {
            "name": "pear/log",
            "version": "1.14.6",
            "source": {
                "type": "git",
                "url": "https://github.com/pear/Log.git",
                "reference": "e136d31ff6d5991e9707862f5fbfb97d40cd37a3"
            },
            "dist": {
                "type": "zip",
                "url": "https://api.github.com/repos/pear/Log/zipball/e136d31ff6d5991e9707862f5fbfb97d40cd37a3",
                "reference": "e136d31ff6d5991e9707862f5fbfb97d40cd37a3",
                "shasum": ""
            },
            "require": {
                "pear/pear_exception": "1.0.1 || 1.0.2",
                "php": ">=7.4"
            },
            "require-dev": {
                "phpunit/phpunit": "*",
                "rector/rector": "*"
            },
            "suggest": {
                "pear/db": "Install optionally via your project's composer.json"
            },
            "type": "library",
            "autoload": {
                "psr-0": {
                    "Log": "./"
                },
                "exclude-from-classmap": [
                    "/examples/"
                ]
            },
            "notification-url": "https://packagist.org/downloads/",
            "include-path": [
                ""
            ],
            "license": [
                "MIT"
            ],
            "authors": [
                {
                    "name": "Jon Parise",
                    "email": "jon@php.net",
                    "homepage": "https://www.indelible.org/",
                    "role": "Developer"
                }
            ],
            "description": "PEAR Logging Framework",
            "homepage": "https://pear.github.io/Log/",
            "keywords": [
                "log",
                "logging"
            ],
            "support": {
                "issues": "https://github.com/pear/Log/issues",
                "source": "https://github.com/pear/Log"
            },
            "time": "2025-07-27T00:25:20+00:00"
        },
        {
            "name": "pear/pear_exception",
            "version": "v1.0.2",
            "source": {
                "type": "git",
                "url": "https://github.com/pear/PEAR_Exception.git",
                "reference": "b14fbe2ddb0b9f94f5b24cf08783d599f776fff0"
            },
            "dist": {
                "type": "zip",
                "url": "https://api.github.com/repos/pear/PEAR_Exception/zipball/b14fbe2ddb0b9f94f5b24cf08783d599f776fff0",
                "reference": "b14fbe2ddb0b9f94f5b24cf08783d599f776fff0",
                "shasum": ""
            },
            "require": {
                "php": ">=5.2.0"
            },
            "require-dev": {
                "phpunit/phpunit": "<9"
            },
            "type": "class",
            "extra": {
                "branch-alias": {
                    "dev-master": "1.0.x-dev"
                }
            },
            "autoload": {
                "classmap": [
                    "PEAR/"
                ]
            },
            "notification-url": "https://packagist.org/downloads/",
            "include-path": [
                "."
            ],
            "license": [
                "BSD-2-Clause"
            ],
            "authors": [
                {
                    "name": "Helgi Thormar",
                    "email": "dufuz@php.net"
                },
                {
                    "name": "Greg Beaver",
                    "email": "cellog@php.net"
                }
            ],
            "description": "The PEAR Exception base class.",
            "homepage": "https://github.com/pear/PEAR_Exception",
            "keywords": [
                "exception"
            ],
            "support": {
                "issues": "http://pear.php.net/bugs/search.php?cmd=display&package_name[]=PEAR_Exception",
                "source": "https://github.com/pear/PEAR_Exception"
            },
            "time": "2021-03-21T15:43:46+00:00"
        }
    ],
    "aliases": [],
    "minimum-stability": "stable",
    "stability-flags": {},
    "prefer-stable": false,
    "prefer-lowest": false,
    "platform": {},
    "platform-dev": {},
    "plugin-api-version": "2.9.0"
 }
--- a/pkg/fanal/analyzer/pkg/dpkg/dpkg.go
+++ b/pkg/fanal/analyzer/pkg/dpkg/dpkg.go
@@ -41,7 +41,7 @@ func newDpkgAnalyzer(_ analyzer.AnalyzerOptions) (analyzer.PostAnalyzer, error)
 }
 const (
-	analyzerVersion = 5
+	analyzerVersion = 6
 	statusFile    = "var/lib/dpkg/status"
 	statusDir     = "var/lib/dpkg/status.d/"
@@ -54,6 +54,56 @@ const (
 var (
 	dpkgSrcCaptureRegexp      = regexp.MustCompile(`(?P<name>[^\s]*)( \((?P<version>.*)\))?`)
 	dpkgSrcCaptureRegexpNames = dpkgSrcCaptureRegexp.SubexpNames()
 	// thirdPartyMaintainerPatterns contains patterns that indicate a package is from a third-party repository.
 	// Packages with maintainers matching these patterns will NOT have their InstalledFiles tracked,
 	// allowing language scanners to properly analyze files installed by those packages.
 	// See https://github.com/aquasecurity/trivy/issues/9916 for more details.
 	thirdPartyMaintainerPatterns = []string{
 		// Container & orchestration
 		"support@docker.com", // Docker
 		// Cloud providers & infrastructure
 		"@nvidia.com",              // NVIDIA CUDA
 		"Google Cloud CLI Authors", // Google Cloud SDK
 		"sapmachine@sap.com",       // SAP Machine JDK
 		"@hashicorp.com",           // HashiCorp (Terraform, Vault, Consul, etc.)
 		"@microsoft.com",           // Microsoft (VS Code, Azure CLI, .NET, etc.)
 		// Databases
 		"@mongodb.com",                 // MongoDB
 		"developers@lists.mariadb.org", // MariaDB
 		"dev@couchdb.apache.org",       // Apache CouchDB
 		"info@elastic.co",              // Elastic (Elasticsearch, Kibana, etc.)
 		// Web servers & API gateways
 		"nginx-packaging@f5.com", // NGINX (from nginx.org, not Debian)
 		"@konghq.com",            // Kong
 		"@cloudflare.com",        // Cloudflare (cloudflared, WARP)
 		// Monitoring & observability
 		"support@influxdb.com", // InfluxData (InfluxDB, Telegraf)
 		"support@gitlab.com",   // GitLab
 		"contact@grafana.com",  // Grafana Labs
 		"@datadoghq.com",       // Datadog
 		// Language runtimes (third-party repos)
 		"@nodesource.com", // NodeSource (Node.js)
 		// Networking & VPN
 		"info@tailscale.com", // Tailscale
 		// Robotics
 		"@openrobotics.org",  // ROS (Robot Operating System)
 		"@osrfoundation.org", // ROS (Robot Operating System)
 	}
 	// thirdPartyMaintainerExact contains maintainer strings that require exact match.
 	// These are too short or generic for substring matching.
 	thirdPartyMaintainerExact = []string{
 		"GitHub",    // GitHub CLI
 		"HashiCorp", // HashiCorp (Terraform, Vault, Consul, etc.)
 	}
 )
 func (a dpkgAnalyzer) PostAnalyze(_ context.Context, input analyzer.PostAnalysisInput) (*analyzer.AnalysisResult, error) {
@@ -82,7 +132,7 @@ func (a dpkgAnalyzer) PostAnalyze(_ context.Context, input analyzer.PostAnalysis
 				return xerrors.Errorf("failed to parse %s file: %w", path, err)
 			}
 			packageFiles[strings.TrimSuffix(filepath.Base(path), md5sumsExtension)] = systemFiles
-			systemInstalledFiles = append(systemInstalledFiles, systemFiles...)
+			// Note: systemInstalledFiles will be populated later based on maintainer check
 			return nil
 		}
 		// parse status files
@@ -97,14 +147,32 @@ func (a dpkgAnalyzer) PostAnalyze(_ context.Context, input analyzer.PostAnalysis
 		return nil, xerrors.Errorf("dpkg walk error: %w", err)
 	}
-	// map the packages to their respective files
+	// Map packages to their respective files.
 	// Third-party packages will NOT have their InstalledFiles populated to avoid filtering out
 	// language packages (npm, pip, etc.) installed by those third-party OS packages.
 	for i, pkgInfo := range packageInfos {
 		for j, pkg := range pkgInfo.Packages {
 			installedFiles, found := packageFiles[pkg.Name]
 			if !found {
 				installedFiles = packageFiles[pkg.Name+":"+pkg.Arch]
 			}
 			// Skip InstalledFiles for third-party packages
 			if isThirdPartyPackage(pkg.Maintainer) {
 				a.logger.Debug("Third-party package detected",
 					log.String("package", pkg.Name),
 					log.String("maintainer", pkg.Maintainer))
 				packageInfos[i].Packages[j].Repository = types.PackageRepository{
 					Class: types.RepositoryClassThirdParty,
 				}
 				continue
 			}
 			packageInfos[i].Packages[j].Repository = types.PackageRepository{
 				Class: types.RepositoryClassOfficial,
 			}
 			packageInfos[i].Packages[j].InstalledFiles = installedFiles
 			systemInstalledFiles = append(systemInstalledFiles, installedFiles...)
 		}
 	}
@@ -349,6 +417,21 @@ func (a dpkgAnalyzer) isMd5SumsFile(dir, fileName string) bool {
 	return strings.HasSuffix(fileName, md5sumsExtension)
 }
 // isThirdPartyPackage checks if a package is from a third-party repository
 // by examining the Maintainer field against known third-party patterns.
 //
 // Unlike RPM which has a dedicated "Vendor" field, dpkg packages don't have a reliable
 // way to identify their origin. We use a heuristic approach based on maintainer patterns.
 // See https://github.com/aquasecurity/trivy/issues/9916 for more details.
 func isThirdPartyPackage(maintainer string) bool {
 	if slices.Contains(thirdPartyMaintainerExact, maintainer) {
 		return true
 	}
 	return slices.ContainsFunc(thirdPartyMaintainerPatterns, func(pattern string) bool {
 		return strings.Contains(maintainer, pattern)
 	})
 }
 func (a dpkgAnalyzer) Type() analyzer.Type {
 	return analyzer.TypeDpkg
 }
--- a/pkg/fanal/analyzer/pkg/dpkg/dpkg_test.go
+++ b/pkg/fanal/analyzer/pkg/dpkg/dpkg_test.go
@@ -43,6 +43,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								},
 								Maintainer: "Ubuntu Core Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "all",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "apt@1.6.3ubuntu0.1",
@@ -63,6 +64,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								},
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "base-files@10.1ubuntu2.2",
@@ -72,6 +74,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								SrcVersion: "10.1ubuntu2.2",
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "base-passwd@3.5.44",
@@ -85,6 +88,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								},
 								Maintainer: "Colin Watson <cjwatson@debian.org>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "bash@4.4.18-2ubuntu1",
@@ -100,6 +104,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								},
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "bsdutils@1:2.31.1-0.4ubuntu3.1",
@@ -112,6 +117,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								SrcRelease: "0.4ubuntu3.1",
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "bzip2@1.0.6-8.1",
@@ -127,6 +133,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								},
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "coreutils@8.28-1ubuntu1",
@@ -138,6 +145,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								SrcRelease: "1ubuntu1",
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "dash@0.5.8-2.10",
@@ -153,6 +161,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								},
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "debconf@1.5.66",
@@ -162,6 +171,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								SrcVersion: "1.5.66",
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "all",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "debianutils@4.8.4",
@@ -171,6 +181,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								SrcVersion: "4.8.4",
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "diffutils@1:3.6-1",
@@ -184,6 +195,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								SrcRelease: "1",
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "dpkg@1.19.0.5ubuntu2",
@@ -196,6 +208,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								},
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "e2fsprogs@1.44.1-1",
@@ -207,6 +220,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								SrcRelease: "1",
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "fdisk@2.31.1-0.4ubuntu3.1",
@@ -226,6 +240,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								},
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "findutils@4.6.0+git+20170828-2",
@@ -237,6 +252,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								SrcRelease: "2",
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "gcc-8-base@8-20180414-1ubuntu2",
@@ -248,6 +264,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								SrcRelease: "1ubuntu2",
 								Maintainer: "Ubuntu Core developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "gpgv@2.2.4-1ubuntu1.1",
@@ -266,6 +283,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								},
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "grep@3.1-2",
@@ -280,6 +298,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								},
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "gzip@1.6-5ubuntu1",
@@ -294,6 +313,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								},
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "hostname@3.20",
@@ -303,6 +323,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								SrcVersion: "3.20",
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "init-system-helpers@1.51",
@@ -315,6 +336,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								},
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "all",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "libacl1@2.2.52-3build1",
@@ -330,6 +352,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								},
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "libapt-pkg5.0@1.6.3ubuntu0.1",
@@ -350,6 +373,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								},
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "libattr1@1:2.4.47-2build1",
@@ -366,6 +390,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								},
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "libaudit-common@1:2.8.2-1ubuntu1",
@@ -379,6 +404,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								SrcRelease: "1ubuntu1",
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "all",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "libaudit1@1:2.8.2-1ubuntu1",
@@ -397,6 +423,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								},
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "libblkid1@2.31.1-0.4ubuntu3.1",
@@ -412,6 +439,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								},
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "libbz2-1.0@1.0.6-8.1",
@@ -426,6 +454,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								},
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "libc-bin@2.27-3ubuntu1",
@@ -440,6 +469,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								},
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "libc6@2.27-3ubuntu1",
@@ -454,6 +484,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								},
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "libcap-ng0@0.7.7-3.1",
@@ -468,6 +499,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								},
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "libcom-err2@1.44.1-1",
@@ -482,6 +514,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								},
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "libdb5.3@5.3.28-13.1ubuntu1",
@@ -496,6 +529,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								},
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "libdebconfclient0@0.213ubuntu1",
@@ -508,6 +542,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								},
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "libext2fs2@1.44.1-1",
@@ -522,6 +557,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								},
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "libfdisk1@2.31.1-0.4ubuntu3.1",
@@ -538,6 +574,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								},
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "libffi6@3.2.1-8",
@@ -552,6 +589,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								},
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "libgcc1@1:8-20180414-1ubuntu2",
@@ -568,6 +606,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								},
 								Maintainer: "Ubuntu Core developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "libgcrypt20@1.8.1-4ubuntu1.1",
@@ -583,6 +622,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								},
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "libgmp10@2:6.1.2+dfsg-2",
@@ -599,6 +639,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								},
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "libgnutls30@3.5.18-1ubuntu1",
@@ -621,6 +662,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								},
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:   "libgpg-error0@1.27-6",
@@ -636,6 +678,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								},
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "libhogweed4@3.4-1",
@@ -652,6 +695,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								},
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "libidn2-0@2.0.4-1.1build2",
@@ -667,6 +711,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								},
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "liblz4-1@0.0~r131-2ubuntu3",
@@ -681,6 +726,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								},
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "liblzma5@5.1.1alpha+20120614-2+b3",
@@ -695,6 +741,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								},
 								Maintainer: "Jonathan Nieder <jrnieder@gmail.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "libmount1@2.31.1-0.4ubuntu3.1",
@@ -711,6 +758,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								},
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "libncurses5@6.1-1ubuntu1.18.04",
@@ -726,6 +774,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								},
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "libncursesw5@6.1-1ubuntu1.18.04",
@@ -741,6 +790,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								},
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "libnettle6@3.4-1",
@@ -755,6 +805,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								},
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "libp11-kit0@0.23.9-2",
@@ -770,6 +821,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								},
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "libpam-modules@1.1.8-3.6ubuntu2",
@@ -781,6 +833,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								SrcRelease: "3.6ubuntu2",
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "libpam-modules-bin@1.1.8-3.6ubuntu2",
@@ -798,6 +851,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								},
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "libpam-runtime@1.1.8-3.6ubuntu2",
@@ -813,6 +867,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								},
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "all",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "libpam0g@1.1.8-3.6ubuntu2",
@@ -829,6 +884,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								},
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "libpcre3@2:8.39-9",
@@ -845,6 +901,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								},
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "libprocps6@2:3.3.12-3ubuntu1.1",
@@ -862,6 +919,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								},
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "libseccomp2@2.3.1-2.1ubuntu4",
@@ -876,6 +934,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								},
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "libselinux1@2.7-2build2",
@@ -891,6 +950,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								},
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "libsemanage-common@2.7-2build2",
@@ -902,6 +962,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								SrcRelease: "2build2",
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "all",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "libsemanage1@2.7-2build2",
@@ -921,6 +982,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								},
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "libsepol1@2.7-1",
@@ -935,6 +997,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								},
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "libsmartcols1@2.31.1-0.4ubuntu3.1",
@@ -949,6 +1012,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								},
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "libss2@1.44.1-1",
@@ -964,6 +1028,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								},
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "libstdc++6@8-20180414-1ubuntu2",
@@ -980,6 +1045,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								},
 								Maintainer: "Ubuntu Core developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "libsystemd0@237-3ubuntu10.3",
@@ -991,6 +1057,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								SrcRelease: "3ubuntu10.3",
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "libtasn1-6@4.13-2",
@@ -1005,6 +1072,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								},
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "libtinfo5@6.1-1ubuntu1.18.04",
@@ -1019,6 +1087,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								},
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "libudev1@237-3ubuntu10.3",
@@ -1033,6 +1102,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								},
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "libunistring2@0.9.9-0ubuntu1",
@@ -1047,6 +1117,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								},
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "libustr-1.0-1@1.0.4-3+b2",
@@ -1061,6 +1132,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								},
 								Maintainer: "Vaclav Ovsik <vaclav.ovsik@i.cz>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "libuuid1@2.31.1-0.4ubuntu3.1",
@@ -1075,6 +1147,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								},
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "libzstd1@1.3.3+dfsg-2ubuntu1",
@@ -1089,6 +1162,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								},
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "login@1:4.5-1ubuntu1",
@@ -1102,6 +1176,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								SrcRelease: "1ubuntu1",
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "lsb-base@9.20170808ubuntu1",
@@ -1111,6 +1186,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								SrcVersion: "9.20170808ubuntu1",
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "all",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "mawk@1.3.3-17ubuntu3",
@@ -1122,6 +1198,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								SrcRelease: "17ubuntu3",
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "mount@2.31.1-0.4ubuntu3.1",
@@ -1136,6 +1213,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								},
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "ncurses-base@6.1-1ubuntu1.18.04",
@@ -1147,6 +1225,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								SrcRelease: "1ubuntu1.18.04",
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "all",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "ncurses-bin@6.1-1ubuntu1.18.04",
@@ -1158,6 +1237,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								SrcRelease: "1ubuntu1.18.04",
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "passwd@1:4.5-1ubuntu1",
@@ -1179,6 +1259,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								},
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "perl-base@5.26.1-6ubuntu0.2",
@@ -1190,6 +1271,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								SrcRelease: "6ubuntu0.2",
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "procps@2:3.3.12-3ubuntu1.1",
@@ -1212,6 +1294,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								},
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "sed@4.4-2",
@@ -1223,6 +1306,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								SrcRelease: "2",
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "sensible-utils@0.0.12",
@@ -1232,6 +1316,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								SrcVersion: "0.0.12",
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "all",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "sysvinit-utils@2.88dsf-59.10ubuntu1",
@@ -1248,6 +1333,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								},
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "tar@1.29b-2",
@@ -1259,6 +1345,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								SrcRelease: "2",
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "ubuntu-keyring@2018.02.28",
@@ -1268,6 +1355,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								SrcVersion: "2018.02.28",
 								Maintainer: "Dimitri John Ledkov <dimitri.ledkov@canonical.com>",
 								Arch:       "all",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "util-linux@2.31.1-0.4ubuntu3.1",
@@ -1282,6 +1370,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								},
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "zlib1g@1:1.2.11.dfsg-0ubuntu2",
@@ -1298,6 +1387,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								},
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 						},
 					},
@@ -1323,6 +1413,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								SrcRelease: "12ubuntu1",
 								Maintainer: "Ubuntu Core developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "libpam-modules-bin@1.1.8-3.1ubuntu3",
@@ -1334,6 +1425,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								SrcRelease: "3.1ubuntu3",
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "libpam-runtime@1.1.8-3.1ubuntu3",
@@ -1345,6 +1437,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								SrcRelease: "3.1ubuntu3",
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "all",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "makedev@2.3.1-93ubuntu1",
@@ -1356,6 +1449,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								SrcRelease: "93ubuntu1",
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "all",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 						},
 					},
@@ -1374,6 +1468,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								ID: "apt@1.6.3ubuntu0.1", Name: "apt", Version: "1.6.3ubuntu0.1",
 								SrcName: "apt", SrcVersion: "1.6.3ubuntu0.1",
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>", Arch: "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 						},
 					},
@@ -1401,6 +1496,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								SrcRelease: "2",
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "tar@1.34+dfsg-1",
@@ -1412,6 +1508,7 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 								SrcRelease: "1",
 								Maintainer: "Janos Lenart <ocsi@debian.org>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 								Digest:     "sha256:bd8e963c6edcf1c806df97cd73560794c347aa94b9aaaf3b88eea585bb2d2f3c",
 							},
 						},
@@ -1420,9 +1517,46 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 			},
 		},
 		{
-			name:      "md5sums",
+			name: "md5sums",
-			testFiles: map[string]string{"./testdata/tar.md5sums": "var/lib/dpkg/info/tar.md5sums"},
+			testFiles: map[string]string{
 				"./testdata/tar-status":  "var/lib/dpkg/status",
 				"./testdata/tar.md5sums": "var/lib/dpkg/info/tar.md5sums",
 			},
 			want: &analyzer.AnalysisResult{
 				PackageInfos: []types.PackageInfo{
 					{
 						FilePath: "var/lib/dpkg/status",
 						Packages: types.Packages{
 							{
 								ID:         "tar@1.29b-2",
 								Name:       "tar",
 								Version:    "1.29b",
 								Release:    "2",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 								SrcName:    "tar",
 								SrcVersion: "1.29b",
 								SrcRelease: "2",
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								InstalledFiles: []string{
 									"/usr/bin/tar",
 									"/usr/lib/mime/packages/tar",
 									"/usr/sbin/rmt-tar",
 									"/usr/sbin/tarcat",
 									"/usr/share/doc/tar/AUTHORS",
 									"/usr/share/doc/tar/NEWS.gz",
 									"/usr/share/doc/tar/README.Debian",
 									"/usr/share/doc/tar/THANKS.gz",
 									"/usr/share/doc/tar/changelog.Debian.gz",
 									"/usr/share/doc/tar/copyright",
 									"/usr/share/man/man1/tar.1.gz",
 									"/usr/share/man/man1/tarcat.1.gz",
 									"/usr/share/man/man8/rmt-tar.8.gz",
 								},
 							},
 						},
 					},
 				},
 				SystemInstalledFiles: []string{
 					"/usr/bin/tar",
 					"/usr/lib/mime/packages/tar",
@@ -1440,6 +1574,43 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 				},
 			},
 		},
 		{
 			name:      "third-party package",
 			testFiles: map[string]string{"./testdata/dpkg-third-party": "var/lib/dpkg/status"},
 			want: &analyzer.AnalysisResult{
 				PackageInfos: []types.PackageInfo{
 					{
 						FilePath: "var/lib/dpkg/status",
 						Packages: []types.Package{
 							{
 								ID:         "apt@1.6.3ubuntu0.1",
 								Name:       "apt",
 								Version:    "1.6.3ubuntu0.1",
 								SrcName:    "apt",
 								SrcVersion: "1.6.3ubuntu0.1",
 								Maintainer: "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 							},
 							{
 								ID:         "docker-ce@5:20.10.7~3-0~debian-buster",
 								Name:       "docker-ce",
 								Version:    "20.10.7~3-0~debian",
 								Release:    "buster",
 								Epoch:      5,
 								SrcName:    "docker-ce",
 								SrcVersion: "20.10.7~3-0~debian",
 								SrcRelease: "buster",
 								SrcEpoch:   5,
 								Maintainer: "Docker <support@docker.com>",
 								Arch:       "amd64",
 								Repository: types.PackageRepository{Class: types.RepositoryClassThirdParty},
 							},
 						},
 					},
 				},
 			},
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
@@ -1470,6 +1641,23 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) {
 	}
 }
 func Test_isThirdPartyPackage(t *testing.T) {
 	tests := []struct {
 		name       string
 		maintainer string
 		want       bool
 	}{
 		{"third-party (Docker)", "Docker <support@docker.com>", true},
 		{"third-party (GitHub - exact match)", "GitHub", true},
 		{"official (Ubuntu)", "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>", false},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			assert.Equal(t, tt.want, isThirdPartyPackage(tt.maintainer))
 		})
 	}
 }
 func Test_dpkgAnalyzer_Required(t *testing.T) {
 	tests := []struct {
 		name     string
--- a/pkg/fanal/analyzer/pkg/dpkg/testdata/dpkg-third-party
+++ b/pkg/fanal/analyzer/pkg/dpkg/testdata/dpkg-third-party
@@ -0,0 +1,27 @@
 Package: docker-ce
 Status: install ok installed
 Priority: optional
 Section: admin
 Installed-Size: 83560
 Maintainer: Docker <support@docker.com>
 Architecture: amd64
 Version: 5:20.10.7~3-0~debian-buster
 Replaces: docker, docker-ce
 Depends: containerd.io (>= 1.4.1), docker-ce-cli, iptables, libc6 (>= 2.8), libseccomp2 (>= 2.4.1), libc6 (>= 2.17), libdevmapper1.02.1 (>= 2:1.02.97)
 Recommends: ca-certificates, docker-ce-rootless-extras, git, pigz, xz-utils
 Description: Docker: the open-source application container engine
 Docker is a product for you to build, ship and run any application as a
 lightweight container.
 Homepage: https://www.docker.com
 Package: apt
 Status: install ok installed
 Priority: important
 Section: admin
 Installed-Size: 4148
 Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
 Architecture: amd64
 Version: 1.6.3ubuntu0.1
 Depends: base-files (>= 7.2ubuntu5.6)
 Description: commandline package manager
--- a/pkg/fanal/analyzer/pkg/dpkg/testdata/tar-status
+++ b/pkg/fanal/analyzer/pkg/dpkg/testdata/tar-status
@@ -0,0 +1,17 @@
 Package: tar
 Essential: yes
 Status: install ok installed
 Priority: required
 Section: utils
 Installed-Size: 864
 Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
 Architecture: amd64
 Multi-Arch: foreign
 Version: 1.29b-2
 Replaces: cpio (<< 2.4.2-39)
 Pre-Depends: libacl1 (>= 2.2.51-8), libc6 (>= 2.17), libselinux1 (>= 1.32)
 Suggests: bzip2, ncompress, xz-utils, tar-scripts, tar-doc
 Breaks: dpkg-dev (<< 1.14.26)
 Conflicts: cpio (<= 2.4.2-38)
 Description: GNU version of the tar archiving utility
--- a/pkg/fanal/analyzer/pkg/rpm/rpm.go
+++ b/pkg/fanal/analyzer/pkg/rpm/rpm.go
@@ -140,8 +140,12 @@ func (a rpmPkgAnalyzer) listPkgs(ctx context.Context, db RPMDB) (types.Packages,
 		// Check if the package is vendor-provided.
 		// If the package is not provided by vendor, the installed files should not be skipped.
 		repo := types.PackageRepository{
 			Class: types.RepositoryClassThirdParty,
 		}
 		var files []string
 		if packageProvidedByVendor(pkg) {
 			repo.Class = types.RepositoryClassOfficial
 			files, err = pkg.InstalledFileNames()
 			if err != nil {
 				return nil, nil, xerrors.Errorf("unable to get installed files: %w", err)
@@ -179,6 +183,7 @@ func (a rpmPkgAnalyzer) listPkgs(ctx context.Context, db RPMDB) (types.Packages,
 			Licenses:        licenses,
 			DependsOn:       pkg.Requires, // Will be replaced with package IDs
 			Maintainer:      pkg.Vendor,
 			Repository:      repo,
 			Digest:          d,
 			InstalledFiles:  files,
 		}
--- a/pkg/fanal/analyzer/pkg/rpm/rpm_test.go
+++ b/pkg/fanal/analyzer/pkg/rpm/rpm_test.go
@@ -158,6 +158,7 @@ func Test_rpmPkgAnalyzer_listPkgs(t *testing.T) {
 					SrcVersion: "2.17",
 					SrcRelease: "317.el7",
 					Maintainer: "Red Hat",
 					Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 					InstalledFiles: []string{
 						"/etc/ld.so.conf",
 						"/etc/rpc",
@@ -216,6 +217,7 @@ func Test_rpmPkgAnalyzer_listPkgs(t *testing.T) {
 					SrcName:    "curl",
 					SrcVersion: "8.3.0",
 					SrcRelease: "1.amzn2023.0.2",
 					Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 					InstalledFiles: []string{
 						"/usr/bin/curl",
 						"/usr/lib/.build-id",
@@ -248,11 +250,12 @@ func Test_rpmPkgAnalyzer_listPkgs(t *testing.T) {
 			},
 			wantPkgs: types.Packages{
 				{
-					ID:      "glibc@2.17-307.el7.1.x86_64",
+					ID:         "glibc@2.17-307.el7.1.x86_64",
-					Name:    "glibc",
+					Name:       "glibc",
-					Version: "2.17",
+					Version:    "2.17",
-					Release: "307.el7.1",
+					Release:    "307.el7.1",
-					Arch:    "x86_64",
+					Arch:       "x86_64",
 					Repository: types.PackageRepository{Class: types.RepositoryClassThirdParty},
 				},
 			},
 		},
--- a/pkg/fanal/artifact/image/image_test.go
+++ b/pkg/fanal/artifact/image/image_test.go
@@ -36,7 +36,7 @@ import (
 // Common blob IDs used across multiple test cases to reduce duplication
 const (
-	alpineBaseLayerID     = "sha256:be60f1fe61fc63ab50b10fe0779614e605a973a38cd7d2a02f3f20b081e56d4a"
+	alpineBaseLayerID     = "sha256:6c42077a82b21707f581759b12a99cc9a593ce35a0d7be4c19c01eb48bd5ba33"
 	alpineBaseLayerDiffID = "sha256:beee9f30bc1f711043e78d4a2be0668955d4b761d587d6f60c2c8dc081efb203"
 	alpineArtifactID      = "sha256:3c709d2a158be3a97051e10cd0e30f047225cb9505101feb3fadcd395c2e0408"
 	composerImageID       = "sha256:a187dde48cd289ac374ad8539930628314bc581a481cdb41409c9289419ddb72"
@@ -510,7 +510,7 @@ func TestArtifact_Inspect(t *testing.T) {
 			},
 			wantBlobs: []cachetest.WantBlob{
 				{
-					ID: "sha256:f2a647dcf780c603f864e491dca1a042b1e98062b530c813681d1bb4a85bcb18",
+					ID: "sha256:75a461ca76eecc6cea981889d69aa1c2dd78c436108be8be1bbc29295520c7d4",
 					BlobInfo: types.BlobInfo{
 						SchemaVersion: types.BlobJSONSchemaVersion,
 						Size:          3061760,
@@ -533,6 +533,7 @@ func TestArtifact_Inspect(t *testing.T) {
 										SrcVersion: "9.9+deb9u9",
 										Maintainer: "Santiago Vila <sanvila@debian.org>",
 										Arch:       "amd64",
 										Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 									},
 								},
 							},
@@ -547,6 +548,7 @@ func TestArtifact_Inspect(t *testing.T) {
 										SrcVersion: "5.4",
 										Maintainer: "Marco d'Itri <md@linux.it>",
 										Arch:       "all",
 										Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 									},
 								},
 							},
@@ -563,6 +565,7 @@ func TestArtifact_Inspect(t *testing.T) {
 										SrcRelease: "0+deb9u1",
 										Maintainer: "GNU Libc Maintainers <debian-glibc@lists.debian.org>",
 										Arch:       "all",
 										Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 									},
 								},
 							},
@@ -598,7 +601,7 @@ func TestArtifact_Inspect(t *testing.T) {
 					},
 				},
 				{
-					ID: "sha256:c988cc5a0b8f3dc542c15c303d9200dee47d4fbed0e498a5bfbf3b4bef7a5af7",
+					ID: "sha256:81afc1747d0fdec7a606c27570313634ae331fab6f13566b23d0f6b3e498c050",
 					BlobInfo: types.BlobInfo{
 						SchemaVersion: types.BlobJSONSchemaVersion,
 						Size:          15441920,
@@ -619,6 +622,7 @@ func TestArtifact_Inspect(t *testing.T) {
 										SrcRelease: "11+deb9u4",
 										Maintainer: "GNU Libc Maintainers <debian-glibc@lists.debian.org>",
 										Arch:       "amd64",
 										Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 									},
 								},
 							},
@@ -635,6 +639,7 @@ func TestArtifact_Inspect(t *testing.T) {
 										SrcRelease: "1~deb9u1",
 										Maintainer: "Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>",
 										Arch:       "amd64",
 										Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 									},
 								},
 							},
@@ -651,6 +656,7 @@ func TestArtifact_Inspect(t *testing.T) {
 										SrcRelease: "1~deb9u1",
 										Maintainer: "Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>",
 										Arch:       "amd64",
 										Repository: types.PackageRepository{Class: types.RepositoryClassOfficial},
 									},
 								},
 							},
@@ -693,7 +699,7 @@ func TestArtifact_Inspect(t *testing.T) {
 					},
 				},
 				{
-					ID: "sha256:05c19ffd5d898588400522070abd98c770b2965a7f4867d5c882c2a8783e40cc",
+					ID: "sha256:0778c3e388c54f736a3d6e74ed390a91fdb42c6809f8fb743d4f72acb41a5d6d",
 					BlobInfo: types.BlobInfo{
 						SchemaVersion: types.BlobJSONSchemaVersion,
 						Size:          29696,
@@ -900,7 +906,7 @@ func TestArtifact_Inspect(t *testing.T) {
 					},
 				},
 				{
-					ID: "sha256:c737743c0f8b35906650a02125f05c8b35916c0febf64984f4dfaacd0f72509d",
+					ID: "sha256:5a3e3f25fdc97a14d69d99c63dd640cd2d38af5b987b7a95084cce3d835970fb",
 					BlobInfo: types.BlobInfo{
 						SchemaVersion: types.BlobJSONSchemaVersion,
 						Size:          6656,
@@ -1763,10 +1769,10 @@ func TestArtifact_Inspect(t *testing.T) {
 				Type: types.TypeContainerImage,
 				ID:   "sha256:0bebf0773ffd87baa7c64fbdbdf79a24ae125e3f99a8adebe52d1ccbe6bed16b",
 				BlobIDs: []string{
-					"sha256:f2a647dcf780c603f864e491dca1a042b1e98062b530c813681d1bb4a85bcb18",
+					"sha256:75a461ca76eecc6cea981889d69aa1c2dd78c436108be8be1bbc29295520c7d4",
-					"sha256:c988cc5a0b8f3dc542c15c303d9200dee47d4fbed0e498a5bfbf3b4bef7a5af7",
+					"sha256:81afc1747d0fdec7a606c27570313634ae331fab6f13566b23d0f6b3e498c050",
-					"sha256:05c19ffd5d898588400522070abd98c770b2965a7f4867d5c882c2a8783e40cc",
+					"sha256:0778c3e388c54f736a3d6e74ed390a91fdb42c6809f8fb743d4f72acb41a5d6d",
-					"sha256:c737743c0f8b35906650a02125f05c8b35916c0febf64984f4dfaacd0f72509d",
+					"sha256:5a3e3f25fdc97a14d69d99c63dd640cd2d38af5b987b7a95084cce3d835970fb",
 				},
 				ImageMetadata: artifact.ImageMetadata{
 					ID: "sha256:58701fd185bda36cab0557bb6438661831267aa4a9e0b54211c4d5317a48aff4",
@@ -1874,7 +1880,7 @@ func TestArtifact_Inspect(t *testing.T) {
 			},
 			wantBlobs: []cachetest.WantBlob{
 				{
-					ID: "sha256:48b4a983ef1ec8f0d19934ccf7fca3d2114466ad32207e16371620628f149984",
+					ID: "sha256:a83985cade3970577a9af328db9c88c0bf15cad40f7d2cf6d76e83882bc8146d",
 					BlobInfo: types.BlobInfo{
 						SchemaVersion: types.BlobJSONSchemaVersion,
 						Size:          3061760,
@@ -1884,7 +1890,7 @@ func TestArtifact_Inspect(t *testing.T) {
 					},
 				},
 				{
-					ID: "sha256:a4d2820bd2c076f6153a9053843d4a56d31147ce486ec5e4a2c0405cec506d6c",
+					ID: "sha256:b109622c2d106193db505762f1f3e78cf0035a69e559caf07c305c92ddb89356",
 					BlobInfo: types.BlobInfo{
 						SchemaVersion: types.BlobJSONSchemaVersion,
 						Size:          15441920,
@@ -1894,7 +1900,7 @@ func TestArtifact_Inspect(t *testing.T) {
 					},
 				},
 				{
-					ID: "sha256:c5fa5e736cee843c563c222963eb89fc775f0620020ff9d51d5e5db8ef62eec4",
+					ID: "sha256:115f689385cb66077c338c52f2c9d6f3018a18c89be7fe7d23f1645422d7d59d",
 					BlobInfo: types.BlobInfo{
 						SchemaVersion: types.BlobJSONSchemaVersion,
 						Size:          29696,
@@ -1905,7 +1911,7 @@ func TestArtifact_Inspect(t *testing.T) {
 					},
 				},
 				{
-					ID: "sha256:7e223b95d6d589cdb196e29ef6c6ac0acdd2c471350dd9880a420b4249f6e7bb",
+					ID: "sha256:60129d309cd4f16d69262106d6074f37c6d37f6c9089a9710ec96ae067716636",
 					BlobInfo: types.BlobInfo{
 						SchemaVersion: types.BlobJSONSchemaVersion,
 						Size:          6656,
@@ -1921,10 +1927,10 @@ func TestArtifact_Inspect(t *testing.T) {
 				Type: types.TypeContainerImage,
 				ID:   "sha256:0bebf0773ffd87baa7c64fbdbdf79a24ae125e3f99a8adebe52d1ccbe6bed16b",
 				BlobIDs: []string{
-					"sha256:48b4a983ef1ec8f0d19934ccf7fca3d2114466ad32207e16371620628f149984",
+					"sha256:a83985cade3970577a9af328db9c88c0bf15cad40f7d2cf6d76e83882bc8146d",
-					"sha256:a4d2820bd2c076f6153a9053843d4a56d31147ce486ec5e4a2c0405cec506d6c",
+					"sha256:b109622c2d106193db505762f1f3e78cf0035a69e559caf07c305c92ddb89356",
-					"sha256:c5fa5e736cee843c563c222963eb89fc775f0620020ff9d51d5e5db8ef62eec4",
+					"sha256:115f689385cb66077c338c52f2c9d6f3018a18c89be7fe7d23f1645422d7d59d",
-					"sha256:7e223b95d6d589cdb196e29ef6c6ac0acdd2c471350dd9880a420b4249f6e7bb",
+					"sha256:60129d309cd4f16d69262106d6074f37c6d37f6c9089a9710ec96ae067716636",
 				},
 				ImageMetadata: artifact.ImageMetadata{
 					ID: "sha256:58701fd185bda36cab0557bb6438661831267aa4a9e0b54211c4d5317a48aff4",
--- a/pkg/fanal/artifact/local/fs_test.go
+++ b/pkg/fanal/artifact/local/fs_test.go
@@ -226,7 +226,7 @@ func TestArtifact_Inspect(t *testing.T) {
 			wantBlobs: []cachetest.WantBlob{
 				{
 					// Cache key is based on commit hash (8a19b492a589955c3e70c6ad8efd1e4ec6ae0d35)
-					ID: "sha256:c7173e152a268c038257b877794285986c52ac569de7e516b2963f557f4e26ee",
+					ID: "sha256:d37c788d6fe832712cce9020943746b8764c04f7e323ed4ad68de36c5bf7d846",
 					BlobInfo: types.BlobInfo{
 						SchemaVersion: types.BlobJSONSchemaVersion,
 					},
@@ -235,9 +235,9 @@ func TestArtifact_Inspect(t *testing.T) {
 			want: artifact.Reference{
 				Name: "../../../../internal/gittest/testdata/test-repo",
 				Type: types.TypeRepository,
-				ID:   "sha256:c7173e152a268c038257b877794285986c52ac569de7e516b2963f557f4e26ee",
+				ID:   "sha256:d37c788d6fe832712cce9020943746b8764c04f7e323ed4ad68de36c5bf7d846",
 				BlobIDs: []string{
-					"sha256:c7173e152a268c038257b877794285986c52ac569de7e516b2963f557f4e26ee",
+					"sha256:d37c788d6fe832712cce9020943746b8764c04f7e323ed4ad68de36c5bf7d846",
 				},
 				RepoMetadata: artifact.RepoMetadata{
 					RepoURL:   "https://github.com/aquasecurity/trivy-test-repo/",
@@ -2383,7 +2383,7 @@ func TestYAMLConfigScan(t *testing.T) {
 											Severity: "LOW",
 										},
 										CauseMetadata: types.CauseMetadata{
-											Provider: "Generic",
+											Provider: "Yaml",
 											Service:  "general",
 										},
 									},
@@ -2405,7 +2405,7 @@ func TestYAMLConfigScan(t *testing.T) {
 											Severity: "LOW",
 										},
 										CauseMetadata: types.CauseMetadata{
-											Provider: "Generic",
+											Provider: "Yaml",
 											Service:  "general",
 										},
 									},
@@ -2454,7 +2454,7 @@ func TestYAMLConfigScan(t *testing.T) {
 											Severity: "LOW",
 										},
 										CauseMetadata: types.CauseMetadata{
-											Provider: "Generic",
+											Provider: "Yaml",
 											Service:  "general",
 										},
 									},
--- a/pkg/fanal/artifact/local/testdata/misconfig/yaml/passed/checks/test.rego
+++ b/pkg/fanal/artifact/local/testdata/misconfig/yaml/passed/checks/test.rego
@@ -4,6 +4,9 @@
 #   id: TEST001
 #   avd_id: TEST001
 #   severity: LOW
 #   input:
 #     selector:
 #       - type: yaml
 package user.test_yaml_check
 deny[res] {
--- a/pkg/fanal/artifact/local/testdata/misconfig/yaml/with-schema/checks/test.rego
+++ b/pkg/fanal/artifact/local/testdata/misconfig/yaml/with-schema/checks/test.rego
@@ -4,6 +4,9 @@
 #   id: TEST001
 #   avd_id: TEST001
 #   severity: LOW
 #   input:
 #     selector:
 #       - type: yaml
 package user.test_yaml_check
 deny[res] {
--- a/pkg/fanal/artifact/repo/git_test.go
+++ b/pkg/fanal/artifact/repo/git_test.go
@@ -183,9 +183,9 @@ func TestArtifact_Inspect(t *testing.T) {
 			want: artifact.Reference{
 				Name: ts.URL + "/test-repo.git",
 				Type: types.TypeRepository,
-				ID:   "sha256:dc7c6039424c9fce969d3c2972d261af442a33f13e7494464386dbe280612d4c", // Calculated from commit hash
+				ID:   "sha256:1587f4be90cf95b3e1b733512d674301f5fe4200055f10efa4dbf0d5e590d32d", // Calculated from commit hash
 				BlobIDs: []string{
-					"sha256:dc7c6039424c9fce969d3c2972d261af442a33f13e7494464386dbe280612d4c", // Calculated from commit hash
+					"sha256:1587f4be90cf95b3e1b733512d674301f5fe4200055f10efa4dbf0d5e590d32d", // Calculated from commit hash
 				},
 				RepoMetadata: artifact.RepoMetadata{
 					RepoURL:   ts.URL + "/test-repo.git",
@@ -207,9 +207,9 @@ func TestArtifact_Inspect(t *testing.T) {
 			want: artifact.Reference{
 				Name: "../../../../internal/gittest/testdata/test-repo",
 				Type: types.TypeRepository,
-				ID:   "sha256:dc7c6039424c9fce969d3c2972d261af442a33f13e7494464386dbe280612d4c", // Calculated from commit hash
+				ID:   "sha256:1587f4be90cf95b3e1b733512d674301f5fe4200055f10efa4dbf0d5e590d32d", // Calculated from commit hash
 				BlobIDs: []string{
-					"sha256:dc7c6039424c9fce969d3c2972d261af442a33f13e7494464386dbe280612d4c", // Calculated from commit hash
+					"sha256:1587f4be90cf95b3e1b733512d674301f5fe4200055f10efa4dbf0d5e590d32d", // Calculated from commit hash
 				},
 				RepoMetadata: artifact.RepoMetadata{
 					RepoURL:   "https://github.com/aquasecurity/trivy-test-repo/",
@@ -267,16 +267,16 @@ func TestArtifact_Inspect(t *testing.T) {
 					},
 				}
 				// Store the blob info in the cache to test cache hit
-				cacheKey := "sha256:dc7c6039424c9fce969d3c2972d261af442a33f13e7494464386dbe280612d4c"
+				cacheKey := "sha256:1587f4be90cf95b3e1b733512d674301f5fe4200055f10efa4dbf0d5e590d32d"
 				err := c.PutBlob(t.Context(), cacheKey, blobInfo)
 				require.NoError(t, err)
 			},
 			want: artifact.Reference{
 				Name: "../../../../internal/gittest/testdata/test-repo",
 				Type: types.TypeRepository,
-				ID:   "sha256:dc7c6039424c9fce969d3c2972d261af442a33f13e7494464386dbe280612d4c",
+				ID:   "sha256:1587f4be90cf95b3e1b733512d674301f5fe4200055f10efa4dbf0d5e590d32d",
 				BlobIDs: []string{
-					"sha256:dc7c6039424c9fce969d3c2972d261af442a33f13e7494464386dbe280612d4c",
+					"sha256:1587f4be90cf95b3e1b733512d674301f5fe4200055f10efa4dbf0d5e590d32d",
 				},
 				RepoMetadata: artifact.RepoMetadata{
 					RepoURL:   "https://github.com/aquasecurity/trivy-test-repo/",
--- a/pkg/fanal/test/integration/testdata/goldens/packages/amazon-2.json.golden
+++ b/pkg/fanal/test/integration/testdata/goldens/packages/amazon-2.json.golden
--- a/pkg/fanal/test/integration/testdata/goldens/packages/debian-buster.json.golden
+++ b/pkg/fanal/test/integration/testdata/goldens/packages/debian-buster.json.golden
--- a/pkg/fanal/test/integration/testdata/goldens/packages/fedora-35.json.golden
+++ b/pkg/fanal/test/integration/testdata/goldens/packages/fedora-35.json.golden
--- a/pkg/fanal/test/integration/testdata/goldens/packages/opensuse-leap-151.json.golden
+++ b/pkg/fanal/test/integration/testdata/goldens/packages/opensuse-leap-151.json.golden
--- a/pkg/fanal/test/integration/testdata/goldens/packages/opensuse-tumbleweed.json.golden
+++ b/pkg/fanal/test/integration/testdata/goldens/packages/opensuse-tumbleweed.json.golden
--- a/pkg/fanal/test/integration/testdata/goldens/packages/photon-30.json.golden
+++ b/pkg/fanal/test/integration/testdata/goldens/packages/photon-30.json.golden
@@ -11,7 +11,10 @@
    "Licenses": [
      "GPLv3"
    ],
-    "Maintainer": "VMware, Inc."
+    "Maintainer": "VMware, Inc.",
    "Repository": {
      "Class": "official"
    }
  },
  {
    "ID": "bzip2-libs@1.0.6-10.ph3.x86_64",
@@ -25,7 +28,10 @@
    "Licenses": [
      "BSD"
    ],
-    "Maintainer": "VMware, Inc."
+    "Maintainer": "VMware, Inc.",
    "Repository": {
      "Class": "official"
    }
  },
  {
    "ID": "ca-certificates@20190521-1.ph3.x86_64",
@@ -39,7 +45,10 @@
    "Licenses": [
      "Custom"
    ],
-    "Maintainer": "VMware, Inc."
+    "Maintainer": "VMware, Inc.",
    "Repository": {
      "Class": "official"
    }
  },
  {
    "ID": "ca-certificates-pki@20190521-1.ph3.x86_64",
@@ -53,7 +62,10 @@
    "Licenses": [
      "Custom"
    ],
-    "Maintainer": "VMware, Inc."
+    "Maintainer": "VMware, Inc.",
    "Repository": {
      "Class": "official"
    }
  },
  {
    "ID": "curl@7.61.1-4.ph3.x86_64",
@@ -67,7 +79,10 @@
    "Licenses": [
      "MIT"
    ],
-    "Maintainer": "VMware, Inc."
+    "Maintainer": "VMware, Inc.",
    "Repository": {
      "Class": "official"
    }
  },
  {
    "ID": "curl-libs@7.61.1-4.ph3.x86_64",
@@ -81,7 +96,10 @@
    "Licenses": [
      "MIT"
    ],
-    "Maintainer": "VMware, Inc."
+    "Maintainer": "VMware, Inc.",
    "Repository": {
      "Class": "official"
    }
  },
  {
    "ID": "e2fsprogs-libs@1.44.3-2.ph3.x86_64",
@@ -95,7 +113,10 @@
    "Licenses": [
      "GPLv2+"
    ],
-    "Maintainer": "VMware, Inc."
+    "Maintainer": "VMware, Inc.",
    "Repository": {
      "Class": "official"
    }
  },
  {
    "ID": "elfutils-libelf@0.176-1.ph3.x86_64",
@@ -109,7 +130,10 @@
    "Licenses": [
      "GPLv2+ or LGPLv3+"
    ],
-    "Maintainer": "VMware, Inc."
+    "Maintainer": "VMware, Inc.",
    "Repository": {
      "Class": "official"
    }
  },
  {
    "ID": "expat-libs@2.2.6-2.ph3.x86_64",
@@ -123,7 +147,10 @@
    "Licenses": [
      "MIT"
    ],
-    "Maintainer": "VMware, Inc."
+    "Maintainer": "VMware, Inc.",
    "Repository": {
      "Class": "official"
    }
  },
  {
    "ID": "filesystem@1.1-4.ph3.x86_64",
@@ -137,7 +164,10 @@
    "Licenses": [
      "GPLv3"
    ],
-    "Maintainer": "VMware, Inc."
+    "Maintainer": "VMware, Inc.",
    "Repository": {
      "Class": "official"
    }
  },
  {
    "ID": "glibc@2.28-3.ph3.x86_64",
@@ -151,7 +181,10 @@
    "Licenses": [
      "LGPLv2+"
    ],
-    "Maintainer": "VMware, Inc."
+    "Maintainer": "VMware, Inc.",
    "Repository": {
      "Class": "official"
    }
  },
  {
    "ID": "gpg-pubkey@66fd4949-4803fe57.",
@@ -161,7 +194,10 @@
    "Arch": "None",
    "Licenses": [
      "pubkey"
-    ]
+    ],
    "Repository": {
      "Class": "third-party"
    }
  },
  {
    "ID": "krb5@1.17-1.ph3.x86_64",
@@ -175,7 +211,10 @@
    "Licenses": [
      "MIT"
    ],
-    "Maintainer": "VMware, Inc."
+    "Maintainer": "VMware, Inc.",
    "Repository": {
      "Class": "official"
    }
  },
  {
    "ID": "libcap@2.25-8.ph3.x86_64",
@@ -189,7 +228,10 @@
    "Licenses": [
      "GPLv2+"
    ],
-    "Maintainer": "VMware, Inc."
+    "Maintainer": "VMware, Inc.",
    "Repository": {
      "Class": "official"
    }
  },
  {
    "ID": "libdb@5.3.28-2.ph3.x86_64",
@@ -203,7 +245,10 @@
    "Licenses": [
      "BSD and LGPLv2 and Sleepycat"
    ],
-    "Maintainer": "VMware, Inc."
+    "Maintainer": "VMware, Inc.",
    "Repository": {
      "Class": "official"
    }
  },
  {
    "ID": "libgcc@7.3.0-4.ph3.x86_64",
@@ -217,7 +262,10 @@
    "Licenses": [
      "GPLv2+"
    ],
-    "Maintainer": "VMware, Inc."
+    "Maintainer": "VMware, Inc.",
    "Repository": {
      "Class": "official"
    }
  },
  {
    "ID": "libsolv@0.6.26-5.ph3.x86_64",
@@ -231,7 +279,10 @@
    "Licenses": [
      "BSD"
    ],
-    "Maintainer": "VMware, Inc."
+    "Maintainer": "VMware, Inc.",
    "Repository": {
      "Class": "official"
    }
  },
  {
    "ID": "libssh2@1.9.0-1.ph3.x86_64",
@@ -245,7 +296,10 @@
    "Licenses": [
      "BSD"
    ],
-    "Maintainer": "VMware, Inc."
+    "Maintainer": "VMware, Inc.",
    "Repository": {
      "Class": "official"
    }
  },
  {
    "ID": "ncurses-libs@6.1-1.ph3.x86_64",
@@ -259,7 +313,10 @@
    "Licenses": [
      "MIT"
    ],
-    "Maintainer": "VMware, Inc."
+    "Maintainer": "VMware, Inc.",
    "Repository": {
      "Class": "official"
    }
  },
  {
    "ID": "nspr@4.21-1.ph3.x86_64",
@@ -273,7 +330,10 @@
    "Licenses": [
      "MPLv2.0"
    ],
-    "Maintainer": "VMware, Inc."
+    "Maintainer": "VMware, Inc.",
    "Repository": {
      "Class": "official"
    }
  },
  {
    "ID": "nss-libs@3.44-2.ph3.x86_64",
@@ -287,7 +347,10 @@
    "Licenses": [
      "MPLv2.0"
    ],
-    "Maintainer": "VMware, Inc."
+    "Maintainer": "VMware, Inc.",
    "Repository": {
      "Class": "official"
    }
  },
  {
    "ID": "openssl@1.0.2s-1.ph3.x86_64",
@@ -301,7 +364,10 @@
    "Licenses": [
      "OpenSSL"
    ],
-    "Maintainer": "VMware, Inc."
+    "Maintainer": "VMware, Inc.",
    "Repository": {
      "Class": "official"
    }
  },
  {
    "ID": "photon-release@3.0-3.ph3.noarch",
@@ -315,7 +381,10 @@
    "Licenses": [
      "Apache License"
    ],
-    "Maintainer": "VMware, Inc."
+    "Maintainer": "VMware, Inc.",
    "Repository": {
      "Class": "official"
    }
  },
  {
    "ID": "photon-repos@3.0-3.ph3.noarch",
@@ -329,7 +398,10 @@
    "Licenses": [
      "Apache License"
    ],
-    "Maintainer": "VMware, Inc."
+    "Maintainer": "VMware, Inc.",
    "Repository": {
      "Class": "official"
    }
  },
  {
    "ID": "popt@1.16-5.ph3.x86_64",
@@ -343,7 +415,10 @@
    "Licenses": [
      "MIT"
    ],
-    "Maintainer": "VMware, Inc."
+    "Maintainer": "VMware, Inc.",
    "Repository": {
      "Class": "official"
    }
  },
  {
    "ID": "readline@7.0-2.ph3.x86_64",
@@ -357,7 +432,10 @@
    "Licenses": [
      "GPLv3+"
    ],
-    "Maintainer": "VMware, Inc."
+    "Maintainer": "VMware, Inc.",
    "Repository": {
      "Class": "official"
    }
  },
  {
    "ID": "rpm-libs@4.14.2-4.ph3.x86_64",
@@ -371,7 +449,10 @@
    "Licenses": [
      "GPLv2+"
    ],
-    "Maintainer": "VMware, Inc."
+    "Maintainer": "VMware, Inc.",
    "Repository": {
      "Class": "official"
    }
  },
  {
    "ID": "sqlite-libs@3.27.2-3.ph3.x86_64",
@@ -385,7 +466,10 @@
    "Licenses": [
      "Public Domain"
    ],
-    "Maintainer": "VMware, Inc."
+    "Maintainer": "VMware, Inc.",
    "Repository": {
      "Class": "official"
    }
  },
  {
    "ID": "tdnf@2.0.0-10.ph3.x86_64",
@@ -399,7 +483,10 @@
    "Licenses": [
      "LGPLv2.1,GPLv2"
    ],
-    "Maintainer": "VMware, Inc."
+    "Maintainer": "VMware, Inc.",
    "Repository": {
      "Class": "official"
    }
  },
  {
    "ID": "tdnf-cli-libs@2.0.0-10.ph3.x86_64",
@@ -413,7 +500,10 @@
    "Licenses": [
      "LGPLv2.1,GPLv2"
    ],
-    "Maintainer": "VMware, Inc."
+    "Maintainer": "VMware, Inc.",
    "Repository": {
      "Class": "official"
    }
  },
  {
    "ID": "toybox@0.7.7-1.ph3.x86_64",
@@ -427,7 +517,10 @@
    "Licenses": [
      "BSD"
    ],
-    "Maintainer": "VMware, Inc."
+    "Maintainer": "VMware, Inc.",
    "Repository": {
      "Class": "official"
    }
  },
  {
    "ID": "xz-libs@5.2.4-1.ph3.x86_64",
@@ -441,7 +534,10 @@
    "Licenses": [
      "GPLv2+ and GPLv3+ and LGPLv2+"
    ],
-    "Maintainer": "VMware, Inc."
+    "Maintainer": "VMware, Inc.",
    "Repository": {
      "Class": "official"
    }
  },
  {
    "ID": "zlib@1.2.11-1.ph3.x86_64",
@@ -455,6 +551,9 @@
    "Licenses": [
      "zlib"
    ],
-    "Maintainer": "VMware, Inc."
+    "Maintainer": "VMware, Inc.",
    "Repository": {
      "Class": "official"
    }
  }
 ]
--- a/pkg/fanal/test/integration/testdata/goldens/packages/suse-15.3_ndb.json.golden
+++ b/pkg/fanal/test/integration/testdata/goldens/packages/suse-15.3_ndb.json.golden
--- a/pkg/fanal/test/integration/testdata/goldens/packages/ubi-7.json.golden
+++ b/pkg/fanal/test/integration/testdata/goldens/packages/ubi-7.json.golden
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
dependabot[bot]	467b159e68	chore(deps): bump the docker group across 1 directory with 2 updates Bumps the docker group with 2 updates in the / directory: [github.com/docker/cli](https://github.com/docker/cli) and [github.com/moby/buildkit](https://github.com/moby/buildkit). Updates `github.com/docker/cli` from 29.1.1+incompatible to 29.1.3+incompatible - [Commits](https://github.com/docker/cli/compare/v29.1.1...v29.1.3) Updates `github.com/moby/buildkit` from 0.26.2 to 0.26.3 - [Release notes](https://github.com/moby/buildkit/releases) - [Commits](https://github.com/moby/buildkit/compare/v0.26.2...v0.26.3) --- updated-dependencies: - dependency-name: github.com/docker/cli dependency-version: 29.1.3+incompatible dependency-type: direct:production update-type: version-update:semver-patch dependency-group: docker - dependency-name: github.com/moby/buildkit dependency-version: 0.26.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: docker ... Signed-off-by: dependabot[bot] <support@github.com>	2025-12-22 14:02:14 +00:00
DmitriyLewen	7a6594c745	chore(deps): bump `golang.org/x/tools` to `v0.40.0` + `gopls` to `v0.21.0` (#9973 )	2025-12-22 12:20:10 +00:00
urimils	d3096e7617	feat(rootio): Update trivy db to support usage of Severity from root.io feed (#9930 ) Co-authored-by: urimils <urimils@users.noreply.github.com> Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>	2025-12-22 11:45:49 +00:00
Teppei Fukuda	74819bf457	feat(vuln): skip vulnerability scanning for third-party packages in Debian/Ubuntu (#9932 )	2025-12-22 10:56:30 +00:00
DmitriyLewen	56f93a1bcf	docs: add info that `--file-pattern` flag doesn't disable default behaviuor (#9961 )	2025-12-22 08:55:26 +00:00
Ankit Pramanik	10a50a7429	perf(misconf): optimize string concatenation in azure scanner (#9969 )	2025-12-22 05:37:36 +00:00
Owen Rumney	75c4dc0f45	chore: add client option to install script (#9962 ) Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com>	2025-12-19 09:49:08 +00:00
Aqua Security automated builds	87772521b6	ci(helm): bump Trivy version to 0.68.2 for Trivy Helm Chart 0.20.1 (#9956 ) Co-authored-by: GitHub Actions <actions@github.com>	2025-12-17 07:13:29 +00:00
dependabot[bot]	5eda0a4e85	chore(deps): bump github.com/quic-go/quic-go from 0.54.1 to 0.57.0 (#9952 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-12-17 06:07:48 +00:00
Igor Adulyan	718ec29ec6	docs: update binary signature verification for sigstore bundles (#9929 )	2025-12-12 06:56:26 +00:00
DmitriyLewen	d528250a1d	chore(deps): bump alpine from `3.22.1` to `3.23.0` (#9935 )	2025-12-12 06:55:39 +00:00
DmitriyLewen	f50b96a815	chore(alpine): add EOL date for alpine 3.23 (#9934 )	2025-12-12 06:55:09 +00:00
Nikita Pivkin	d65b504cb2	feat(cloudformation): add support for Fn::ForEach (#9508 ) Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>	2025-12-11 18:53:03 +00:00
DmitriyLewen	1a901e5c75	ci: enable `check-latest` for `setup-go` (#9931 )	2025-12-11 08:17:40 +00:00
Teppei Fukuda	effc1c0d4d	feat(debian): detect third-party packages using maintainer list (#9917 )	2025-12-11 05:18:31 +00:00
DmitriyLewen	335cc993fa	fix(vex): add CVE-2025-66564 as not_affected into Trivy VEX file (#9924 )	2025-12-10 12:16:31 +00:00
Kélian Saint-Bonnet	879e4fca12	feat(helm): add sslCertDir parameter (#9697 )	2025-12-09 23:15:31 +00:00
Nikita Pivkin	18ecf75176	fix(misconf): respect .yml files when Helm charts are detected (#9912 ) Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>	2025-12-09 23:07:39 +00:00
Teppei Fukuda	56b59e8abb	feat(php): add support for dev dependencies in Composer (#9910 )	2025-12-09 12:40:05 +00:00
dependabot[bot]	f58826fb2a	chore(deps): bump the common group across 1 directory with 9 updates (#9903 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-12-09 05:35:08 +00:00
dependabot[bot]	39273f34cc	chore(deps): bump github.com/docker/cli from 29.0.3+incompatible to 29.1.1+incompatible in the docker group (#9859 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: knqyf263 <knqyf263@gmail.com>	2025-12-08 10:25:32 +00:00
Thomas Hille	9db123ccf8	fix: remove trailing tab in statefulset template (#9889 )	2025-12-08 06:17:59 +00:00
Matt Bauman	c2f82add3a	feat(julia): enable vulnerability scanning for the Julia language ecosystem (#9800 ) Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>	2025-12-05 10:15:16 +00:00
Nikita Pivkin	9275e1532b	feat(misconf): initial ansible scanning support (#9332 ) Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io> Co-authored-by: Simar <simar@linux.com> Co-authored-by: simar7 <1254783+simar7@users.noreply.github.com>	2025-12-05 06:20:37 +00:00
yagreut	48dfedeb1e	feat(misconf): Update Azure Database schema (#9811 ) Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io> Co-authored-by: nikpivkin <nikita.pivkin@smartforce.io>	2025-12-05 05:28:25 +00:00
Aqua Security automated builds	75171128a4	ci(helm): bump Trivy version to 0.68.1 for Trivy Helm Chart 0.20.0 (#9869 ) Co-authored-by: GitHub Actions <actions@github.com>	2025-12-04 01:06:08 +00:00
Owen Rumney	32f3df11a2	chore: update the install script (#9874 ) Co-authored-by: Teppei Fukuda <knqyf263@gmail.com>	2025-12-03 17:12:33 +00:00