fix: update cosing settings for GoReleaser after bumping cosing to v3 [backport: release/v0.68] (#9870)

Co-authored-by: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com>

.clang-format

@@ -1,5 +0,0 @@
----
-Language: Proto
-BasedOnStyle: Google
-AlignConsecutiveAssignments: true
-AlignConsecutiveDeclarations: true

.github/CODEOWNERS

@@ -8,15 +8,15 @@ pkg/sbom/        @knqyf263 @DmitriyLewen
 pkg/scanner/     @knqyf263 @DmitriyLewen
 
 # Misconfiguration scanning
-docs/docs/scanner/misconfiguration/  @simar7 @nikpivkin
-docs/docs/target/aws.md              @simar7 @nikpivkin
-pkg/fanal/analyzer/config/           @simar7 @nikpivkin
-pkg/cloud/                           @simar7 @nikpivkin
-pkg/iac/                             @simar7 @nikpivkin
+docs/guide/scanner/misconfiguration/  @simar7 @nikpivkin
+docs/guide/target/aws.md              @simar7 @nikpivkin
+pkg/fanal/analyzer/config/            @simar7 @nikpivkin
+pkg/config/aws/                       @simar7 @nikpivkin
+pkg/iac/                              @simar7 @nikpivkin
 
 # Helm chart
 helm/trivy/ @afdesk @simar7
 
 # Kubernetes scanning
 pkg/k8s/                         @afdesk @simar7
-docs/docs/target/kubernetes.md   @afdesk @simar7
+docs/guide/target/kubernetes.md   @afdesk @simar7

.github/DISCUSSION_TEMPLATE/bugs.yml

@@ -10,7 +10,7 @@ body:
         
         **Do not open a GitHub issue, please.** Maintainers triage discussions and then create issues.
         
-        Please also check [our contribution guidelines](https://trivy.dev/latest/community/contribute/discussion/).
+        Please also check [our contribution guidelines](https://trivy.dev/docs/latest/community/contribute/discussion/).
   - type: textarea
     attributes:
       label: Description
@@ -117,7 +117,7 @@ body:
       description: Have you tried the following?
       options:
         - label: Run `trivy clean --all`
-        - label: Read [the troubleshooting](https://trivy.dev/latest/docs/references/troubleshooting/)
+        - label: Read [the troubleshooting](https://trivy.dev/docs/latest/references/troubleshooting/)
   - type: markdown
     attributes:
       value: |

.github/DISCUSSION_TEMPLATE/documentation.yml

@@ -7,7 +7,7 @@ body:
         Feel free to create a docs report if something doesn't work as expected or is unclear in the documentation.
         Please ensure that you're not creating a duplicate report by searching the [issues](https://github.com/aquasecurity/trivy/issues)/[discussions](https://github.com/aquasecurity/trivy/discussions) beforehand.
         
-        Please also check [our contribution guidelines](https://trivy.dev/latest/community/contribute/discussion/).
+        Please also check [our contribution guidelines](https://trivy.dev/docs/latest/community/contribute/discussion/).
   - type: textarea
     attributes:
       label: Description

.github/DISCUSSION_TEMPLATE/false-detection.yml

@@ -8,7 +8,7 @@ body:
         
         **Do not open a GitHub issue, please.** Maintainers triage discussions and then create issues.
         
-        Please also check [our contribution guidelines](https://trivy.dev/latest/community/contribute/discussion/).
+        Please also check [our contribution guidelines](https://trivy.dev/docs/latest/community/contribute/discussion/).
   - type: input
     attributes:
       label: IDs

.github/DISCUSSION_TEMPLATE/ideas.yml

@@ -9,7 +9,7 @@ body:
         
         **Do not open a GitHub issue, please.** Maintainers triage discussions and then create issues.
         
-        Please also check [our contribution guidelines](https://trivy.dev/latest/community/contribute/discussion/).
+        Please also check [our contribution guidelines](https://trivy.dev/docs/latest/community/contribute/discussion/).
   - type: textarea
     attributes:
       label: Description

.github/DISCUSSION_TEMPLATE/q-a.yml

@@ -9,7 +9,7 @@ body:
         
         **Do not open a GitHub issue, please.** Maintainers triage discussions and then create issues.
         
-        Please also check [our contribution guidelines](https://trivy.dev/latest/community/contribute/discussion/).
+        Please also check [our contribution guidelines](https://trivy.dev/docs/latest/community/contribute/discussion/).
   - type: textarea
     attributes:
       label: Question

.github/ISSUE_TEMPLATE/maintainer.md

@@ -8,4 +8,4 @@ assignees: ''
 ---
 
 ## Are you a maintainer of the Trivy project?
-If not, please open [a discussion](https://github.com/aquasecurity/trivy/discussions); if you are, please review [the guideline](https://trivy.dev/latest/community/contribute/discussion/).
+If not, please open [a discussion](https://github.com/aquasecurity/trivy/discussions); if you are, please review [the guideline](https://trivy.dev/docs/latest/community/contribute/discussion/).

.github/actions/trivy-triage/helpers.js

@@ -1,6 +1,11 @@
+const patterns = {
+    Scanner: /### Scanner\r?\n\r?\n(.+)/,
+    Target: /### Target\r?\n\r?\n(.+)/,
+};
+
 module.exports = {
     detectDiscussionLabels: (discussion, configDiscussionLabels) => {
-        res = [];
+        const res = [];
         const discussionId = discussion.id;
         const category = discussion.category.name;
         const body = discussion.body;
@@ -8,15 +13,21 @@ module.exports = {
             console.log(`skipping discussion with category ${category} and body ${body}`);
             return [];
         }
-        const scannerPattern = /### Scanner\n\n(.+)/;
-        const scannerFound = body.match(scannerPattern);
-        if (scannerFound && scannerFound.length > 1) {
-            res.push(configDiscussionLabels[scannerFound[1]]);
-        }
-        const targetPattern = /### Target\n\n(.+)/;
-        const targetFound = body.match(targetPattern);
-        if (targetFound && targetFound.length > 1) {
-            res.push(configDiscussionLabels[targetFound[1]]);
+
+        for (const key in patterns) {
+            const match = body.match(patterns[key]);
+            if (match && match.length > 1 && match[1] !== "None") {
+                const val = configDiscussionLabels[match[1]];
+                if (val === undefined && match[1]) {
+                    console.warn(
+                        `Value for ${key.toLowerCase()} key "${
+                            match[1]
+                        }" not found in configDiscussionLabels`
+                    );
+                } else {
+                    res.push(val);
+                }
+            }
         }
         return res;
     },

.github/actions/trivy-triage/helpers.test.js

@@ -62,6 +62,17 @@ describe('trivy-triage', async function() {
       assert(labels.includes('ContainerImageLabel'));
       assert(labels.includes('VulnerabilityLabel'));
     });
+    it('detect scanner and target labels on windows', async function() {
+      const discussion = {
+        body: 'hello hello\r\nbla bla.\r\n### Scanner\r\n\r\nVulnerability\r\n### Target\r\n\r\nContainer Image\r\nbye bye.',
+        category: {
+          name: 'Ideas'
+        }
+      };
+      const labels = detectDiscussionLabels(discussion, configDiscussionLabels);
+      assert(labels.includes('ContainerImageLabel'));
+      assert(labels.includes('VulnerabilityLabel'));
+    });
     it('not detect other labels', async function() {
       const discussion = {
         body: 'hello hello\nbla bla.\n### Scanner\n\nVulnerability\n### Target\n\nContainer Image\nbye bye.', 
@@ -73,6 +84,16 @@ describe('trivy-triage', async function() {
       assert(!labels.includes('FilesystemLabel'));
       assert(!labels.includes('MisconfigurationLabel'));
     });
+    it('ignores unmatched label values from body', async function() {
+      const discussion = {
+        body: '### Target\r\n\r\nNone\r\n\r\n### Scanner\r\n\r\nMisconfiguration', 
+        category: {
+          name: 'Ideas'
+        }
+      };
+      const labels = detectDiscussionLabels(discussion, configDiscussionLabels);
+      assert.deepStrictEqual(labels, ['MisconfigurationLabel']);
+    });
     it('process only relevant categories', async function() {
       const discussion = {
         body: 'hello world', 

.github/dependabot.yml

@@ -21,6 +21,8 @@ updates:
     directory: /
     schedule:
       interval: weekly
+    cooldown:
+      default-days: 3
     ignore:
       - dependency-name: "github.com/aquasecurity/trivy-*" ## `trivy-*` dependencies are updated manually
     groups:

.github/pull_request_template.md

@@ -10,8 +10,8 @@
 Remove this section if you don't have related PRs.
 
 ## Checklist
-- [ ] I've read the [guidelines for contributing](https://trivy.dev/latest/community/contribute/pr/) to this repository.
-- [ ] I've followed the [conventions](https://trivy.dev/latest/community/contribute/pr/#title) in the PR title.
+- [ ] I've read the [guidelines for contributing](https://trivy.dev/docs/latest/community/contribute/pr/) to this repository.
+- [ ] I've followed the [conventions](https://trivy.dev/docs/latest/community/contribute/pr/#title) in the PR title.
 - [ ] I've added tests that prove my fix is effective or that my feature works.
 - [ ] I've updated the [documentation](https://github.com/aquasecurity/trivy/blob/main/docs) with the relevant information (if needed).
 - [ ] I've added usage information (if the PR introduces new options)

.github/workflows/apidiff.yaml

@@ -0,0 +1,181 @@
+name: API Diff Check
+
+on:
+  # SECURITY: Using pull_request_target to support fork PRs with write permissions.
+  # PR code is checked out but only for static analysis - it is never executed.
+  # If modifying this workflow, ensure PR code is never executed and user inputs are not used unsafely.
+  pull_request_target:
+    types: [opened, synchronize]
+    paths:
+      - 'pkg/**/*.go'
+      - 'rpc/**/*.go'
+
+permissions:
+  contents: read
+  pull-requests: write
+  issues: write
+
+jobs:
+  apidiff:
+    runs-on: ubuntu-24.04
+    name: API Diff Check
+    steps:
+      # Check if PR has conflicts. When conflicts exist, the merge commit becomes
+      # frozen at an old state and apidiff cannot run correctly.
+      - name: Check for merge conflicts
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PR_NUMBER: ${{ github.event.pull_request.number }}
+        # pull_request_target and mergeability are processed asynchronously.
+        # As a result, it’s possible that we start the check before GitHub has finished calculating the mergeability.
+        # To handle this, a retry mechanism has been added — it waits for 2 seconds after each attempt.
+        # If mergeable_state isn’t obtained after 5 attempts, an error is returned.
+        run: |
+          MAX=5
+          for i in $(seq 1 "$MAX"); do
+            state=$(gh api "repos/$GITHUB_REPOSITORY/pulls/$PR_NUMBER" --jq .mergeable_state)
+            echo "mergeable_state=$state"
+          
+            if [ "$state" = "dirty" ]; then
+              echo "::error::This PR has merge conflicts. Please resolve conflicts before running apidiff."
+              exit 1
+            fi
+          
+            if [ -n "$state" ] && [ "$state" != "unknown" ] && [ "$state" != "null" ]; then
+              break
+            fi
+          
+            if [ "$i" -lt "$MAX" ] && { [ -z "$state" ] || [ "$state" = "unknown" ] || [ "$state" = "null" ]; }; then
+              echo "::error::Could not determine mergeability after $i tries."
+              exit 1
+            fi
+          
+            sleep 2
+          done
+
+      # Checkout PR merge commit to compare against base branch
+      # This ensures we compare the actual merge result with the base branch,
+      # avoiding false positives when PR is not rebased with latest main
+      - name: Checkout
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          ref: refs/pull/${{ github.event.pull_request.number }}/merge
+
+      - name: Set up Go
+        uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
+        with:
+          go-version-file: go.mod
+          cache: false
+
+      # Ensure the base commit exists locally for go-apidiff to compare against.
+      # Even though we checkout the merge commit, go-apidiff needs the base ref to exist.
+      # Use base.ref instead of base.sha, since base.sha is outdated (not updated after every commit).
+      # cf. https://github.com/orgs/community/discussions/59677
+      - name: Fetch base commit
+        id: fetch_base
+        run: |
+          set -euo pipefail
+          BASE_REF="${{ github.event.pull_request.base.ref || github.event.merge_group.base_ref }}"
+          if [ -z "${BASE_REF:-}" ]; then
+            echo "::error::BASE_REF is empty (no base ref in event payload)"; exit 1
+          fi
+      
+          git fetch --depth=1 origin "$BASE_REF"
+          
+          BASE_SHA="$(git rev-parse "origin/$BASE_REF")" 
+          if [ -z "${BASE_SHA:-}" ]; then
+            echo "::error::BASE_SHA is empty (failed to resolve origin/$BASE_REF)"; exit 1
+          fi
+          echo "base_sha=$BASE_SHA" >> "$GITHUB_OUTPUT"
+
+      # NOTE: go-apidiff is not managed in go.mod because installing it via `go get -tool`
+      # would cause `mage tool:install` to attempt building it on Windows, which currently
+      # fails due to platform-specific issues.
+      - name: Run go-apidiff
+        id: apidiff
+        continue-on-error: true
+        uses: joelanford/go-apidiff@60c4206be8f84348ebda2a3e0c3ac9cb54b8f685 # v0.8.3
+        with:
+          base-ref: ${{ steps.fetch_base.outputs.base_sha }}
+          version: v0.8.3
+
+      - name: Add apidiff label
+        if: ${{ steps.apidiff.outputs.semver-type == 'major' }}
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        with:
+          script: |
+            const label = 'apidiff';
+            await github.rest.issues.addLabels({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: context.issue.number,
+              labels: [label],
+            });
+
+      - name: Comment API diff
+        if: ${{ steps.apidiff.outputs.semver-type == 'major' }}
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        env:
+          APIDIFF_OUTPUT: ${{ steps.apidiff.outputs.output }}
+          SEMVER_TYPE: ${{ steps.apidiff.outputs.semver-type }}
+        with:
+          script: |
+            const header = '## 📊 API Changes Detected';
+            const diff = process.env.APIDIFF_OUTPUT.trim();
+            const semver = process.env.SEMVER_TYPE || 'unknown';
+            const body = [
+              header,
+              '',
+              `Semver impact: \`${semver}\``,
+              '',
+              '```',
+              diff,
+              '```',
+            ].join('\n');
+
+            const { data: comments } = await github.rest.issues.listComments({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: context.issue.number,
+            });
+
+            const existing = comments.find(comment =>
+              comment.user.type === 'Bot' &&
+              comment.body.startsWith(header),
+            );
+
+            if (existing) {
+              await github.rest.issues.updateComment({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                comment_id: existing.id,
+                body,
+              });
+            } else {
+              await github.rest.issues.createComment({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                issue_number: context.issue.number,
+                body,
+              });
+            }
+
+      # Attempt to request the premium reviewers; needs org-scoped token because GITHUB_TOKEN lacks read:org.
+      - name: Request trivy-premium review
+        if: ${{ steps.apidiff.outputs.semver-type == 'major' }}
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        with:
+          github-token: ${{ secrets.ORG_REPO_TOKEN }}
+          script: |
+            try {
+              await github.rest.pulls.requestReviewers({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                pull_number: context.issue.number,
+                team_reviewers: ['trivy-premium'],
+              });
+              console.log('Requested review from aquasecurity/trivy-premium team');
+            } catch (error) {
+              core.error(`Failed to request trivy-premium reviewers: ${error.message}`);
+              throw error;
+            }

.github/workflows/auto-close-issue.yaml

@@ -9,7 +9,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Close issue if user does not have write or admin permissions
-        uses: actions/github-script@v7
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
         with:
           script: |
             // Get the issue creator's username
@@ -26,7 +26,7 @@ jobs:
             
             // If the user does not have write or admin permissions, leave a comment and close the issue
             if (permission !== 'write' && permission !== 'admin') {
-              const commentBody = "Please see https://trivy.dev/latest/community/contribute/issue/";
+              const commentBody = "Please see https://trivy.dev/docs/latest/community/contribute/issue/";
               await github.rest.issues.createComment({
                 owner: context.repo.owner,
                 repo: context.repo.repo,

.github/workflows/auto-ready-for-review.yaml

@@ -0,0 +1,138 @@
+name: Auto Ready for Review
+
+on:
+  workflow_run:
+    workflows: ["Test", "Validate PR Title"]
+    types: [completed]
+
+jobs:
+  auto-ready-for-review:
+    runs-on: ubuntu-24.04
+    if: github.event.workflow_run.event == 'pull_request'
+    steps:
+      - name: Get PR context
+        id: pr-context
+        env:
+          GH_TOKEN: ${{ github.token }}
+          PR_BRANCH: |-
+            ${{
+              (github.event.workflow_run.head_repository.owner.login != github.event.workflow_run.repository.owner.login)
+                && format('{0}:{1}', github.event.workflow_run.head_repository.owner.login, github.event.workflow_run.head_branch)
+                || github.event.workflow_run.head_branch
+            }}
+        run: |
+          echo "[INFO] Searching for PR with branch: ${PR_BRANCH}"
+          if gh pr view --repo "${{ github.repository }}" "${PR_BRANCH}" --json 'number' --jq '"number=\(.number)"' >> "${GITHUB_OUTPUT}"; then
+            echo "[INFO] PR found successfully"
+          else
+            echo "[INFO] No PR found for branch ${PR_BRANCH}, skipping"
+            echo "skip=true" >> "${GITHUB_OUTPUT}"
+          fi
+          
+      - name: Check PR and all workflows status
+        if: steps.pr-context.outputs.skip != 'true'
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        with:
+          script: |
+            const prNumber = ${{ steps.pr-context.outputs.number }};
+            console.log(`[INFO] Processing PR #${prNumber}`);
+            
+            // Get PR info
+            const { data: pr } = await github.rest.pulls.get({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              pull_number: prNumber
+            });
+            
+            console.log(`[INFO] PR #${prNumber} - Draft: ${pr.draft}, Labels: ${pr.labels.map(l => l.name).join(', ')}`);
+            
+            // Check if PR has autoready label and is draft
+            const hasAutoreadyLabel = pr.labels.some(label => label.name === 'autoready');
+            
+            if (!pr.draft) {
+              console.log(`[INFO] PR #${prNumber} is not draft, skipping`);
+              return;
+            }
+            
+            if (!hasAutoreadyLabel) {
+              console.log(`[INFO] PR #${prNumber} doesn't have autoready label, skipping`);
+              return;
+            }
+            
+            // Get all workflow runs for this PR's head commit (head_sha)
+            const { data: workflowRuns } = await github.rest.actions.listWorkflowRunsForRepo({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              head_sha: pr.head.sha,
+              per_page: 100
+            });
+            
+            console.log(`[INFO] Found ${workflowRuns.workflow_runs.length} workflow runs for PR #${prNumber}`);
+            
+            // Check workflow status
+            const runningWorkflows = workflowRuns.workflow_runs.filter(run => 
+              run.status === 'in_progress' || run.status === 'queued'
+            );
+            
+            const failedWorkflows = workflowRuns.workflow_runs.filter(run => 
+              run.conclusion === 'failure' || run.conclusion === 'cancelled'
+            );
+            
+            const successfulWorkflows = workflowRuns.workflow_runs.filter(run => 
+              run.conclusion === 'success'
+            );
+            
+            console.log(`[INFO] Workflow status - Running: ${runningWorkflows.length}, Failed: ${failedWorkflows.length}, Success: ${successfulWorkflows.length}`);
+            
+            if (runningWorkflows.length > 0) {
+              console.log(`[INFO] Some workflows are still running: ${runningWorkflows.map(w => w.name).join(', ')}`);
+              return;
+            }
+            
+            if (failedWorkflows.length > 0) {
+              console.log(`[INFO] Some workflows failed: ${failedWorkflows.map(w => w.name).join(', ')}`);
+              return;
+            }
+            
+            console.log(`[INFO] All workflows passed! Marking PR #${prNumber} as ready for review...`);
+            
+            // Mark PR as ready for review using GraphQL API
+            // Reference: https://github.com/orgs/community/discussions/70061
+            try {
+              const mutation = `
+                mutation MarkPullRequestReadyForReview($pullRequestId: ID!) {
+                  markPullRequestReadyForReview(input: { pullRequestId: $pullRequestId }) {
+                    pullRequest {
+                      id
+                      isDraft
+                      number
+                    }
+                  }
+                }
+              `;
+              
+              const updateResult = await github.graphql(mutation, {
+                pullRequestId: pr.node_id
+              });
+              
+              const isDraft = updateResult.markPullRequestReadyForReview.pullRequest.isDraft;
+              console.log(`[SUCCESS] PR #${prNumber} marked as ready for review. Draft status: ${isDraft}`);
+            } catch (error) {
+              console.log(`[ERROR] Failed to mark PR #${prNumber} as ready for review: ${error.message}`);
+              console.log(`[ERROR] Error details: ${JSON.stringify(error.response?.data || error, null, 2)}`);
+              return;
+            }
+            
+            // Remove autoready label
+            try {
+              const labelResult = await github.rest.issues.removeLabel({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                issue_number: prNumber,
+                name: 'autoready'
+              });
+              console.log(`[SUCCESS] autoready label removed from PR #${prNumber}. Status: ${labelResult.status}`);
+            } catch (error) {
+              console.log(`[WARNING] Could not remove autoready label from PR #${prNumber}: ${error.message}`);
+              console.log(`[WARNING] Error details: ${JSON.stringify(error.response?.data || error, null, 2)}`);
+            }

.github/workflows/auto-update-labels.yaml

@@ -11,10 +11,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout main
-        uses: actions/checkout@v4.1.6
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 
       - name: Set up Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
         with:
           go-version-file: go.mod
           cache: false

.github/workflows/backport.yaml

@@ -16,7 +16,7 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
-          PERMISSION=$(gh api /repos/${{ github.repository }}/collaborators/${{ github.actor }}/permission --jq '.permission')
+          PERMISSION=$(gh api /repos/$GITHUB_REPOSITORY/collaborators/$GITHUB_ACTOR/permission --jq '.permission')
           if [ "$PERMISSION" == "admin" ] || [ "$PERMISSION" == "write" ]; then
            echo "is_maintainer=true" >> $GITHUB_OUTPUT
           else
@@ -36,7 +36,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           fetch-depth: 0
 
@@ -44,8 +44,12 @@ jobs:
         env:
           COMMENT_BODY: ${{ github.event.comment.body }}
         run: |
-          BRANCH_NAME=$(echo $COMMENT_BODY | grep -oE '@aqua-bot backport\s+(\S+)' | awk '{print $3}')
-          echo "BRANCH_NAME=$BRANCH_NAME" >> $GITHUB_ENV
+          BRANCH_NAME=$(echo "$COMMENT_BODY" | grep -oE '@aqua-bot backport\s+(\S+)' | awk '{print $3}')
+          if [[ -z "$BRANCH_NAME" || "$BRANCH_NAME" == *".."* || ! "$BRANCH_NAME" =~ ^[A-Za-z0-9._-]+(/[A-Za-z0-9._-]+)*$ ]]; then
+            echo "Error: Invalid branch name extracted (unsafe characters detected)." >&2
+            exit 1
+          fi
+          echo "BRANCH_NAME=$BRANCH_NAME" >> "$GITHUB_ENV"
 
       - name: Set up Git user
         run: |
@@ -53,8 +57,9 @@ jobs:
           git config --global user.name "GitHub Actions"
 
       - name: Run backport script
-        run: ./misc/backport/backport.sh ${{ env.BRANCH_NAME }} ${{ github.event.issue.number }}
         env:
           # Use ORG_REPO_TOKEN instead of GITHUB_TOKEN
           # This allows the created PR to trigger tests and other workflows
-          GITHUB_TOKEN: ${{ secrets.ORG_REPO_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.ORG_REPO_TOKEN }}
+          ISSUE_NUMBER: ${{ github.event.issue.number }}
+        run: ./misc/backport/backport.sh "$BRANCH_NAME" "$ISSUE_NUMBER"

.github/workflows/cache-test-assets.yaml

@@ -1,7 +1,12 @@
-name: Cache test images
+name: Cache test assets
+# This workflow runs on the main branch to create caches that can be accessed by PRs.
+# GitHub Actions cache isolation restricts access:
+# - PRs can only restore caches from: current branch, base branch, and default branch (main)
+# - PRs cannot restore caches from sibling branches or other PR branches
+# - By creating caches on the main branch, all PRs can benefit from shared cache
 on:
-  schedule:
-    - cron: "0 0 * * *" # Run this workflow every day at 00:00 to avoid cache deletion.
+  push:
+    branches: [main]
   workflow_dispatch:
 
 jobs:
@@ -10,10 +15,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out code into the Go module directory
-        uses: actions/checkout@v4.1.6
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 
       - name: Set up Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
         with:
           go-version-file: go.mod
           cache: false
@@ -22,7 +27,6 @@ jobs:
         run: go install tool # GOBIN is added to the PATH by the setup-go action
 
       - name: Generate image list digest
-        if: github.ref_name == 'main'
         id: image-digest
         run: |
           source integration/testimages.ini
@@ -30,16 +34,13 @@ jobs:
           DIGEST=$(echo "$IMAGE_LIST" | jq '.Tags += ["containerd"] | .Tags |= sort' | sha256sum | cut -d' ' -f1)
           echo "digest=$DIGEST" >> $GITHUB_OUTPUT
 
-      ## We need to work with test image cache only for main branch
       - name: Restore and save test images cache
-        if: github.ref_name == 'main'
-        uses: actions/cache@v4
+        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
         with:
           path: integration/testdata/fixtures/images
           key: cache-test-images-${{ steps.image-digest.outputs.digest }}
 
       - name: Download test images
-        if: github.ref_name == 'main'
         run: mage test:fixtureContainerImages
 
   test-vm-images:
@@ -47,10 +48,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out code into the Go module directory
-        uses: actions/checkout@v4.1.6
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 
       - name: Set up Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
         with:
           go-version-file: go.mod
           cache: false
@@ -59,7 +60,6 @@ jobs:
         run: go install tool # GOBIN is added to the PATH by the setup-go action
 
       - name: Generate image list digest
-        if: github.ref_name == 'main'
         id: image-digest
         run: |
           source integration/testimages.ini
@@ -67,14 +67,32 @@ jobs:
           DIGEST=$(echo "$IMAGE_LIST" | jq '.Tags |= sort' | sha256sum | cut -d' ' -f1)
           echo "digest=$DIGEST" >> $GITHUB_OUTPUT
 
-      ## We need to work with test VM image cache only for main branch
       - name: Restore and save test VM images cache
-        if: github.ref_name == 'main'
-        uses: actions/cache@v4
+        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
         with:
           path: integration/testdata/fixtures/vm-images
           key: cache-test-vm-images-${{ steps.image-digest.outputs.digest }}
 
       - name: Download test VM images
-        if: github.ref_name == 'main'
-        run: mage test:fixtureVMImages
+        run: mage test:fixtureVMImages
+
+  lint-cache:
+    name: Cache lint results
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+
+      - name: Set up Go
+        uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
+        with:
+          go-version-file: go.mod
+          cache: false
+
+      - name: Run golangci-lint for caching
+        uses: golangci/golangci-lint-action@4afd733a84b1f43292c63897423277bb7f4313a9 # v8.0.0
+        with:
+          version: v2.4
+          args: --verbose
+        env:
+          GOEXPERIMENT: jsonv2

.github/workflows/canary.yaml

@@ -25,36 +25,43 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Restore Trivy binaries from cache
-        uses: actions/cache@v4
+        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
         with:
           path: dist/
-          key: ${{ runner.os }}-bins-${{github.workflow}}-${{github.sha}}
+          key: ${{ runner.os }}-bins-${{ github.workflow }}-${{ github.sha }}
 
         # Upload artifacts
       - name: Upload artifacts (trivy_Linux-64bit)
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
         with:
           name: trivy_Linux-64bit
           path: dist/trivy_*_Linux-64bit.tar.gz
           if-no-files-found: error
 
       - name: Upload artifacts (trivy_Linux-ARM64)
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
         with:
           name: trivy_Linux-ARM64
           path: dist/trivy_*_Linux-ARM64.tar.gz
           if-no-files-found: error
 
       - name: Upload artifacts (trivy_macOS-64bit)
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
         with:
           name: trivy_macOS-64bit
           path: dist/trivy_*_macOS-64bit.tar.gz
           if-no-files-found: error
 
       - name: Upload artifacts (trivy_macOS-ARM64)
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
         with:
           name: trivy_macOS-ARM64
           path: dist/trivy_*_macOS-ARM64.tar.gz
-          if-no-files-found: error
+          if-no-files-found: error
+
+      - name: Delete cache after upload
+        run: |
+          gh cache delete "$CACHE_KEY" --repo "${{ github.repository }}"
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          CACHE_KEY: ${{ runner.os }}-bins-${{ github.workflow }}-${{ github.sha }}

.github/workflows/mkdocs-dev.yaml

@@ -12,11 +12,11 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout main
-        uses: actions/checkout@v4.1.6
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           fetch-depth: 0
           persist-credentials: true
-      - uses: actions/setup-python@v5
+      - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
         with:
           python-version: 3.x
       - name: Install dependencies

.github/workflows/mkdocs-latest.yaml

@@ -14,11 +14,11 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout main
-        uses: actions/checkout@v4.1.6
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           fetch-depth: 0
           persist-credentials: true
-      - uses: actions/setup-python@v5
+      - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
         with:
           python-version: 3.x
       - name: Install dependencies
@@ -40,3 +40,19 @@ jobs:
       - name: Deploy the latest documents from manual trigger
         if: ${{ github.event.inputs.version != '' }}
         run: mike deploy --push --update-aliases ${{ github.event.inputs.version }} latest
+
+  # This workflow is used to trigger the trivy-www deployment
+  trigger-trivy-www-deploy: 
+    needs: deploy
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Trigger update_version workflow in trivy-telemetry
+        env:
+          # Use ORG_REPO_TOKEN instead of GITHUB_TOKEN
+          # This allows triggering workflows in other repositories
+          GH_TOKEN: ${{ secrets.ORG_REPO_TOKEN }}
+        run: |
+          gh workflow run build-docs.yml \
+            --repo ${{ github.repository_owner }}/trivy-www \
+            --ref main \
+            --field from_version=${{ github.ref_name }}

.github/workflows/publish-chart.yaml

@@ -25,23 +25,26 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - name: Checkout
-        uses: actions/checkout@v4.1.6
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           fetch-depth: 0
       - name: Install Helm
-        uses: azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112
+        uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4.3.1
         with:
           version: v3.14.4
       - name: Set up python
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
         with:
           python-version: '3.x'
           check-latest: true
       - name: Setup Chart Linting
         id: lint
-        uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b
+        uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b # v2.7.0
+        with:
+          # v6.0.0 resolved the compatibility issue with Python > 3.13. may be removed after the action itself is updated
+          yamale_version: "6.0.0"
       - name: Setup Kubernetes cluster (KIND)
-        uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3
+        uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0
         with:
           version: ${{ env.KIND_VERSION }}
           image: ${{ env.KIND_IMAGE }}
@@ -61,7 +64,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - name: Checkout
-        uses: actions/checkout@v4.1.6
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           fetch-depth: 0
       - name: Install chart-releaser

.github/workflows/release-please.yaml

@@ -19,7 +19,7 @@ jobs:
     steps:
       - name: Release Please
         id: release
-        uses: googleapis/release-please-action@v4
+        uses: googleapis/release-please-action@16a9c90856f42705d54a6fda1823352bdc62cf38 # v4.4.0
         with:
           token: ${{ secrets.ORG_REPO_TOKEN }}
           target-branch: ${{ github.ref_name }}
@@ -56,7 +56,7 @@ jobs:
 
       - name: Tag release
         if: ${{ steps.extract_info.outputs.version }}
-        uses: actions/github-script@v7
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
         with:
           github-token: ${{ secrets.ORG_REPO_TOKEN }} # To trigger another workflow
           script: |
@@ -70,7 +70,7 @@ jobs:
       # When v0.50.0 is released, a release branch "release/v0.50" is created.
       - name: Create release branch for patch versions
         if: ${{ endsWith(steps.extract_info.outputs.version, '.0') }}
-        uses: actions/github-script@v7
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }} # Should not trigger the workflow again
           script: |
@@ -98,7 +98,7 @@ jobs:
       # cf. https://github.com/googleapis/release-please?tab=readme-ov-file#release-please-bot-does-not-create-a-release-pr-why
       - name: Remove the label from PR
         if: ${{ steps.extract_info.outputs.pr_number }}
-        uses: actions/github-script@v7
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           script: |

.github/workflows/release-pr-check.yaml

@@ -16,6 +16,6 @@ jobs:
         run: |
           if [ "$PR_AUTHOR" != "aqua-bot" ]; then
             echo "::error::This branch is intended for automated backporting by bot. Please refer to the documentation:"
-            echo "::error::https://trivy.dev/latest/community/maintainer/backporting/"
+            echo "::error::https://trivy.dev/docs/latest/community/maintainer/backporting/"
             exit 1
           fi

.github/workflows/release.yaml

@@ -19,12 +19,12 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4.1.6
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           fetch-depth: 0
 
       - name: Restore Trivy binaries from cache
-        uses: actions/cache@v4
+        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
         with:
           path: dist/
           key: ${{ runner.os }}-bins-${{github.workflow}}-${{github.sha}}
@@ -35,11 +35,10 @@ jobs:
           sudo apt-get -y install rpm reprepro createrepo-c distro-info
 
       - name: Checkout trivy-repo
-        uses: actions/checkout@v4.1.6
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           repository: ${{ github.repository_owner }}/trivy-repo
           path: trivy-repo
-          fetch-depth: 0
           token: ${{ secrets.ORG_REPO_TOKEN }}
 
       - name: Setup git settings
@@ -62,7 +61,7 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout
-        uses: actions/checkout@v4.1.6
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           fetch-depth: 0
 
@@ -72,9 +71,10 @@ jobs:
           git config --global user.name "GitHub Actions"
 
       - name: Set up Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
         with:
           go-version-file: go.mod
+          cache: false
 
       - name: Install Go tools
         run: go install tool # GOBIN is added to the PATH by the setup-go action
@@ -85,3 +85,43 @@ jobs:
           # Use ORG_REPO_TOKEN instead of GITHUB_TOKEN
           # This allows the created PR to trigger tests and other workflows
           GITHUB_TOKEN: ${{ secrets.ORG_REPO_TOKEN }}
+
+  # `trigger-version-update` triggers the `update_version` workflow in the `trivy-telemetry` repository
+  # and the trivy-downloads repository.
+  trigger-version-update:
+    needs: deploy-packages
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Trigger update_version workflow in trivy-telemetry
+        env:
+          # Use ORG_REPO_TOKEN instead of GITHUB_TOKEN
+          # This allows triggering workflows in other repositories
+          GH_TOKEN: ${{ secrets.ORG_REPO_TOKEN }}
+        run: |
+          gh workflow run update_version.yml \
+            --repo ${{ github.repository_owner }}/trivy-telemetry \
+            --ref main \
+            --field version=${{ github.ref_name }}
+
+      - name: Trigger update_version workflow in trivy-downloads
+        env:
+          # Use ORG_REPO_TOKEN instead of GITHUB_TOKEN
+          # This allows triggering workflows in other repositories
+          GH_TOKEN: ${{ secrets.ORG_REPO_TOKEN }}
+        run: |
+          gh workflow run update_version.yml \
+            --repo ${{ github.repository_owner }}/trivy-downloads \
+            --ref main \
+            --field version=${{ github.ref_name }} \
+            --field artifact=trivy
+
+      - name: Trigger version update and release workflow in trivy-chocolatey
+        env:
+          # Use ORG_REPO_TOKEN instead of GITHUB_TOKEN
+          # This allows triggering workflows in other repositories
+          GH_TOKEN: ${{ secrets.ORG_REPO_TOKEN }}
+        run: |
+          gh workflow run release.yml \
+            --repo ${{ github.repository_owner }}/trivy-chocolatey \
+            --ref main \
+            --field version=${{ github.ref_name }}

.github/workflows/reusable-release.yaml

@@ -27,51 +27,51 @@ jobs:
       contents: read  # Not required for public repositories, but for clarity
     steps:
       - name: Cosign install
-        uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a
+        uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
+        uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
 
       - name: Set up Docker Buildx
         id: buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
 
       - name: Show available Docker Buildx platforms
         run: echo ${{ steps.buildx.outputs.platforms }}
 
       - name: Login to docker.io registry
-        uses: docker/login-action@v3
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
         with:
           username: ${{ secrets.DOCKERHUB_USER }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
       - name: Login to ghcr.io registry
-        uses: docker/login-action@v3
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
         with:
           registry: ghcr.io
           username: ${{ env.GH_USER }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Login to ECR
-        uses: docker/login-action@v3
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
         with:
           registry: public.ecr.aws
           username: ${{ secrets.ECR_ACCESS_KEY_ID }}
           password: ${{ secrets.ECR_SECRET_ACCESS_KEY }}
 
       - name: Checkout code
-        uses: actions/checkout@v4.1.6
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           fetch-depth: 0
 
       - name: Setup Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
         with:
           go-version-file: go.mod
           cache: false # Disable cache to avoid free space issues during `Post Setup Go` step.
 
       - name: Generate SBOM
-        uses: CycloneDX/gh-gomod-generate-sbom@v2
+        uses: CycloneDX/gh-gomod-generate-sbom@efc74245d6802c8cefd925620515442756c70d8f # v2.0.0
         with:
           args: mod -licenses -json -output bom.json
           version: ^v1
@@ -88,7 +88,7 @@ jobs:
           mkdir tmp    
 
       - name: GoReleaser
-        uses: goreleaser/goreleaser-action@v6
+        uses: goreleaser/goreleaser-action@e435ccd777264be153ace6237001ef4d979d3a7a # v6.4.0
         with:
           version: v2.1.0
           args: release -f=${{ inputs.goreleaser_config}} ${{ inputs.goreleaser_options}}
@@ -107,7 +107,7 @@ jobs:
       # because GoReleaser Free doesn't support pushing images with the `--snapshot` flag.
       - name: Build and push
         if: ${{ inputs.goreleaser_config == 'goreleaser-canary.yml' }}
-        uses: docker/build-push-action@v6
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
         with:
           platforms: linux/amd64, linux/arm64
           file: ./Dockerfile.canary # path to Dockerfile
@@ -119,7 +119,7 @@ jobs:
             public.ecr.aws/aquasecurity/trivy:canary
 
       - name: Cache Trivy binaries
-        uses: actions/cache@v4
+        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
         with:
           path: dist/
           # use 'github.sha' to create a unique cache folder for each run.

.github/workflows/roadmap.yaml

@@ -11,14 +11,14 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       # 'kind/feature' AND 'priority/backlog' labels -> 'Backlog' column
-      - uses: actions/add-to-project@v1.0.2 # add new issue to project
+      - uses: actions/add-to-project@244f685bbc3b7adfa8466e08b698b5577571133e # v1.0.2
         with:
           project-url: https://github.com/orgs/aquasecurity/projects/25
           github-token: ${{ secrets.ORG_PROJECT_TOKEN }}
           labeled: kind/feature, priority/backlog
           label-operator: AND
         id: add-backlog-issue
-      - uses: titoportas/update-project-fields@v0.1.0 # change Priority(column) of added issue
+      - uses: titoportas/update-project-fields@421a54430b3cdc9eefd8f14f9ce0142ab7678751 # v0.1.0
         if: ${{ steps.add-backlog-issue.outputs.itemId }}
         with:
           project-url: https://github.com/orgs/aquasecurity/projects/25
@@ -28,14 +28,14 @@ jobs:
           field-values: Backlog
 
       # 'kind/feature' AND 'priority/important-longterm' labels -> 'Important (long-term)' column
-      - uses: actions/add-to-project@v1.0.2 # add new issue to project
+      - uses: actions/add-to-project@244f685bbc3b7adfa8466e08b698b5577571133e # v1.0.2
         with:
           project-url: https://github.com/orgs/aquasecurity/projects/25
           github-token: ${{ secrets.ORG_PROJECT_TOKEN }}
           labeled: kind/feature, priority/important-longterm
           label-operator: AND
         id: add-longterm-issue
-      - uses: titoportas/update-project-fields@v0.1.0 # change Priority(column) of added issue
+      - uses: titoportas/update-project-fields@421a54430b3cdc9eefd8f14f9ce0142ab7678751 # v0.1.0
         if: ${{ steps.add-longterm-issue.outputs.itemId }}
         with:
           project-url: https://github.com/orgs/aquasecurity/projects/25
@@ -45,14 +45,14 @@ jobs:
           field-values: Important (long-term)
 
       # 'kind/feature' AND 'priority/important-soon' labels -> 'Important (soon)' column
-      - uses: actions/add-to-project@v1.0.2 # add new issue to project
+      - uses: actions/add-to-project@244f685bbc3b7adfa8466e08b698b5577571133e # v1.0.2
         with:
           project-url: https://github.com/orgs/aquasecurity/projects/25
           github-token: ${{ secrets.ORG_PROJECT_TOKEN }}
           labeled: kind/feature, priority/important-soon
           label-operator: AND
         id: add-soon-issue
-      - uses: titoportas/update-project-fields@v0.1.0 # change Priority(column) of added issue
+      - uses: titoportas/update-project-fields@421a54430b3cdc9eefd8f14f9ce0142ab7678751 # v0.1.0
         if: ${{ steps.add-soon-issue.outputs.itemId }}
         with:
           project-url: https://github.com/orgs/aquasecurity/projects/25
@@ -62,14 +62,14 @@ jobs:
           field-values: Important (soon)
 
       # 'kind/feature' AND 'priority/critical-urgent' labels -> 'Urgent' column
-      - uses: actions/add-to-project@v1.0.2 # add new issue to project
+      - uses: actions/add-to-project@244f685bbc3b7adfa8466e08b698b5577571133e # v1.0.2
         with:
           project-url: https://github.com/orgs/aquasecurity/projects/25
           github-token: ${{ secrets.ORG_PROJECT_TOKEN }}
           labeled: kind/feature, priority/critical-urgent
           label-operator: AND
         id: add-urgent-issue
-      - uses: titoportas/update-project-fields@v0.1.0 # change Priority(column) of added issue
+      - uses: titoportas/update-project-fields@421a54430b3cdc9eefd8f14f9ce0142ab7678751 # v0.1.0
         if: ${{ steps.add-urgent-issue.outputs.itemId }}
         with:
           project-url: https://github.com/orgs/aquasecurity/projects/25

.github/workflows/scan.yaml

@@ -10,10 +10,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4.1.6
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 
       - name: Run Trivy vulnerability scanner and create GitHub issues
-        uses: knqyf263/trivy-issue-action@v0.0.6
+        uses: knqyf263/trivy-issue-action@4466f52d1401b66dd2a2ab9e0c40cddc021829ec # v0.0.6
         with:
           assignee: knqyf263
           severity: CRITICAL

.github/workflows/semantic-pr.yaml

@@ -68,6 +68,7 @@ jobs:
             windows
             minimos
             rootio
+            seal
 
             # Languages
             ruby

.github/workflows/spdx-cron.yaml

@@ -10,27 +10,28 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - name: Check out code
-        uses: actions/checkout@v4.1.6
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 
       - name: Set up Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
         with:
           go-version-file: go.mod
 
       - name: Install Go tools
         run: go install tool # GOBIN is added to the PATH by the setup-go action
 
-      - name: Check if SPDX exceptions are up-to-date
+      - name: Check if SPDX license IDs and exceptions are up-to-date
+        id: exceptions_check
         run: |
-          mage spdx:updateLicenseExceptions
+          mage spdx:updateLicenseEntries
           if [ -n "$(git status --porcelain)" ]; then
-            echo "Run 'mage spdx:updateLicenseExceptions' and push it"
-            exit 1
-          fi        
+            echo "Run 'mage spdx:updateLicenseEntries' and push it"
+            echo "send_notify=true" >> $GITHUB_OUTPUT
+          fi
 
       - name: Microsoft Teams Notification
-        uses: Skitionek/notify-microsoft-teams@e7a2493ac87dad8aa7a62f079f295e54ff511d88
-        if: failure()
+        uses: Skitionek/notify-microsoft-teams@e7a2493ac87dad8aa7a62f079f295e54ff511d88 # main
+        if: steps.exceptions_check.outputs.send_notify == 'true'
         with:
           webhook_url: ${{ secrets.TRIVY_MSTEAMS_WEBHOOK }}
           needs: ${{ toJson(needs) }}

.github/workflows/stale-issues.yaml

@@ -7,7 +7,7 @@ jobs:
     timeout-minutes: 1
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/stale@v9
+    - uses: actions/stale@5f858e3efba33a5ca4407a664cc011ad407f2008 # v10.1.0
       with:
         repo-token: ${{ secrets.GITHUB_TOKEN }}
         stale-pr-message: 'This PR is stale because it has been labeled with inactivity.'

.github/workflows/test-docs.yaml

@@ -10,11 +10,11 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout
-      uses: actions/checkout@v4.1.6
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
       with:
         fetch-depth: 0
         persist-credentials: true
-    - uses: actions/setup-python@v5
+    - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
       with:
         python-version: 3.x
     - name: Install dependencies

.github/workflows/test.yaml

@@ -19,10 +19,10 @@ jobs:
       matrix:
         operating-system: [ubuntu-latest, windows-latest, macos-latest]
     steps:
-      - uses: actions/checkout@v4.1.6
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 
       - name: Set up Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
         with:
           go-version-file: go.mod
           cache: false
@@ -38,10 +38,13 @@ jobs:
 
       - name: Lint
         id: lint
-        uses: golangci/golangci-lint-action@v7.0.0
+        uses: golangci/golangci-lint-action@4afd733a84b1f43292c63897423277bb7f4313a9 # v8.0.0
         with:
-          version: v2.1
+          version: v2.4
           args: --verbose
+          skip-save-cache: true  # Restore cache from main branch but don't save new cache
+        env:
+          GOEXPERIMENT: jsonv2
         if: matrix.operating-system == 'ubuntu-latest'
 
       - name: Check if linter failed
@@ -70,10 +73,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out code into the Go module directory
-        uses: actions/checkout@v4.1.6
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 
       - name: Set up Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
         with:
           go-version-file: go.mod
           cache: false
@@ -90,7 +93,7 @@ jobs:
           echo "digest=$DIGEST" >> $GITHUB_OUTPUT
 
       - name: Restore test images from cache
-        uses: actions/cache/restore@v4
+        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
         with:
           path: integration/testdata/fixtures/images
           key: cache-test-images-${{ steps.image-digest.outputs.digest }}
@@ -103,10 +106,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out code into the Go module directory
-        uses: actions/checkout@v4.1.6
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 
       - name: Set up Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
         with:
           go-version-file: go.mod
           cache: false
@@ -122,10 +125,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4.1.6
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 
       - name: Set up Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
         with:
           go-version-file: go.mod
           cache: false
@@ -142,7 +145,7 @@ jobs:
           echo "digest=$DIGEST" >> $GITHUB_OUTPUT
 
       - name: Restore test images from cache
-        uses: actions/cache/restore@v4
+        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
         with:
           path: integration/testdata/fixtures/images
           key: cache-test-images-${{ steps.image-digest.outputs.digest }}
@@ -157,10 +160,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4.1.6
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 
       - name: Set up Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
         with:
           go-version-file: go.mod
           cache: false
@@ -177,7 +180,7 @@ jobs:
           echo "digest=$DIGEST" >> $GITHUB_OUTPUT
 
       - name: Restore test VM images from cache
-        uses: actions/cache/restore@v4
+        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
         with:
           path: integration/testdata/fixtures/vm-images
           key: cache-test-vm-images-${{ steps.image-digest.outputs.digest }}
@@ -186,6 +189,25 @@ jobs:
         run: |
           mage test:vm
 
+  e2e-test:
+    name: E2E Test
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+
+      - name: Set up Go
+        uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
+        with:
+          go-version-file: go.mod
+          cache: false
+
+      - name: Install Go tools
+        run: go install tool # GOBIN is added to the PATH by the setup-go action
+
+      - name: Run E2E tests
+        run: mage test:e2e
+
   build-test:
     name: Build Test
     runs-on: ${{ matrix.operating-system }}
@@ -195,11 +217,22 @@ jobs:
     env:
       DOCKER_CLI_EXPERIMENTAL: "enabled"
     steps:
+    # The go-build (GOCACHE env) directory requires a large amount of free disk space.
+    - name: Free up disk space
+      if: matrix.operating-system == 'ubuntu-latest'
+      run: |
+        sudo rm -rf /usr/local/lib/android
+        sudo rm -rf /usr/share/dotnet
+        sudo rm -rf /opt/ghc
+        sudo rm -rf /opt/hostedtoolcache/CodeQL
+        sudo docker image prune --all --force
+        df -h
+
     - name: Checkout
-      uses: actions/checkout@v4.1.6
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 
     - name: Set up Go
-      uses: actions/setup-go@v5
+      uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
       with:
         go-version-file: go.mod
         cache: false
@@ -217,7 +250,7 @@ jobs:
         fi
 
     - name: Run GoReleaser
-      uses: goreleaser/goreleaser-action@v6
+      uses: goreleaser/goreleaser-action@e435ccd777264be153ace6237001ef4d979d3a7a # v6.4.0
       with:
         version: v2.1.0
         args: build --snapshot --clean --timeout 90m ${{ steps.goreleaser_id.outputs.id }}

.github/workflows/triage.yaml

@@ -10,7 +10,7 @@ jobs:
   label:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
       - uses: ./.github/actions/trivy-triage
         with:
           discussion_num: ${{ github.event.inputs.discussion_num }}

.golangci.yaml

@@ -59,6 +59,9 @@ linters:
               recommendations:
                 - github.com/aquasecurity/go-version
               reason: "`aquasecurity/go-version` is designed for our use-cases"
+          - github.com/liamg/memoryfs:
+              recommendations:
+                - github.com/aquasecurity/trivy/pkg/mapfs
     gosec:
       excludes:
         - G101
@@ -193,7 +196,7 @@ linters:
     warn-unused: true
 
 run:
-  go: '1.24'
+  go: '1.25'
   timeout: 30m
 
 formatters:

.release-please-manifest.json

@@ -1 +1 @@
-{".":"0.64.1"}
+{".":"0.68.0"}

CHANGELOG.md

@@ -1,14 +1,176 @@
 # Changelog
 
-## [0.64.1](https://github.com/aquasecurity/trivy/compare/v0.64.0...v0.64.1) (2025-07-03)
+## [0.68.0](https://github.com/aquasecurity/trivy/compare/v0.67.0...v0.68.0) (2025-12-02)
+
+
+### Features
+
+* add ArtifactID field to uniquely identify scan targets ([#9663](https://github.com/aquasecurity/trivy/issues/9663)) ([84a7d9a](https://github.com/aquasecurity/trivy/commit/84a7d9a5d6880ef4248ead6bcf2e580deed9107b))
+* add ReportID field to scan reports ([#9670](https://github.com/aquasecurity/trivy/issues/9670)) ([fc976be](https://github.com/aquasecurity/trivy/commit/fc976bea480599e52365d306ad8d6031718d4303))
+* allow ignoring findings by type in Rego ([#9578](https://github.com/aquasecurity/trivy/issues/9578)) ([c638fc6](https://github.com/aquasecurity/trivy/commit/c638fc646c3c0d56ea50c830a31609badb477c5e))
+* **aws:** Add support for dualstack ECR endpoints ([#9862](https://github.com/aquasecurity/trivy/issues/9862)) ([e74e2b1](https://github.com/aquasecurity/trivy/commit/e74e2b1b0a8ca124b1299969abc9196789f30e8b))
+* **cli:** Add trivy cloud suppport ([#9637](https://github.com/aquasecurity/trivy/issues/9637)) ([8e6a7ff](https://github.com/aquasecurity/trivy/commit/8e6a7ff670c64106d4dea6972ac3f6228f9c6269))
+* **db:** enable concurrent access to vulnerability database ([#9750](https://github.com/aquasecurity/trivy/issues/9750)) ([d70d994](https://github.com/aquasecurity/trivy/commit/d70d994d8882a6e7a8b0c9a9b08524a2cae32ea4))
+* **dotnet:** add dependency graph support for .deps.json files ([#9726](https://github.com/aquasecurity/trivy/issues/9726)) ([18c0ee8](https://github.com/aquasecurity/trivy/commit/18c0ee86f318c7d2b1dab979370f62dd00b73979))
+* **flag:** add `--cacert` flag ([#9781](https://github.com/aquasecurity/trivy/issues/9781)) ([6048173](https://github.com/aquasecurity/trivy/commit/604817326683cdf5628550540aef63b97affc3b0))
+* **fs:** change artifact type to repository when git info is detected ([#9613](https://github.com/aquasecurity/trivy/issues/9613)) ([cff91ac](https://github.com/aquasecurity/trivy/commit/cff91acdef91fbce22306a72000c43a26ac8d79b))
+* **image:** add RepoTags support for Docker archives ([#9690](https://github.com/aquasecurity/trivy/issues/9690)) ([a9a3031](https://github.com/aquasecurity/trivy/commit/a9a3031675150e70a32df8d55b4aec2c4a33084b))
+* **image:** add Sigstore bundle SBOM support ([#9516](https://github.com/aquasecurity/trivy/issues/9516)) ([e1f3f28](https://github.com/aquasecurity/trivy/commit/e1f3f28ae4b86dd7f518a261080dc8d24ac2cdad))
+* **image:** pass global context to docker/podman image save func ([#9733](https://github.com/aquasecurity/trivy/issues/9733)) ([2690ac9](https://github.com/aquasecurity/trivy/commit/2690ac99341dcdf06eb16316d3ca20e6070969b3))
+* include registry and repository in artifact ID calculation ([#9689](https://github.com/aquasecurity/trivy/issues/9689)) ([758f271](https://github.com/aquasecurity/trivy/commit/758f2710403d5f0e9b3e138a604f95cbcab6f275))
+* **java:** add support remote repositories from settings.xml files ([#9708](https://github.com/aquasecurity/trivy/issues/9708)) ([eff52eb](https://github.com/aquasecurity/trivy/commit/eff52eb2e60a700d831cbc3d260217162b38e45c))
+* **license:** use separate SPDX ids to ignore SPDX expressions ([#9087](https://github.com/aquasecurity/trivy/issues/9087)) ([012f3d7](https://github.com/aquasecurity/trivy/commit/012f3d75359e019df1eb2602460146d43cb59715))
+* **misconf:** add agentpools to azure container schema ([#9714](https://github.com/aquasecurity/trivy/issues/9714)) ([69f400c](https://github.com/aquasecurity/trivy/commit/69f400c1839cc16013f2af3d1942c86f496e7017))
+* **misconf:** Add RoleAssignments attribute ([#9396](https://github.com/aquasecurity/trivy/issues/9396)) ([3fb8703](https://github.com/aquasecurity/trivy/commit/3fb8703f8cd659a36d6a9affe0d2e20cd752a1e4))
+* **misconf:** Add support for configurable Rego error limit ([#9657](https://github.com/aquasecurity/trivy/issues/9657)) ([445cd2b](https://github.com/aquasecurity/trivy/commit/445cd2b6b4faf78349245bc6541176e2fbf88715))
+* **misconf:** include map key in manifest snippet for diagnostics ([#9681](https://github.com/aquasecurity/trivy/issues/9681)) ([197c9e1](https://github.com/aquasecurity/trivy/commit/197c9e1dce450737fc705184eed4c24fcfc1ecc1))
+* **misconf:** support https_traffic_only_enabled in Az storage account ([#9784](https://github.com/aquasecurity/trivy/issues/9784)) ([c8d5ab7](https://github.com/aquasecurity/trivy/commit/c8d5ab7690b63a0af14d648eacabc62b868fdfe9))
+* **misconf:** Update AppService schema ([#9792](https://github.com/aquasecurity/trivy/issues/9792)) ([c6d95d7](https://github.com/aquasecurity/trivy/commit/c6d95d7cd271c3d29ce147f1ad5983cafc1caf48))
+* **misconf:** Update Azure Compute schema ([#9675](https://github.com/aquasecurity/trivy/issues/9675)) ([cb58bf6](https://github.com/aquasecurity/trivy/commit/cb58bf639eaea0a94584b4afbefe19d0010eef38))
+* **misconf:** Update Azure Container Schema ([#9673](https://github.com/aquasecurity/trivy/issues/9673)) ([43a7546](https://github.com/aquasecurity/trivy/commit/43a7546d31f2cc8dd5f8d68f82822aff1bddc4d2))
+* **misconf:** Update Azure network schema for new checks ([#9791](https://github.com/aquasecurity/trivy/issues/9791)) ([ea2dc58](https://github.com/aquasecurity/trivy/commit/ea2dc586b83fec6eac1b5de04fd9e5a06db4e16a))
+* **misconf:** Update azure storage schema ([#9728](https://github.com/aquasecurity/trivy/issues/9728)) ([c3bfecf](https://github.com/aquasecurity/trivy/commit/c3bfecf3ef236f333ebf1ace7fa2f739fdcbdcca))
+* **misconf:** Update SecurityCenter schema ([#9674](https://github.com/aquasecurity/trivy/issues/9674)) ([58819c5](https://github.com/aquasecurity/trivy/commit/58819c5285520b55bc6a5ed30aab82826aee3065))
+* **report:** add fingerprint generation for vulnerabilities ([#9794](https://github.com/aquasecurity/trivy/issues/9794)) ([cbad9ca](https://github.com/aquasecurity/trivy/commit/cbad9ca3a888cb3fb6b8649e683efe4f7047a8ed))
+* **report:** add image reference to report metadata ([#9729](https://github.com/aquasecurity/trivy/issues/9729)) ([d020f26](https://github.com/aquasecurity/trivy/commit/d020f2690e58c328f96e3083ce57fe2b71f308f3))
+* **report:** switch ReportID from UUIDv4 to UUIDv7 ([#9749](https://github.com/aquasecurity/trivy/issues/9749)) ([6fb3fde](https://github.com/aquasecurity/trivy/commit/6fb3fde916f991ccca8f23e18ab4d46e0780e50d))
+* **sbom:** add support for SPDX attestations ([#9829](https://github.com/aquasecurity/trivy/issues/9829)) ([d8eaaeb](https://github.com/aquasecurity/trivy/commit/d8eaaeb611151f1da3583ec50100a7be09ce9bc5))
+* **sbom:** use SPDX license IDs list to validate SPDX IDs  ([#9569](https://github.com/aquasecurity/trivy/issues/9569)) ([35db88c](https://github.com/aquasecurity/trivy/commit/35db88c81cc5cdb8ab25362aea455c586d2e1d32))
+* **suse:** Add new openSUSE, Micro and SLES releases end of life dates ([#9788](https://github.com/aquasecurity/trivy/issues/9788)) ([019af7f](https://github.com/aquasecurity/trivy/commit/019af7fefdc1da55610446ca07f13b2ea84348b5))
 
 
 ### Bug Fixes
 
-* **alma:** parse epochs from rpmqa file [backport: release/v0.64] ([#9119](https://github.com/aquasecurity/trivy/issues/9119)) ([8cf1bf9](https://github.com/aquasecurity/trivy/commit/8cf1bf9f6f86936ee7dcd29e0d1cd1ec106e28f6))
-* **cli:** Add more non-sensitive flags to telemetry [backport: release/v0.64] ([#9124](https://github.com/aquasecurity/trivy/issues/9124)) ([9a7d384](https://github.com/aquasecurity/trivy/commit/9a7d38432cf00f00970259e5ac3edd060e00ccff))
-* **misconf:** skip rewriting expr if attr is nil [backport: release/v0.64] ([#9127](https://github.com/aquasecurity/trivy/issues/9127)) ([4e12722](https://github.com/aquasecurity/trivy/commit/4e1272283a643bfca2d7231d286006219715fada))
-* **rootio:** check full version to detect `root.io` packages [backport: release/v0.64] ([#9120](https://github.com/aquasecurity/trivy/issues/9120)) ([53adfba](https://github.com/aquasecurity/trivy/commit/53adfba3c25664b01e3a36fdec334b39b53c07f1))
+* add `buildInfo` for `BlobInfo` in `rpc` package ([#9608](https://github.com/aquasecurity/trivy/issues/9608)) ([6def66e](https://github.com/aquasecurity/trivy/commit/6def66e002427eadcc6dbabe56b01c37c1eae075))
+* close all opened resources if an error occurs ([#9665](https://github.com/aquasecurity/trivy/issues/9665)) ([fa6f779](https://github.com/aquasecurity/trivy/commit/fa6f77902234f5bee70287a841e8cfa42ca4a505))
+* **flag:** remove viper.SetDefault to fix IsSet() for config-only flags ([#9732](https://github.com/aquasecurity/trivy/issues/9732)) ([bf43629](https://github.com/aquasecurity/trivy/commit/bf43629d320426b18e7177b4b6f05affb6f93374))
+* **java:** update order for resolving package fields from multiple demManagement ([#9575](https://github.com/aquasecurity/trivy/issues/9575)) ([e286c5e](https://github.com/aquasecurity/trivy/commit/e286c5e207b6d8a1ef01f3f634f874e2e3d4c0f0))
+* **java:** use `true` as default value for Repository Release|Snapshot Enabled in pom.xml and settings.xml files ([#9751](https://github.com/aquasecurity/trivy/issues/9751)) ([d87d9b9](https://github.com/aquasecurity/trivy/commit/d87d9b97d1a61d05a9b1742caaa7e0125c481e2c))
+* **license:** don't normalize `unlicensed` licenses into `unlicense` ([#9611](https://github.com/aquasecurity/trivy/issues/9611)) ([09162e5](https://github.com/aquasecurity/trivy/commit/09162e52ecf2a3e7a65dcf4ab2c2ea43ee6f5437))
+* **license:** handle SPDX WITH exceptions as single license in category detection ([#9380](https://github.com/aquasecurity/trivy/issues/9380)) ([212f078](https://github.com/aquasecurity/trivy/commit/212f0781c552cd0395791a4a0276e1e39579f491))
+* **misconf:** ensure boolean metadata values are correctly interpreted ([#9770](https://github.com/aquasecurity/trivy/issues/9770)) ([a6ceff7](https://github.com/aquasecurity/trivy/commit/a6ceff7e83121e2c9e618dcb0584aa62e7077bbf))
+* **misconf:** ensure value used as ignore marker is non-null and known ([#9835](https://github.com/aquasecurity/trivy/issues/9835)) ([7aca801](https://github.com/aquasecurity/trivy/commit/7aca80151c2073999aa43213ae03a86b3d13a54c))
+* **misconf:** handle unsupported experimental flags in Dockerfile ([#9769](https://github.com/aquasecurity/trivy/issues/9769)) ([08d51a8](https://github.com/aquasecurity/trivy/commit/08d51a8e08c1c7f159ca491810d0d08dc787f93e))
+* **misconf:** map healthcheck start period flag to --start-period instead of --startPeriod ([#9837](https://github.com/aquasecurity/trivy/issues/9837)) ([7b2b4d4](https://github.com/aquasecurity/trivy/commit/7b2b4d4b459358ed0f561aa30639282211c80cc1))
+* **nodejs:** fix npmjs parser.pkgNameFromPath() panic issue ([#9688](https://github.com/aquasecurity/trivy/issues/9688)) ([231492d](https://github.com/aquasecurity/trivy/commit/231492db52ce69c8d9186b039b038bf0153f8dfa))
+* **nodejs:** use the default ID format to match licenses in pnpm packages. ([#9661](https://github.com/aquasecurity/trivy/issues/9661)) ([804ea4a](https://github.com/aquasecurity/trivy/commit/804ea4aa575e486fd888f59c9ceb495857b57f8c))
+* **os:** Add photon 5.0 in supported OS ([#9724](https://github.com/aquasecurity/trivy/issues/9724)) ([29f0347](https://github.com/aquasecurity/trivy/commit/29f034796590bc6b7a17fa4fee8b43c822a77c13))
+* **report:** correct field order in SARIF license results ([#9712](https://github.com/aquasecurity/trivy/issues/9712)) ([d20216e](https://github.com/aquasecurity/trivy/commit/d20216edf6fdbd0281173b25b796880bc6b2b210))
+* restore compatibility for google.protobuf.Value ([#9559](https://github.com/aquasecurity/trivy/issues/9559)) ([aeeb2a1](https://github.com/aquasecurity/trivy/commit/aeeb2a1f842b56147996b600bd34db2cf05cd28e))
+* **sbom:** add `buildInfo` info as properties ([#9683](https://github.com/aquasecurity/trivy/issues/9683)) ([2c43425](https://github.com/aquasecurity/trivy/commit/2c43425e051d80d45169a2c675dba79caa91b1e7))
+* **sbom:** don’t panic on SBOM format if scanned CycloneDX file has empty metadata ([#9562](https://github.com/aquasecurity/trivy/issues/9562)) ([fb0593b](https://github.com/aquasecurity/trivy/commit/fb0593bee68a24b7ecddeb737e1d8e3c3a3c0364))
+* Trim the end-of-range suffix ([#9618](https://github.com/aquasecurity/trivy/issues/9618)) ([e18b038](https://github.com/aquasecurity/trivy/commit/e18b038ee2dce6c239246592fcef769853c11660))
+* update all documentation links ([#9777](https://github.com/aquasecurity/trivy/issues/9777)) ([738b2b4](https://github.com/aquasecurity/trivy/commit/738b2b474a8ca94386a558c66442d8632acdce3c))
+* Use `fetch-level: 1` to check out trivy-repo in the release workflow ([#9636](https://github.com/aquasecurity/trivy/issues/9636)) ([6e53686](https://github.com/aquasecurity/trivy/commit/6e53686526ef21e8a347fc07daa2f628e24eb9e5))
+* use context for analyzers ([#9538](https://github.com/aquasecurity/trivy/issues/9538)) ([b885d3a](https://github.com/aquasecurity/trivy/commit/b885d3a3693a62bd2f506aeb238025242735ef1d))
+* using SrcVersion instead of Version for echo detector ([#9552](https://github.com/aquasecurity/trivy/issues/9552)) ([66479f0](https://github.com/aquasecurity/trivy/commit/66479f050dc1f0faa314c5a4b9159f38bb1f146b))
+* validate backport branch name ([#9548](https://github.com/aquasecurity/trivy/issues/9548)) ([f0fd432](https://github.com/aquasecurity/trivy/commit/f0fd432a7aeced7cca1acab5a52d72cd960e7171))
+* **vex:** don't use reused BOM ([#9604](https://github.com/aquasecurity/trivy/issues/9604)) ([7422cc7](https://github.com/aquasecurity/trivy/commit/7422cc7168ab917ec96b75de784be72e9b6bdb2e))
+* **vex:** use a separate `visited` set for each DFS path ([#9760](https://github.com/aquasecurity/trivy/issues/9760)) ([c274f5b](https://github.com/aquasecurity/trivy/commit/c274f5b986afb82a805f1f6d3a79d44231a7edf6))
+
+## [0.67.0](https://github.com/aquasecurity/trivy/compare/v0.66.0...v0.67.0) (2025-09-30)
+
+
+### Features
+
+* add documentation URL for database lock errors ([#9531](https://github.com/aquasecurity/trivy/issues/9531)) ([eba48af](https://github.com/aquasecurity/trivy/commit/eba48afd583391cef346e45a176aa5a6d77b704f))
+* **cli:** change --list-all-pkgs default to true ([#9510](https://github.com/aquasecurity/trivy/issues/9510)) ([7b663d8](https://github.com/aquasecurity/trivy/commit/7b663d86ca65ee3eb332c857b77bfa18e6da56c4))
+* **cloudformation:** support default values and list results in Fn::FindInMap ([#9515](https://github.com/aquasecurity/trivy/issues/9515)) ([42b3bf3](https://github.com/aquasecurity/trivy/commit/42b3bf37bb7d39139911843297c8b8ab3551c31a))
+* **cyclonedx:** preserve SBOM structure when scanning SBOM files with vulnerability updates ([#9439](https://github.com/aquasecurity/trivy/issues/9439)) ([aff03eb](https://github.com/aquasecurity/trivy/commit/aff03ebab2e7874dd997e20b4ec9962a41eae7bb))
+* **redhat:** add os-release detection for RHEL-based images ([#9458](https://github.com/aquasecurity/trivy/issues/9458)) ([cb25a07](https://github.com/aquasecurity/trivy/commit/cb25a074501c5cf48050fdf6a0ae7c85c4f385ea))
+* **sbom:** added support for CoreOS ([#9448](https://github.com/aquasecurity/trivy/issues/9448)) ([6d562a3](https://github.com/aquasecurity/trivy/commit/6d562a3b48926b6efd508e067e1059564173b270))
+* **seal:** add seal support ([#9370](https://github.com/aquasecurity/trivy/issues/9370)) ([e4af279](https://github.com/aquasecurity/trivy/commit/e4af279b29ed5b77ed1d62e31b232b1f9b92ef4f))
+
+
+### Bug Fixes
+
+* **aws:** use `BuildableClient` insead of `xhttp.Client` ([#9436](https://github.com/aquasecurity/trivy/issues/9436)) ([fa6f1bf](https://github.com/aquasecurity/trivy/commit/fa6f1bfecfb68c29ad4684a6fb5d86948c7d6887))
+* close file descriptors and pipes on error paths ([#9536](https://github.com/aquasecurity/trivy/issues/9536)) ([a4cbd6a](https://github.com/aquasecurity/trivy/commit/a4cbd6a1380b7b4dc650a312ec4e5bc47501f674))
+* **db:** Dowload database when missing but metadata still exists ([#9393](https://github.com/aquasecurity/trivy/issues/9393)) ([92ebc7e](https://github.com/aquasecurity/trivy/commit/92ebc7e4d72424c17d93c54e5f24891710c85a60))
+* **k8s:** disable parallel traversal with fs cache for k8s images ([#9534](https://github.com/aquasecurity/trivy/issues/9534)) ([c0c7a6b](https://github.com/aquasecurity/trivy/commit/c0c7a6bf1b92c868ed44172b3cd15c51667b8a6e))
+* **misconf:** handle tofu files in module detection ([#9486](https://github.com/aquasecurity/trivy/issues/9486)) ([bfd2f6b](https://github.com/aquasecurity/trivy/commit/bfd2f6ba697c223d60a7378283293d8e1fc8a8fe))
+* **misconf:** strip build metadata suffixes from image history ([#9498](https://github.com/aquasecurity/trivy/issues/9498)) ([c938806](https://github.com/aquasecurity/trivy/commit/c9388069a4325a9f8bc53bc8a82ff46d84d06847))
+* **misconf:** unmark cty values before access ([#9495](https://github.com/aquasecurity/trivy/issues/9495)) ([8e40d27](https://github.com/aquasecurity/trivy/commit/8e40d27a43ecb96795a8a7d4a2444241fc7fce9a))
+* **misconf:** wrap legacy ENV values in quotes to preserve spaces ([#9497](https://github.com/aquasecurity/trivy/issues/9497)) ([267a970](https://github.com/aquasecurity/trivy/commit/267a9700fa233abe1a04eada8f3ea513f3ebacb3))
+* **nodejs:** parse workspaces as objects for package-lock.json files ([#9518](https://github.com/aquasecurity/trivy/issues/9518)) ([404abb3](https://github.com/aquasecurity/trivy/commit/404abb3d91cb3b1c1ee027169de5a40e32ba8b8a))
+* **nodejs:** use snapshot string as `Package.ID` for pnpm packages ([#9330](https://github.com/aquasecurity/trivy/issues/9330)) ([4517e8c](https://github.com/aquasecurity/trivy/commit/4517e8c0ef5e942b8e2e498729257374634ffbf8))
+* **vex:** don't  suppress vulns for packages with infinity loop ([#9465](https://github.com/aquasecurity/trivy/issues/9465)) ([78f0d4a](https://github.com/aquasecurity/trivy/commit/78f0d4ae0378f81940a5faa6497e6905cb5d034a))
+* **vuln:** compare `nuget` package names in lower case ([#9456](https://github.com/aquasecurity/trivy/issues/9456)) ([1ff9ac7](https://github.com/aquasecurity/trivy/commit/1ff9ac79488e0d4deab4226f1a969676a9851cdb))
+
+## [0.66.0](https://github.com/aquasecurity/trivy/compare/v0.65.0...v0.66.0) (2025-09-02)
+
+
+### Features
+
+* add timeout handling for cache database operations ([#9307](https://github.com/aquasecurity/trivy/issues/9307)) ([235c24e](https://github.com/aquasecurity/trivy/commit/235c24e71a546b6196f7264fced2d02d836e3f85))
+* **misconf:** added audit config attribute ([#9249](https://github.com/aquasecurity/trivy/issues/9249)) ([4d4a244](https://github.com/aquasecurity/trivy/commit/4d4a2444b692512aca137dcbd367ff224fe25597))
+* **secret:** implement streaming secret scanner with byte offset tracking ([#9264](https://github.com/aquasecurity/trivy/issues/9264)) ([5a5e097](https://github.com/aquasecurity/trivy/commit/5a5e0972c72e629ddf2915ef066d632d58b8d3b0))
+* **terraform:** use .terraform cache for remote modules in plan scanning ([#9277](https://github.com/aquasecurity/trivy/issues/9277)) ([298a994](https://github.com/aquasecurity/trivy/commit/298a9941f098d2701b9524a703b9f9b1b9451785))
+
+
+### Bug Fixes
+
+* **conda:** memory leak by adding closure method for `package.json` file ([#9349](https://github.com/aquasecurity/trivy/issues/9349)) ([03d039f](https://github.com/aquasecurity/trivy/commit/03d039f17d94cf668152e83d0cf9dabf3b27d3dd))
+* create temp file under composite fs dir ([#9387](https://github.com/aquasecurity/trivy/issues/9387)) ([ce22f54](https://github.com/aquasecurity/trivy/commit/ce22f54a39a1abac08fa3ad540697c668792bf50))
+* **cyclonedx:** handle multiple license types ([#9378](https://github.com/aquasecurity/trivy/issues/9378)) ([46ab76a](https://github.com/aquasecurity/trivy/commit/46ab76a5af828c98cf93fc988ed6a405b7b07392))
+* **fs:** avoid shadowing errors in file.glob ([#9286](https://github.com/aquasecurity/trivy/issues/9286)) ([b51c789](https://github.com/aquasecurity/trivy/commit/b51c789330141d634a9b14bd10994c997862940f))
+* **image:** use standardized HTTP client for ECR authentication ([#9322](https://github.com/aquasecurity/trivy/issues/9322)) ([84fbf86](https://github.com/aquasecurity/trivy/commit/84fbf8674dfc0f91d8795a50bafa6041cce83ba2))
+* **misconf:** ensure ignore rules respect subdirectory chart paths ([#9324](https://github.com/aquasecurity/trivy/issues/9324)) ([d3cd101](https://github.com/aquasecurity/trivy/commit/d3cd101266eb7bf9b8ffe5899765efa7bd1abe30))
+* **misconf:** ensure module source is known ([#9404](https://github.com/aquasecurity/trivy/issues/9404)) ([81d9425](https://github.com/aquasecurity/trivy/commit/81d94253c8bc816ad932f7e0c0b8907e1cd759bb))
+* **misconf:** preserve original paths of remote submodules from .terraform ([#9294](https://github.com/aquasecurity/trivy/issues/9294)) ([1319d8d](https://github.com/aquasecurity/trivy/commit/1319d8dc7f4796177876af18f0e13ba1f7086348))
+* **misconf:** use correct field log_bucket instead of target_bucket in gcp bucket ([#9296](https://github.com/aquasecurity/trivy/issues/9296)) ([04ad0c4](https://github.com/aquasecurity/trivy/commit/04ad0c4fc2926a92e9e9ec11bb8eae826ed95827))
+* persistent flag option typo ([#9374](https://github.com/aquasecurity/trivy/issues/9374)) ([6e99dd3](https://github.com/aquasecurity/trivy/commit/6e99dd304c7fad8213489039e7ca42909383b5ff))
+* **plugin:** don't remove plugins when updating index.yaml file ([#9358](https://github.com/aquasecurity/trivy/issues/9358)) ([5f067ac](https://github.com/aquasecurity/trivy/commit/5f067ac15e5c609283bef26a211746a279b6b5d0))
+* **python:** impove package name normalization  ([#9290](https://github.com/aquasecurity/trivy/issues/9290)) ([1473e88](https://github.com/aquasecurity/trivy/commit/1473e88b74ca269691de7827e045703612b90050))
+* **repo:** preserve RepoMetadata on FS cache hit ([#9389](https://github.com/aquasecurity/trivy/issues/9389)) ([4f2a44e](https://github.com/aquasecurity/trivy/commit/4f2a44ea45bed1e842bb2072077da67ec7e744ac))
+* **repo:** sanitize git repo URL before inserting into report metadata ([#9391](https://github.com/aquasecurity/trivy/issues/9391)) ([1ac9b1f](https://github.com/aquasecurity/trivy/commit/1ac9b1f07cea429cc122bf9721e8909c649549cf))
+* **sbom:** add support for `file` component type of `CycloneDX` ([#9372](https://github.com/aquasecurity/trivy/issues/9372)) ([aa7cf43](https://github.com/aquasecurity/trivy/commit/aa7cf4387c5e82c1f629ac14cd6a35b48fc95983))
+* suppress debug log for context cancellation errors ([#9298](https://github.com/aquasecurity/trivy/issues/9298)) ([2458d5e](https://github.com/aquasecurity/trivy/commit/2458d5e28a54da9adec0b36f6b1e6bd4f15a72ce))
+
+## [0.65.0](https://github.com/aquasecurity/trivy/compare/v0.64.0...v0.65.0) (2025-07-30)
+
+
+### Features
+
+* add graceful shutdown with signal handling ([#9242](https://github.com/aquasecurity/trivy/issues/9242)) ([2c05882](https://github.com/aquasecurity/trivy/commit/2c05882f45071928c14d8212ef6c4f0f7048245d))
+* add HTTP request/response tracing support ([#9125](https://github.com/aquasecurity/trivy/issues/9125)) ([aa5b32a](https://github.com/aquasecurity/trivy/commit/aa5b32a19f4d61d0df72c11fd314c5a0b7284202))
+* **alma:** add AlmaLinux 10 support ([#9207](https://github.com/aquasecurity/trivy/issues/9207)) ([861d51e](https://github.com/aquasecurity/trivy/commit/861d51e99a45ee448f86fe195dedcaefb811c919))
+* **flag:** add schema validation for `--server` flag ([#9270](https://github.com/aquasecurity/trivy/issues/9270)) ([ed4640e](https://github.com/aquasecurity/trivy/commit/ed4640ec27f2575a50d7e6d516c9e2e45a59bb7f))
+* **image:** add Docker context resolution ([#9166](https://github.com/aquasecurity/trivy/issues/9166)) ([99cd4e7](https://github.com/aquasecurity/trivy/commit/99cd4e776c0c6cc689126e53fa86ee6333ba6277))
+* **license:** observe pkg types option in license scanner ([#9091](https://github.com/aquasecurity/trivy/issues/9091)) ([d44af8c](https://github.com/aquasecurity/trivy/commit/d44af8cfa21a145d14ca6e5e1ed4742d892f2dc5))
+* **misconf:** add private ip google access attribute to subnetwork ([#9199](https://github.com/aquasecurity/trivy/issues/9199)) ([263845c](https://github.com/aquasecurity/trivy/commit/263845cfc1419401f24adc8bc6316f3ea0caacad))
+* **misconf:** added logging and versioning to the gcp storage bucket ([#9226](https://github.com/aquasecurity/trivy/issues/9226)) ([110f80e](https://github.com/aquasecurity/trivy/commit/110f80ea29951863997dd5a1c48fe14eb81e230b))
+* **repo:** add git repository metadata to reports ([#9252](https://github.com/aquasecurity/trivy/issues/9252)) ([f4b2cf1](https://github.com/aquasecurity/trivy/commit/f4b2cf10e917d58c0840f789e083bd3f268a8af1))
+* **report:** add CVSS vectors in sarif report ([#9157](https://github.com/aquasecurity/trivy/issues/9157)) ([60723e6](https://github.com/aquasecurity/trivy/commit/60723e6cfce82ede2863cf545a189c581246f4e9))
+* **sbom:** add SHA-512 hash support for CycloneDX SBOM ([#9126](https://github.com/aquasecurity/trivy/issues/9126)) ([12d6706](https://github.com/aquasecurity/trivy/commit/12d6706961423acb12430c8b3d986b4aa4671d04))
+
+
+### Bug Fixes
+
+* **alma:** parse epochs from rpmqa file ([#9101](https://github.com/aquasecurity/trivy/issues/9101)) ([82db2fc](https://github.com/aquasecurity/trivy/commit/82db2fcc8034c911cc7a67f5a82d2f081d9c1fdf))
+* also check `filepath` when removing duplicate packages ([#9142](https://github.com/aquasecurity/trivy/issues/9142)) ([4d10a81](https://github.com/aquasecurity/trivy/commit/4d10a815dde53f5e128366f1dd0837a1dc29c17b))
+* **aws:** update amazon linux 2 EOL date ([#9176](https://github.com/aquasecurity/trivy/issues/9176)) ([0ecfed6](https://github.com/aquasecurity/trivy/commit/0ecfed6ea75cfe33e0f436a9015ac72a679e754e))
+* **cli:** Add more non-sensitive flags to telemetry ([#9110](https://github.com/aquasecurity/trivy/issues/9110)) ([7041a39](https://github.com/aquasecurity/trivy/commit/7041a39bdcf21c5b3114137d9a931f529eac2566))
+* **cli:** ensure correct command is picked by telemetry ([#9260](https://github.com/aquasecurity/trivy/issues/9260)) ([b4ad00f](https://github.com/aquasecurity/trivy/commit/b4ad00f301a5fd7326060a567871c6f4a9711696))
+* **cli:** panic: attempt to get os.Args[1] when len(os.Args) < 2 ([#9206](https://github.com/aquasecurity/trivy/issues/9206)) ([adfa879](https://github.com/aquasecurity/trivy/commit/adfa879e4e8ab88f211222a13d2b89013ae9a853))
+* **license:** add missed `GFDL-NIV-1.1` and `GFDL-NIV-1.2` into Trivy mapping ([#9116](https://github.com/aquasecurity/trivy/issues/9116)) ([a692f29](https://github.com/aquasecurity/trivy/commit/a692f296d15f7241ba5ff082e4e69926b1c728a8))
+* **license:** handle WITH operator for `LaxSplitLicenses` ([#9232](https://github.com/aquasecurity/trivy/issues/9232)) ([b4193d0](https://github.com/aquasecurity/trivy/commit/b4193d0d31a167aafdcd9d9ccd89f3f124eef7ee))
+* migrate from `*.list` to `*.md5sums` files for `dpkg` ([#9131](https://github.com/aquasecurity/trivy/issues/9131)) ([f224de3](https://github.com/aquasecurity/trivy/commit/f224de3e39b08672212ec0f94660c36bef77bc30))
+* **misconf:** correctly adapt azure storage account ([#9138](https://github.com/aquasecurity/trivy/issues/9138)) ([51aa022](https://github.com/aquasecurity/trivy/commit/51aa0222604829706193eb2ff3a6886742bb42b4))
+* **misconf:** correctly parse empty port ranges in google_compute_firewall ([#9237](https://github.com/aquasecurity/trivy/issues/9237)) ([77bab7b](https://github.com/aquasecurity/trivy/commit/77bab7b6d25c712e2db7dc53956985c2721728e9))
+* **misconf:** fix log bucket in schema ([#9235](https://github.com/aquasecurity/trivy/issues/9235)) ([7ebc129](https://github.com/aquasecurity/trivy/commit/7ebc129ab726f3133d940708837b7edda2621105))
+* **misconf:** skip rewriting expr if attr is nil ([#9113](https://github.com/aquasecurity/trivy/issues/9113)) ([42ccd3d](https://github.com/aquasecurity/trivy/commit/42ccd3df9a7c838a99facb8248e1a68eaf47a999))
+* **nodejs:** don't use prerelease logic for compare npm constraints  ([#9208](https://github.com/aquasecurity/trivy/issues/9208)) ([fe96436](https://github.com/aquasecurity/trivy/commit/fe96436b99bae3bbfc7498d2ad222d4acccdfcf1))
+* prevent graceful shutdown message on normal exit ([#9244](https://github.com/aquasecurity/trivy/issues/9244)) ([6095984](https://github.com/aquasecurity/trivy/commit/6095984d5340633740204a7a40f002a5643802b9))
+* **rootio:** check full version to detect `root.io` packages ([#9117](https://github.com/aquasecurity/trivy/issues/9117)) ([c2ddd44](https://github.com/aquasecurity/trivy/commit/c2ddd44d98594a2066cb5b5acbb9ad2aaad8fd96))
+* **rootio:** fix severity selection ([#9181](https://github.com/aquasecurity/trivy/issues/9181)) ([6fafbeb](https://github.com/aquasecurity/trivy/commit/6fafbeb60609a020b47266743250ea847234cbbd))
+* **sbom:** merge in-graph and out-of-graph OS packages in scan results ([#9194](https://github.com/aquasecurity/trivy/issues/9194)) ([aa944cc](https://github.com/aquasecurity/trivy/commit/aa944cc6da43e2035f74e9d842f487c0d2f993f4))
+* **sbom:** use correct field for licenses in CycloneDX reports ([#9057](https://github.com/aquasecurity/trivy/issues/9057)) ([143da88](https://github.com/aquasecurity/trivy/commit/143da88dd82dfbe204f4c2afe46af3b01701675d))
+* **secret:** add UTF-8 validation in secret scanner to prevent protobuf marshalling errors ([#9253](https://github.com/aquasecurity/trivy/issues/9253)) ([54832a7](https://github.com/aquasecurity/trivy/commit/54832a77b50e2da3a3ceacbb6ce1b13e45605cde))
+* **secret:** fix line numbers for multiple-line secrets ([#9104](https://github.com/aquasecurity/trivy/issues/9104)) ([e579746](https://github.com/aquasecurity/trivy/commit/e57974649e4a3a275b9cf02db191b3f6bf10340f))
+* **server:** add HTTP transport setup to server mode ([#9217](https://github.com/aquasecurity/trivy/issues/9217)) ([1163b04](https://github.com/aquasecurity/trivy/commit/1163b044c7e91a81bba3a862cc4a38e90182f0b4))
+* supporting .egg-info/METADATA in python.Packaging analyzer ([#9151](https://github.com/aquasecurity/trivy/issues/9151)) ([e306e2d](https://github.com/aquasecurity/trivy/commit/e306e2dc5275c0e75f056c8c7ee9ff9261c78e7f))
+* **terraform:** `for_each` on a map returns a resource for every key ([#9156](https://github.com/aquasecurity/trivy/issues/9156)) ([153318f](https://github.com/aquasecurity/trivy/commit/153318f65f7e5059bcc064bd2cd651cc720791a9))
 
 ## [0.64.0](https://github.com/aquasecurity/trivy/compare/v0.63.0...v0.64.0) (2025-06-30)
 

CONTRIBUTING.md

@@ -1 +1 @@
-See [Issues](https://trivy.dev/latest/community/contribute/issue/) and [Pull Requests](https://trivy.dev/latest/community/contribute/pr/)
+See [Issues](https://trivy.dev/docs/latest/community/contribute/issue/) and [Pull Requests](https://trivy.dev/docs/latest/community/contribute/pr/)

Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:3.21.3
+FROM alpine:3.22.1
 RUN apk --no-cache add ca-certificates git
 COPY trivy /usr/local/bin/trivy
 COPY contrib/*.tpl contrib/

Dockerfile.canary

@@ -1,10 +1,10 @@
-FROM alpine:3.21.3
+FROM alpine:3.22.1
 RUN apk --no-cache add ca-certificates git
 
 # binaries were created with GoReleaser
 # need to copy binaries from folder with correct architecture
 # example architecture folder: dist/trivy_canary_build_linux_arm64/trivy
-# GoReleaser adds _v* to the folder name, but only when GOARCH is amd64 
+# GoReleaser adds _v* to the folder name, but only when GOARCH is amd64
 ARG TARGETARCH
 COPY "dist/trivy_canary_build_linux_${TARGETARCH}*/trivy" /usr/local/bin/trivy
 COPY contrib/*.tpl contrib/

Dockerfile.protoc

@@ -1,20 +0,0 @@
-FROM --platform=linux/amd64 golang:1.24
-
-# Set environment variable for protoc
-ENV PROTOC_ZIP=protoc-3.19.4-linux-x86_64.zip
-
-# Install unzip for protoc installation and clean up cache
-RUN apt-get update && apt-get install -y unzip && rm -rf /var/lib/apt/lists/*
-
-# Download and install protoc
-RUN curl --retry 5 -OL https://github.com/protocolbuffers/protobuf/releases/download/v3.19.4/$PROTOC_ZIP \
-    && unzip -o $PROTOC_ZIP -d /usr/local bin/protoc \
-    && unzip -o $PROTOC_ZIP -d /usr/local 'include/*' \
-    && rm -f $PROTOC_ZIP
-
-# Install Go tools
-RUN go install github.com/twitchtv/twirp/protoc-gen-twirp@v8.1.0
-RUN go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.34.0
-RUN go install github.com/magefile/mage@v1.15.0
-
-ENV TRIVY_PROTOC_CONTAINER=true

README.md

@@ -53,9 +53,9 @@ Trivy is integrated with many popular platforms and applications. The complete l
 - See [Ecosystem] for more
 
 ### Canary builds
-There are canary builds ([Docker Hub](https://hub.docker.com/r/aquasec/trivy/tags?page=1&name=canary), [GitHub](https://github.com/aquasecurity/trivy/pkgs/container/trivy/75776514?tag=canary), [ECR](https://gallery.ecr.aws/aquasecurity/trivy#canary) images and [binaries](https://github.com/aquasecurity/trivy/actions/workflows/canary.yaml)) as generated every push to main branch.
+There are canary builds ([Docker Hub](https://hub.docker.com/r/aquasec/trivy/tags?page=1&name=canary), [GitHub](https://github.com/aquasecurity/trivy/pkgs/container/trivy/75776514?tag=canary), [ECR](https://gallery.ecr.aws/aquasecurity/trivy#canary) images and [binaries](https://github.com/aquasecurity/trivy/actions/workflows/canary.yaml)) generated with every push to the main branch.
 
-Please be aware: canary builds might have critical bugs, it's not recommended for use in production.
+Please be aware: canary builds might have critical bugs, so they are not recommended for use in production.
 
 ### General usage
 
@@ -107,7 +107,7 @@ trivy k8s --report summary cluster
 ## Want more? Check out Aqua
 
 If you liked Trivy, you will love Aqua which builds on top of Trivy to provide even more enhanced capabilities for a complete security management offering.  
-You can find a high level comparison table specific to Trivy users [here](https://trivy.dev/latest/commercial/compare/).
+You can find a high level comparison table specific to Trivy users [here](https://trivy.dev/docs/latest/commercial/compare/).
 In addition check out the <https://aquasec.com> website for more information about our products and services.
 If you'd like to contact Aqua or request a demo, please use this form: <https://www.aquasec.com/demo>
 
@@ -130,13 +130,13 @@ Please ensure to abide by our [Code of Conduct][code-of-conduct] during all inte
 [license]: https://github.com/aquasecurity/trivy/blob/main/LICENSE
 [license-img]: https://img.shields.io/badge/License-Apache%202.0-blue.svg
 [homepage]: https://trivy.dev
-[docs]: https://trivy.dev/latest/docs/
+[docs]: https://trivy.dev/docs/latest/
 [pronunciation]: #how-to-pronounce-the-name-trivy
 [code-of-conduct]: https://github.com/aquasecurity/community/blob/main/CODE_OF_CONDUCT.md
 
-[Installation]:https://trivy.dev/latest/getting-started/installation/
-[Ecosystem]: https://trivy.dev/latest/ecosystem/
-[Scanning Coverage]: https://trivy.dev/latest/docs/coverage/
+[Installation]:https://trivy.dev/docs/latest/getting-started/installation/
+[Ecosystem]: https://trivy.dev/docs/latest/ecosystem/
+[Scanning Coverage]: https://trivy.dev/docs/latest/coverage/
 
 [alpine]: https://ariadne.space/2021/06/08/the-vulnerability-remediation-lifecycle-of-alpine-containers/
 [rego]: https://www.openpolicyagent.org/docs/latest/#rego

SECURITY.md

@@ -2,9 +2,16 @@
 
 ## Supported Versions
 
-This is an open source project that is provided as-is without warrenty or liability.  
-As such no supportability commitment. The maintainers will do the best they can to address any report promptly and responsibly.
+This is an open source project that is provided as-is without warranty or liability.
+As such, there is no supportability commitment. The maintainers will do the best they can to address any report promptly and responsibly.
 
 ## Reporting a Vulnerability
 
-Please use the "Private vulnerability reporting" feature in the GitHub repository (under the "Security" tab). 
+Please use the "Private vulnerability reporting" feature in the GitHub repository (under the "Security" tab).  
+
+⚠️ **Important:**  
+This policy is intended for vulnerabilities in **Trivy itself** (e.g., core functionality, scanning logic, or security features).  
+
+If you discover a vulnerability in a **dependency module** (e.g., a third-party library used by Trivy), please **do not report it here**.  
+Instead, open a ticket in [GitHub Discussions](https://github.com/aquasecurity/trivy/discussions) so that the maintainers and community can evaluate and address it appropriately.
+

buf.gen.yaml

@@ -0,0 +1,13 @@
+version: v2
+plugins:
+  - remote: buf.build/protocolbuffers/go:v1.34.0
+    out: .
+    opt:
+      - paths=source_relative
+  # Using local protoc-gen-twirp since the remote twirp plugin is not available on buf.build
+  - local: protoc-gen-twirp
+    out: .
+    opt:
+      - paths=source_relative
+inputs:
+  - directory: .

buf.yaml

@@ -0,0 +1,10 @@
+version: v2
+modules:
+  - path: .
+    name: buf.build/aquasecurity/trivy
+lint:
+  use:
+    - STANDARD
+breaking:
+  use:
+    - FILE

ci/deploy-rpm.sh

@@ -16,7 +16,7 @@ function create_common_rpm_repo () {
 
                 mkdir -p $rpm_path/$arch
                 cp ../dist/*${prefix}.rpm ${rpm_path}/$arch/
-                createrepo_c -u https://github.com/aquasecurity/trivy/releases/download/ --location-prefix="v"$TRIVY_VERSION --update $rpm_path/$arch
+                createrepo_c -u https://get.trivy.dev/rpm/ --location-prefix="v"$TRIVY_VERSION --update $rpm_path/$arch
                 rm ${rpm_path}/$arch/*${prefix}.rpm
         done
 }
@@ -28,7 +28,7 @@ function create_rpm_repo () {
         mkdir -p $rpm_path
         cp ../dist/*64bit.rpm ${rpm_path}/
 
-        createrepo_c -u https://github.com/aquasecurity/trivy/releases/download/ --location-prefix="v"$TRIVY_VERSION --update $rpm_path
+        createrepo_c -u https://get.trivy.dev/rpm/ --location-prefix="v"$TRIVY_VERSION --update $rpm_path
 
         rm ${rpm_path}/*64bit.rpm
 }

cmd/trivy/main.go

@@ -41,6 +41,11 @@ func run() error {
 		return nil
 	}
 
-	app := commands.NewApp()
-	return app.Execute()
+	// Ensure cleanup on exit
+	defer commands.Cleanup()
+
+	// Set up signal handling for graceful shutdown
+	ctx := commands.NotifyContext(context.Background())
+
+	return commands.Run(ctx)
 }

docs/assets/css/_slick_slider.scss

@@ -1,131 +0,0 @@
-/* Slider */
-.slick-slider{position:relative;display:block;box-sizing:border-box;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none;-webkit-touch-callout:none;-khtml-user-select:none;-ms-touch-action:pan-y;touch-action:pan-y;-webkit-tap-highlight-color:transparent;}
-.slick-list{position:relative;display:block;overflow:hidden;margin:0;padding:0;}
-.slick-list:focus{outline:none;}
-.slick-list.dragging{cursor:hand;}
-.slick-slider .slick-track,.slick-slider .slick-list{transform:translate3d(0,0,0);}
-.slick-track{position:relative;top:0;left:0;display:block;margin-left:auto;margin-right:auto;}
-.slick-track:before,.slick-track:after{display:table;content:'';}
-.slick-track:after{clear:both;}
-.slick-loading .slick-track{visibility:hidden;}
-.slick-slide{display:none;float:left;height:100%;min-height:1px;}
-.slick-slide:focus{outline:none;}
-.slick-slide img{display:block;}
-.slick-slide.slick-loading img{display:none;}
-.slick-slide.dragging img{pointer-events:none;}
-.slick-initialized .slick-slide{display:block;}
-.slick-loading .slick-slide{visibility:hidden;}
-.slick-vertical .slick-slide{display:block;height:auto;border:1px solid transparent;}
-.slick-arrow.slick-hidden{display:none;}
-
-.slick-arrow {display:block;background-color:transparent;border:none;color:transparent;cursor:pointer;position:absolute;top:0px;height:330px;width:80px;z-index:20;outline:none;}
-.slick-arrow:focus, .slick-arrow:active {outline:none;}
-.slick-arrow.slick-prev {left:0px;background-image:linear-gradient(to right, rgba($aq-neo-background,1) 0%, rgba($aq-neo-background,0) 100%);}
-.slick-arrow.slick-next {right:0px;background-image:linear-gradient(to left, rgba($aq-neo-background,1) 0%, rgba($aq-neo-background,0) 100%);}
-.slick-arrow:before {content:"";display:block;position:absolute;left:0px;top:0px;width:100%;height:100%;z-index:21;background-repeat:no-repeat;}
-.slick-arrow.slick-prev:before {background-image:url(../images/arrow_left.png);background-position:center left;}
-.slick-arrow.slick-next:before {background-image:url(../images/arrow_right.png);background-position:center right;}
-
-
-
-/* dots */
-.slick-dotted.slick-slider
-{
-	margin-bottom: 0px;
-}
-
-
-.slick-dots
-{
-	//position: absolute;
-	//bottom: -25px;
-	position: relative;
-	display: block;
-
-	width: 100%;
-	padding: 0;
-	margin: 0;
-
-	list-style: none;
-
-	text-align: center;
-}
-
-
-.slick-dots li {
-	position: relative;
-	display: inline-block;
-	width: 24px;
-	height: 24px;
-	margin: 0px 4px;
-	padding: 0;
-	cursor: pointer;
-}
-
-.slick-dots li button
-{
-	font-size: 0;
-	line-height: 0;
-
-	display: block;
-
-	width: 24px;
-	height: 24px;
-	padding: 0px;
-
-	cursor: pointer;
-
-	color: transparent;
-	border: 0;
-	outline: none;
-	background: transparent;
-
-	&:before {
-
-		position: relative;
-		top: 0px;
-		left: 0px;
-		width: 20px;
-		height: 20px;
-		content: "";
-		background-color: transparent;
-		border: 2px solid $aq-sea-foam;
-		border-radius: 50%;
-		display: block;
-		opacity: 0.7;
-	}
-
-	&:after {
-
-		position: absolute;
-		top: 7px;
-		left: 5px;
-		width: 10px;
-		height: 10px;
-		content: "";
-		background-color: $aq-sea-foam;
-		//border: 1px solid #666;
-		border-radius: 50%;
-		//box-shadow: inset 1px 1px 1px #888;
-		display: block;
-		opacity: 0;
-		transition: 0.2s ease-out;
-
-	}
-
-
-	
-
-}
-.slick-dots li button:hover,
-.slick-dots li button:focus
-{
-	outline: none;
-	&:after {
-		opacity: 1;
-	}
-}
-
-.slick-dots li.slick-active button:after {
-		opacity: 1;
-}

docs/assets/css/_trivy_homepage.scss

@@ -1,411 +0,0 @@
-/* trivy homepage */
-.trivy_v1_homepage_wrap {
-	position: relative;
- 	z-index: 3;
-
-	* {
-		transition: all 0.2s ease !important;
-	}
-
-	
-
-	.hero_wrap {
-		background-color: $aq-trivy-dark;
-		background-image: radial-gradient(1600px at 70% 120%, #031145 10%, $aq-trivy-dark 100%);
-		min-height: 1050px;
-		position: relative;
-		z-index: 10;
-
-
-		.homepage_background_image_wrap {
-			position: absolute;
-			left: 0px;
-			top: 0px;
-			width: 100%;
-			height: 100%;
-			z-index: 1;
-			pointer-events: none;
-
-
-			.stars_wrap {
-				position: absolute;
-				left: 0px;
-				top: 0px;
-				width: 100%;
-				height: 100%;
-				z-index: 1;
-				overflow: hidden;
-				
-				.stars_bg {
-					position: absolute;
-					width: 400vw;
-					height: 400vh;
-					top: 50%;
-					left: 50%;
-					margin-top: -200vh;
-					margin-left: -200vw;
-					animation: stars_ani 240s linear infinite;
-					background-size: 240px;
-					backface-visibility: visible;
-					background-image:url(../images/homepage_hero_stars_02.svg);
-					background-repeat: repeat;
-					
-				}
-
-
-				@keyframes stars_ani {
-					0% { transform: rotate(0deg); }
-					100% { transform: rotate(360deg); }
-				}
-
-			} //stars_wrap
-
-			.terrain_wrap {
-				position: absolute;
-				left: 0px;
-				bottom: 0px;
-				width: 100%;
-				height: 680px;
-				background-image:url(../images/homepage_hero_terrain_08.svg);
-				background-repeat: no-repeat;
-				background-position: center top;
-				background-size: cover;
-				z-index: 2;
-			} // terrain_wrap
-
-
-			.beams_wrap {
-				position: absolute;
-				left: 0px;
-				bottom: 0px;
-				width: 100%;
-				height: 100%;
-				z-index: 3;
-				overflow: hidden;
-
-				.beam {
-					position: absolute;
-					right: 200px;
-					top: 270px;
-					width: 3px;
-					height: 350%;
-					background: rgba(#3eabff,0.6);
-					box-shadow: 0px 0px 55px 0px rgba(#3eabff,1);
-					transform-origin: 0 0;
-					animation: beam_ani 10s infinite;
-					
-					&.num2 {animation: beam_ani 11s infinite;}
-					&.num3 {animation: beam_ani 12s infinite;}
-					&.num4 {animation: beam_ani 13s infinite;}
-				} //beam
-							
-				@keyframes beam_ani {
-					0% { transform: rotate(75deg); }
-					50% { transform: rotate(-15deg); }
-					100% { transform: rotate(75deg); }
-				}
-
-				.sphere {
-					z-index:999;
-					position: absolute;
-					top: 60px;
-					right: 50px;
-					width: 280px;
-					height: 280px;
-					background-image:url(../images/homepage_hero_orb_03.png);
-					background-position: center center;
-					background-repeat: no-repeat;
-				}
-
-			} //beams_wrap
-
-
-			.person_wrap {
-				position: absolute;
-				left: 0px;
-				bottom: 0px;
-				width: 100%;
-				height: 595px;
-				background-image:url(../images/homepage_v1_hero_person_01.png);
-				background-repeat: no-repeat;
-				background-position: center bottom;
-				z-index: 4;
-
-			} // person_wrap				
-			
-
-
-		} //hero_background_image_wrap
-	}
-
-
-
-	.hero {
-
-		
-		.hero-body {
-			padding: 80px 0px;
-			// border: 1px solid red;
-
-			.header_title_wrap {
-				.header_title_content_wrap {
-
-					width: 50%;
-					position: relative;
-					z-index: 3;
-
-					.page_title {
-						color: #ffffff;
-						font-weight: $weight-bold;
-						font-size: 48px; //3rem;
-						line-height: 1.3;
-					}//page_title
-			
-					.page_subtitle {
-						color: #ffffff;
-						font-weight: $weight-normal;
-						font-size: 24px; //1.5rem;
-						line-height: 1.3;
-						margin-bottom: 30px;
-					} //page_subtitle
-
-
-					@media screen and (max-width: $widescreen), print {
-						width: 70%;
-					} //until widescreen
-
-					@media screen and (max-width: $tablet), print { //769
-
-						width: 100%;
-
-						.page_title {
-							font-size: 32px; //2rem;
-						}//page_title
-			
-						.page_subtitle {
-							font-size: 18px; //1.125rem;
-						}//page_subtitle
-			
-					} //until tablet
-
-
-				} //header_title_content_wrap
-
-			} //header_title_wrap
-
-			@media screen and (min-width: $tablet), print { //769
-				padding: 48px 24px; //3rem 1.5rem;
-			}
-		}
-
-	} //hero
-
-
-
-
-
-	// } //page-trivy_homepage
-
-
-
-
-	/* homepage_community */
-	.homepage_community_wrap {
-	position: relative;
-	background-color: $aq-trivy-dark;
-	color: #ffffff;
-	z-index: 5;
-	padding-top: 60px;
-	padding-bottom: 20px;
-
-
-	.container.wide_container {
-		max-width: 1640px;
-		padding-left: 20px;
-		padding-right: 20px;
-		display: flex;
-		flex-direction: row;
-		flex-wrap: wrap;
-	}
-
-
-	.community_titles_column {
-		width: 33.3333%;
-		padding-right: 32px;
-
-		@media screen and (max-width: $desktop), print {
-			width: 41.6666666667%;
-		} //until desktop
-
-		@media screen and (max-width: $tablet), print {
-			width: 100%;
-		} //until tablet
-	}
-
-	.community_slider_column {
-		width: 66.6666%;
-
-		@media screen and (max-width: $desktop), print {
-			width: 58.3333333333%;
-		} //until desktop
-
-		@media screen and (max-width: $tablet), print {
-			width: 100%;
-		} //until tablet
-	}
-
-
-	.community_title {
-		color: $aq-sea-foam;
-		font-size: 60px; //3.75rem;
-		font-weight: $weight-bold;
-		margin-bottom: 24px; ////1.5rem;
-		line-height: 1.2;
-		
-
-	}
-
-	.community_subtitle  {
-		color: #ffffff;
-		font-size: 26px; //1.625rem;
-		margin-bottom: 24px; ////1.5rem;
-		
-
-	}
-
-	.community_cta_wrap {
-
-		.button {
-			font-weight: $weight-bold;
-			margin-right: 10px;
-		}
-		
-	}
-
-	.community_quotes_wrap {
-		position: relative;
-		
-
-		.community_quotes {
-			column-count: 3;
-			column-gap: 20px;
-
-			@media screen and (max-width: $widescreen), print { //1216
-				column-count: 2;
-			}
-
-			@media screen and (max-width: $tablet), print { //769
-				column-count: 1;
-			}
-
-			.quote_item_wrap {
-				display: inline-block;
-				margin: 0px 0px 20px 0px;
-				width: 100%;
-			}
-
-			.quote_item {
-
-				display: block;
-				position: relative;
-				color: #ffffff;
-				border: 1px solid rgba($aq-sea-foam,0.2);
-				background-color: rgba($aq-sea-foam,0.05);
-				border-radius: 4px;
-				padding: 25px;
-
-				.quote_name {
-					font-size: 16px; //1rem;
-					font-weight: $weight-semibold;
-				}
-
-				.quote_twitter_handle {
-					opacity: 0.6;
-					font-size: 13px; //0.8125rem;
-				}
-
-				.quote_company {
-					opacity: 0.6;
-					font-size: 13px; //0.8125rem;
-				}
-
-				.quote_text {
-					font-size: 16px; //1rem;
-					font-weight: $weight-normal;
-					line-height: 1.3;
-				}
-
-				.quote_avatar {
-					display: block;
-					position: absolute;
-					top: 25px;
-					left: 25px;
-					width: 40px;
-					height: 40px;
-					border-radius: 50%;
-					background-repeat: no-repeat;
-					background-position: center center;
-					background-size: cover;
-
-				}
-
-				&.is_tweet {
-
-					.quote_text {
-						padding-top: 10px;
-					}
-					
-
-					&.has_avatar {
-						.quote_name,
-						.quote_twitter_handle {
-							padding-left: 50px;
-						}
-					} //has_avatar
-
-				} //&is_tweet
-
-				&.is_quote {
-
-					.quote_text {
-						position: relative;
-						padding-top: 40px;
-						padding-bottom: 10px;
-
-						&:before {
-							content: "";
-							display: block;
-							position: absolute;
-							top: -10px;
-							left: 0px;
-							width: 56px;
-							height: 42px;
-							background-image: url(../images/community_quote.png);
-							background-position: center center;
-							background-repeat: no-repeat;
-						}
-					} //quote_text
-					
-				} //&is_quote
-
-			} //quote_item
-
-		}
-
-	} //community_quotes_wrap
-
-	@media screen and (max-width: $tablet), print { //tablet
-
-		.community_title {
-			font-size: 32px; //2rem;
-		}
-		.community_subtitle {
-			font-size: 18px; //1.125rem;
-		}
-
-	} //until
-
-
-	} //homepage_community_wrap
-
-} //trivy_homepage_wrap

docs/assets/css/_trivy_partners.scss

@@ -1,177 +0,0 @@
-/* trivy partners page */
-.trivy_v1_homepage_wrap.partners_wrap {
-	position: relative;
-	z-index: 3;
-
-	.partners_hero_wrap {
-		background-color: $aq-trivy-dark;
-		background-image: radial-gradient(1600px at 70% 120%, #031145 10%, $aq-trivy-dark 100%);
-		min-height: 500px;
-		position: relative;
-		z-index: 10;
-
-		.partners_background_image_wrap {
-			position: absolute;
-			left: 0px;
-			top: 0px;
-			width: 100%;
-			height: 100%;
-			z-index: 1;
-			pointer-events: none;
-
-			.stars_wrap {
-				position: absolute;
-				left: 0px;
-				top: 0px;
-				width: 100%;
-				height: 100%;
-				z-index: 1;
-				overflow: hidden;
-				
-				.stars_bg {
-					position: absolute;
-					width: 400vw;
-					height: 400vh;
-					top: 50%;
-					left: 50%;
-					margin-top: -200vh;
-					margin-left: -200vw;
-					animation: stars_ani 240s linear infinite;
-					background-size: 240px;
-					backface-visibility: visible;
-					background-image:url(../images/homepage_hero_stars_02.svg);
-					background-repeat: repeat;
-					
-				}
-
-
-				@keyframes stars_ani {
-					0% { transform: rotate(0deg); }
-					100% { transform: rotate(360deg); }
-				}
-
-			} //stars_wrap
-
-
-
-		} //hero_background_image_wrap
-	} //partners_hero_wrap
-
-
-
-	.hero {
-
-		
-		.hero-body {
-			padding: 80px 0px;
-			// border: 1px solid red;
-
-			.header_title_wrap.with_columns {
-
-				display: flex;
-				flex-direction: row;
-
-				@media screen and (max-width: $desktop) {
-
-					flex-direction: column;
-				}
-
-
-				.header_title_content_wrap {
-
-					width: 50%;
-					position: relative;
-					z-index: 3;
-
-					&.partners_hero_stage_image {
-						align-self: center;
-						align-content: center;
-						img {
-							max-width: 100%;
-						}
-					}
-
-
-					@media screen and (max-width: $widescreen), print {
-						width: 70%;
-					} //until widescreen
-
-					@media screen and (max-width: $tablet), print { //769
-
-						width: 100%;
-
-						.page_title {
-							font-size: 32px; //2rem;
-						}//page_title
-			
-						.page_subtitle {
-							font-size: 18px; //1.125rem;
-						}//page_subtitle
-			
-					} //until tablet
-
-
-				} //header_title_content_wrap
-
-			} //header_title_wrap
-
-			@media screen and (min-width: $tablet), print { //769
-				padding: 48px 24px; //3rem 1.5rem;
-			}
-		}
-
-	} //hero
-
-	
-} //trivy_v1_homepage_wrap partners_wrap
-
-
-
-.partners_logos_wrap {
-	background-color: $aq-trivy-dark;
-	padding: 50px 0px;
-
-	.partners_logos_title {
-		text-align: center;
-		color: #ffffff;
-	}
-
-	.partners_logos {
-		display: flex;
-		flex-direction: row;
-		justify-content: center;
-		align-items: center;
-		gap: 4rem;
-		flex-wrap: wrap;
-
-		.logo_item {
-			display: inline-block;
-			padding: 20px;
-			margin: 0px;
-			
-			// background-color: red;
-			img {
-				display: block;
-				margin: 0px auto;
-				width: auto;
-				max-height: 115px;
-				max-width: 200px;
-				transition: all 0.3s ease;
-				// overflow: hidden;
-			}
-		} //logo_item
-
-		@media screen and (max-width: $tablet) {
-
-			gap: 2rem;
-
-			.logo_item {
-				img {
-					max-height: 80px;
-					max-width: 150px;
-				}
-			}
-		}
-
-	} //partners_logos
-} //partners_logos_wrap

docs/assets/css/trivy_v1_styles.scss

@@ -1,166 +0,0 @@
-/* trivy styles */
-
-//aqua brand colors
-$aq-royal-blue: #1904da;
-$aq-legacy-blue: #08b1d5;
-$aq-coral-red: #ff445f;
-$aq-starfish-yellow: #ffc900;
-$aq-dark-abyss: #07242d;
-$aq-deep-sea-blue: #183278;
-$aq-ocean-ash: #405a75;
-$aq-sea-foam: #00ffe4;
-
-$aq-neo-background: #ebf3fa;
-$aq-neo-background-hover: #f0f8ff;
-
-
-$aq-royal-blue-dark: #1503ba;
-
-$aq-trivy-dark: #0a0b23;
-
-$weight-normal: 400;
-$weight-semibold: 600;
-$weight-bold: 700;
-
-
-
-$gap: 32px;
-// 960, 1152, and 1344 have been chosen because they are divisible by both 12 and 16
-$tablet: 769px;
-
-// 960px container + 4rem
-$desktop: 960px + 2 * $gap;
-
-// 1152px container + 4rem
-$widescreen: 1152px + 2 * $gap;
-$widescreen-enabled: true;
-
-// 1344px container + 4rem
-$fullhd: 1344px + 2 * $gap;
-$fullhd-enabled: true;
-
-
-
-body {
-
-	font-family: "Inter", sans-serif;
-}
-
-
-.container {
-	width: 100%;
-	margin: 0 auto;
-	max-width: 1440px;
-
-	&.is-relative {
-		position: relative;
-	}
-
-	@media screen and (max-width: $tablet), print { //769
-		padding: 0 24px;
-		max-width: calc( 100% - 48px); //$tablet; //769
-	} //until tablet
-
-}
-
-
-.generic_title {
-	font-size: 1.75rem;
-	font-weight: $weight-bold;
-	margin: 0.75rem 1.25rem 0.75rem 0.75rem;
-	color: $aq-royal-blue;
-}
-
-.generic_subtitle {
-	font-size: 1.125rem;
-	opacity: 0.8;
-	margin: 0.75rem;
-}
-
-
-.button {
-
-	background-color: #ebf3fa;
-	border: 1px solid #dbdbdb;
-	border-width: 1px;
-	color: #363636;
-	cursor: pointer;
-	justify-content: center;
-	padding-bottom: calc(.5em - 1px);
-	padding-left: 1em;
-	padding-right: 1em;
-	padding-top: calc(.5em - 1px);
-	text-align: center;
-	white-space: nowrap;
-	border-radius: 4px;
-	transition: all .2s ease;
-	font-size: 16px;
-	display: inline-block;
-	font-weight: 700;
-	
-	&.is-seafoam {
-		background-color: $aq-sea-foam;
-		border-color: $aq-sea-foam;
-		color: $aq-dark-abyss;
-
-
-		&.is-outlined {
-			background-color: rgba(0,0,0,0);
-			border-color: $aq-sea-foam;
-			color: $aq-sea-foam;
-			border-width: 2px;
-
-			&:hover {
-				background-color: $aq-sea-foam;
-				color: $aq-dark-abyss;
-			}
-		} //is-outlines
-		
-	} //is-seafoam
-
-	&.large_btn {
-		font-size: 22px;
-		padding: 16px 27px;
-		margin-right: 12px;
-
-		@media screen and (max-width: $tablet), print {
-			font-size: 18px;
-		} //until tablet
-	}
-	
-
-
-	&.solidseafoamarrowbutton {
-		
-		background-color: $aq-sea-foam;
-		font-weight: 700;
-		border: 2px solid $aq-sea-foam;
-		font-size: 22px; //1.375rem; //1.125rem;
-		padding: 16px 27px;
-		color: $aq-dark-abyss;
-
-
-		&:after {
-				content: "";
-				border: solid $aq-dark-abyss;
-				border-width: 0 2px 2px 0;
-				display: inline-block;
-				padding: 4px;
-				transform: rotate(-45deg);
-				margin-left: 30px;
-				vertical-align: middle;
-				transition: all .2s;
-		}
-	} //solidseafoamarrowbutton
-
-} //button
-
-.margin-bottom-20 {
-	margin-bottom: 20px;
-}
-
-
-@import "_slick_slider";
-
-@import "_trivy_homepage";
-@import "_trivy_partners";

docs/assets/images/homepage_hero_stars_02.svg

@@ -1 +0,0 @@
-<svg version="1.1" id="Layer_2" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px" viewBox="0 0 240 240" enable-background="new 0 0 240 240" xml:space="preserve"><rect x="106" y="90" fill="#00ffe4" width="2" height="2"/><rect x="74" y="63" fill="#00ffe4" width="1" height="1"/><rect x="23" y="66" fill="#00ffe4" width="1" height="1"/><rect x="50" y="110" fill="#00ffe4" width="1" height="1"/><rect x="63" y="128" fill="#00ffe4" width="1" height="1"/><rect x="45" y="149" fill="#00ffe4" width="1" height="1"/><rect x="92" y="151" fill="#00ffe4" width="1" height="1"/><rect x="58" y="8" fill="#00ffe4" width="1" height="1"/><rect x="147" y="33" fill="#00ffe4" width="2" height="2"/><rect x="91" y="43" fill="#00ffe4" width="1" height="1"/><rect x="169" y="29" fill="#ffffff" width="1" height="1"/><rect x="182" y="19" fill="#00ffe4" width="1" height="1"/><rect x="161" y="59" fill="#00ffe4" width="1" height="1"/><rect x="138" y="95" fill="#00ffe4" width="1" height="1"/><rect x="199" y="71" fill="#ffffff" width="3" height="3"/><rect x="213" y="153" fill="#00ffe4" width="2" height="2"/><rect x="128" y="163" fill="#ffffff" width="1" height="1"/><rect x="205" y="174" fill="#00ffe4" width="1" height="1"/><rect x="152" y="200" fill="#00ffe4" width="1" height="1"/><rect x="52" y="211" fill="#00ffe4" width="2" height="2"/><rect y="191" fill="#00ffe4" width="1" height="1"/><rect x="110" y="184" fill="#00ffe4" width="1" height="1"/></svg>

docs/assets/images/partner_logo_echo.svg

@@ -1,20 +0,0 @@
-<svg width="214" height="63" viewBox="0 0 214 63" fill="none" xmlns="http://www.w3.org/2000/svg">
-<g clip-path="url(#clip0_105_3432)">
-<g clip-path="url(#clip1_105_3432)">
-<path d="M91.1057 16.7456C93.9686 16.7456 96.4222 17.33 98.4665 18.4988C100.511 19.6676 102.079 21.2859 103.169 23.3538C104.305 25.3767 104.873 27.7143 104.873 30.3665C104.873 30.9509 104.851 31.5128 104.805 32.0523C104.759 32.5467 104.669 33.0188 104.533 33.4683H84.018C84.063 38.0985 84.9265 41.4251 86.6078 43.448C88.3341 45.4709 90.8333 46.4824 94.1048 46.4824C96.3765 46.4824 98.2166 46.1227 99.6255 45.4034C101.034 44.6393 102.329 43.5828 103.51 42.2343L104.601 43.2457C103.237 45.7182 101.374 47.6512 99.012 49.0447C96.6946 50.3933 93.923 51.0676 90.6971 51.0676C87.4706 51.0676 84.6309 50.3933 82.1773 49.0447C79.7238 47.6961 77.7931 45.7631 76.3842 43.2457C75.0209 40.6833 74.3398 37.6265 74.3398 34.0752C74.3398 30.389 75.1346 27.2647 76.7253 24.7024C78.3611 22.1401 80.451 20.1846 82.9952 18.8359C85.585 17.4424 88.2885 16.7456 91.1057 16.7456ZM90.7652 18.7011C89.4475 18.7011 88.2885 19.0832 87.2895 19.8474C86.3348 20.5667 85.5625 21.8703 84.9721 23.7584C84.4266 25.6015 84.1086 28.2088 84.018 31.5803H96.2172C96.7171 27.0399 96.5359 23.7584 95.6724 21.7354C94.8089 19.7125 93.1732 18.7011 90.7652 18.7011Z" fill="white"/>
-<path d="M125.043 51.0676C121.953 51.0676 119.159 50.4158 116.66 49.1121C114.16 47.7635 112.184 45.8305 110.73 43.3131C109.321 40.7508 108.617 37.649 108.617 34.0078C108.617 30.3666 109.413 27.2647 111.003 24.7024C112.593 22.1401 114.706 20.1846 117.341 18.8359C120.022 17.4424 122.953 16.7456 126.133 16.7456C128.723 16.7456 130.927 17.1727 132.744 18.0268C134.561 18.8809 135.947 19.9823 136.902 21.3309C137.856 22.6345 138.333 24.0281 138.333 25.5116C138.333 26.7703 137.947 27.7367 137.174 28.4111C136.447 29.0853 135.493 29.4225 134.311 29.4225C133.039 29.4225 131.995 28.9729 131.177 28.0739C130.404 27.1748 129.95 26.0285 129.814 24.635C129.768 23.7359 129.768 22.9717 129.814 22.3423C129.904 21.713 129.904 21.1061 129.814 20.5217C129.632 19.7575 129.314 19.2406 128.859 18.9708C128.45 18.7011 127.86 18.5662 127.088 18.5662C124.225 18.5662 122.021 19.7125 120.477 22.0052C118.977 24.2528 118.227 27.9165 118.227 32.9963C118.227 37.3568 119.068 40.7058 120.749 43.0434C122.43 45.381 125.043 46.5498 128.586 46.5498C130.677 46.5498 132.403 46.1677 133.767 45.4034C135.129 44.5943 136.379 43.448 137.515 41.9645L138.606 42.7737C137.47 45.4709 135.72 47.5388 133.357 48.9772C131.04 50.3708 128.268 51.0676 125.043 51.0676Z" fill="white"/>
-<path d="M140.628 50.1236V48.775L141.514 48.5053C143.15 48.0108 143.967 46.8869 143.967 45.1337V10.4072C143.967 9.46321 143.809 8.76643 143.491 8.31689C143.173 7.82236 142.559 7.46278 141.651 7.23798L140.628 6.96825V5.6871L152.146 2.7876L153.237 3.39447L152.964 12.9021V21.5332C154.555 20.2295 156.281 19.1057 158.144 18.1617C160.052 17.2177 162.097 16.7456 164.278 16.7456C167.277 16.7456 169.617 17.5773 171.298 19.2406C173.024 20.9039 173.888 23.4662 173.888 26.9276V45.2012C173.888 46.1002 174.07 46.8195 174.433 47.359C174.797 47.8984 175.433 48.303 176.342 48.5727L176.955 48.775V50.1236H161.416V48.775L162.234 48.5053C163.869 48.0557 164.687 46.9319 164.687 45.1337V25.6464C164.687 23.8034 164.369 22.5222 163.733 21.8029C163.097 21.0837 161.984 20.724 160.393 20.724C159.303 20.724 158.144 20.9263 156.917 21.3309C155.736 21.7355 154.487 22.4098 153.169 23.3538V45.2686C153.169 46.1677 153.351 46.8869 153.714 47.4264C154.077 47.9658 154.691 48.348 155.554 48.5727L156.167 48.775V50.1236L140.628 50.1236Z" fill="white"/>
-<path d="M196.734 51.0676C193.372 51.0676 190.418 50.3708 187.874 48.9772C185.375 47.5837 183.421 45.6058 182.012 43.0434C180.649 40.4811 179.968 37.4242 179.968 33.8729C179.968 30.3215 180.694 27.2647 182.148 24.7024C183.648 22.1401 185.647 20.1846 188.146 18.8359C190.691 17.4424 193.553 16.7456 196.734 16.7456C199.915 16.7456 202.754 17.4424 205.253 18.8359C207.798 20.1846 209.797 22.1401 211.251 24.7024C212.75 27.2198 213.5 30.2766 213.5 33.8729C213.5 37.4242 212.796 40.5035 211.387 43.1109C210.024 45.6732 208.093 47.6512 205.594 49.0447C203.095 50.3933 200.142 51.0676 196.734 51.0676ZM196.734 49.1796C198.369 49.1796 199.687 48.7525 200.687 47.8984C201.732 46.9993 202.482 45.4484 202.936 43.2457C203.39 41.043 203.618 37.9636 203.618 34.0078C203.618 30.0069 203.39 26.9051 202.936 24.7024C202.482 22.4547 201.732 20.9038 200.687 20.0497C199.687 19.1507 198.369 18.7011 196.734 18.7011C195.098 18.7011 193.78 19.1507 192.781 20.0497C191.782 20.9038 191.032 22.4547 190.532 24.7024C190.078 26.9051 189.85 30.0069 189.85 34.0078C189.85 37.9636 190.078 41.043 190.532 43.2457C191.032 45.4484 191.782 46.9993 192.781 47.8984C193.78 48.7525 195.098 49.1796 196.734 49.1796Z" fill="white"/>
-<path d="M19.851 31.1743C19.851 45.9125 27.2427 56.2352 30.8683 60.3905C32.079 61.7781 31.767 62.4352 29.9322 62.2793C13.4366 60.8757 0.5 47.4855 0.5 31.1743C0.5 14.5469 13.943 0.954861 30.8953 0.00118455C31.5519 -0.0357474 31.9018 0.79971 31.4502 1.27776C28.132 4.79122 19.851 15.1633 19.851 31.1743Z" fill="white"/>
-<path d="M45.4656 31.1876C45.4656 42.1671 41.9304 51.0676 38.3656 51.0676C34.8008 51.0676 31.2656 42.1671 31.2656 31.1876C31.2656 20.2082 34.8009 11.3076 38.3656 11.3076C41.9303 11.3076 45.4656 20.2082 45.4656 31.1876Z" fill="white"/>
-</g>
-</g>
-<defs>
-<clipPath id="clip0_105_3432">
-<rect width="213.24" height="61.9812" fill="white" transform="translate(0.612305 0.481934)"/>
-</clipPath>
-<clipPath id="clip1_105_3432">
-<rect width="213" height="62.3018" fill="white" transform="translate(0.5)"/>
-</clipPath>
-</defs>
-</svg>

docs/assets/images/partner_logo_minimus.svg

@@ -1,17 +0,0 @@
-<svg width="123" height="113" viewBox="0 0 123 113" fill="none" xmlns="http://www.w3.org/2000/svg">
-<g clip-path="url(#clip0_105_3430)">
-<path d="M15.33 112.944H13.0356V102.463C13.0356 101.776 12.8778 101.217 12.5647 100.784C12.2516 100.333 11.7506 100.107 11.0643 100.107C10.4181 100.107 9.887 100.353 9.47629 100.844C9.08299 101.315 8.88765 102.052 8.88765 103.051V112.944H6.59327V102.345C6.59327 101.699 6.41796 101.168 6.06471 100.756C5.71157 100.325 5.24067 100.109 4.65203 100.109C3.94574 100.109 3.39715 100.365 3.00395 100.875C2.63068 101.386 2.44535 102.052 2.44535 102.876V112.944H0.148438V98.3424H2.44282V99.9321H2.79607C3.05149 99.2448 3.42477 98.7441 3.91316 98.431C4.40409 98.0968 4.98271 97.9292 5.64895 97.9292C6.35534 97.9292 6.93387 98.1147 7.38473 98.4879C7.85562 98.8621 8.17883 99.3428 8.35667 99.9321H8.70981C9.37604 98.5986 10.4356 97.9292 11.8883 97.9292C12.9879 97.9292 13.8296 98.2824 14.4182 98.9897C15.0269 99.676 15.3299 100.578 15.3299 101.699L15.33 112.944Z" fill="white"/>
-<path d="M24.2491 93.9842C24.2491 93.456 24.432 93.0101 24.7952 92.6433C25.1784 92.2606 25.6343 92.0698 26.1627 92.0698C26.6913 92.0698 27.1371 92.2606 27.5029 92.6433C27.8861 93.0101 28.0765 93.4561 28.0765 93.9842C28.0765 94.5134 27.8861 94.9698 27.5029 95.3525C27.1371 95.7183 26.6913 95.8996 26.1627 95.8996C25.6343 95.8996 25.1784 95.7162 24.7952 95.3525C24.4295 94.9698 24.2491 94.5134 24.2491 93.9842ZM20.1738 110.825H25.2936V100.463H21.2033V98.3431H27.588V110.825H32.3546V112.945H20.1738V110.825Z" fill="white"/>
-<path d="M39.4916 112.943H37.1973V98.3422H39.4916V100.816H39.8448C40.7465 98.8946 42.317 97.9321 44.5513 97.9321C46.2395 97.9321 47.582 98.4603 48.5815 99.5207C49.5809 100.56 50.0819 102.132 50.0819 104.23V112.943H47.7875V104.701C47.7875 103.169 47.4444 102.021 46.758 101.257C46.0717 100.493 45.14 100.11 43.9627 100.11C42.57 100.11 41.4704 100.591 40.6664 101.553C39.8824 102.496 39.4891 103.761 39.4891 105.349V112.946L39.4916 112.943Z" fill="white"/>
-<path d="M87.1294 112.944H84.8347V102.463C84.8347 101.776 84.6769 101.217 84.3638 100.784C84.0507 100.333 83.5498 100.107 82.8635 100.107C82.2172 100.107 81.6862 100.353 81.2754 100.844C80.8822 101.315 80.6869 102.052 80.6869 103.051V112.944H78.3925V102.345C78.3925 101.699 78.2171 101.168 77.8639 100.756C77.5108 100.325 77.0399 100.109 76.4513 100.109C75.7449 100.109 75.1964 100.365 74.8031 100.875C74.4299 101.386 74.2446 102.052 74.2446 102.876V112.944H71.9502V98.3424H74.2446V99.9321H74.5977C74.8533 99.2448 75.2264 98.7441 75.7148 98.431C76.2057 98.0968 76.7844 97.9292 77.4507 97.9292C78.157 97.9292 78.7356 98.1147 79.1865 98.4879C79.6574 98.8621 79.9805 99.3428 80.1583 99.9321H80.5115C81.1778 98.5986 82.2372 97.9292 83.6901 97.9292C84.7897 97.9292 85.6312 98.2824 86.2199 98.9897C86.829 99.676 87.1315 100.578 87.1315 101.699V112.944H87.1294Z" fill="white"/>
-<path d="M102.564 97.9292H104.858V112.529H102.564V109.881H102.211C101.74 110.824 101.121 111.57 100.357 112.119C99.5933 112.667 98.6214 112.944 97.4439 112.944C96.6396 112.944 95.8932 112.806 95.207 112.533C94.5408 112.276 93.962 111.885 93.4708 111.354C93.0006 110.826 92.6275 110.167 92.3544 109.383C92.0983 108.597 91.9707 107.685 91.9707 106.646V97.9324H94.2656V106.352C94.2656 107.884 94.5787 109.001 95.207 109.708C95.8353 110.415 96.7946 110.768 98.0901 110.768C99.4827 110.768 100.573 110.297 101.356 109.354C102.16 108.393 102.564 107.116 102.564 105.528V97.9292Z" fill="white"/>
-<path d="M112.703 101.699C112.703 102.405 112.996 102.944 113.585 103.318C114.193 103.691 115.29 103.937 116.88 104.055C118.587 104.192 119.881 104.603 120.766 105.29C121.667 105.956 122.118 106.939 122.118 108.234V108.409C122.118 109.117 121.971 109.753 121.678 110.325C121.401 110.873 121.011 111.344 120.5 111.737C120.009 112.132 119.401 112.425 118.676 112.62C117.97 112.836 117.196 112.943 116.352 112.943C115.215 112.943 114.233 112.796 113.409 112.502C112.606 112.189 111.929 111.786 111.377 111.295C110.849 110.783 110.446 110.214 110.17 109.588C109.895 108.941 109.739 108.292 109.699 107.645L111.876 107.117C111.974 108.234 112.404 109.139 113.172 109.826C113.935 110.492 114.957 110.825 116.232 110.825C117.311 110.825 118.174 110.62 118.822 110.207C119.488 109.776 119.821 109.177 119.821 108.409C119.821 107.585 119.498 106.997 118.849 106.643C118.203 106.289 117.153 106.064 115.701 105.966C114.013 105.849 112.72 105.455 111.816 104.788C110.915 104.122 110.463 103.149 110.463 101.874V101.699C110.463 101.011 110.611 100.412 110.904 99.9012C111.197 99.3731 111.59 98.9293 112.082 98.5761C112.593 98.2219 113.161 97.9563 113.787 97.7813C114.416 97.6063 115.072 97.5156 115.759 97.5156C116.72 97.5156 117.562 97.6537 118.289 97.9268C119.015 98.1819 119.623 98.5255 120.112 98.9567C120.602 99.3678 120.976 99.8485 121.229 100.4C121.505 100.949 121.68 101.498 121.758 102.05L119.581 102.578C119.483 101.635 119.1 100.898 118.434 100.37C117.788 99.8411 116.933 99.5755 115.873 99.5755C115.463 99.5755 115.06 99.6261 114.666 99.7241C114.293 99.801 113.96 99.9286 113.667 100.107C113.374 100.283 113.139 100.511 112.961 100.784C112.786 101.04 112.695 101.342 112.695 101.695L112.703 101.699Z" fill="white"/>
-<path d="M58.9985 93.9842C58.9985 93.456 59.1814 93.0101 59.5446 92.6433C59.9278 92.2606 60.3837 92.0698 60.9122 92.0698C61.4407 92.0698 61.8865 92.2606 62.2522 92.6433C62.6355 93.0101 62.8259 93.4561 62.8259 93.9842C62.8259 94.5134 62.6355 94.9698 62.2522 95.3525C61.8865 95.7183 61.4407 95.8996 60.9122 95.8996C60.3837 95.8996 59.9278 95.7162 59.5446 95.3525C59.1789 94.9698 58.9985 94.5134 58.9985 93.9842ZM54.9258 110.825H60.0455V100.463H55.9553V98.3431H62.3399V110.825H67.1065V112.945H54.9258V110.825Z" fill="white"/>
-<path d="M25.8652 0V71.4913H97.3429V0H25.8652ZM61.8864 47.5845H58.2681V31.0561C58.2681 29.9728 58.02 29.0909 57.5238 28.4104C57.0273 27.6993 56.2396 27.3439 55.1563 27.3439C54.1336 27.3439 53.2987 27.7294 52.6481 28.5041C52.0278 29.2484 51.7192 30.4088 51.7192 31.9849V47.5845H48.0976V30.8716C48.0976 29.8488 47.8191 29.0139 47.2627 28.3633C46.706 27.6826 45.9617 27.3405 45.0327 27.3405C43.9196 27.3405 43.051 27.7428 42.4341 28.5478C41.8473 29.3523 41.5521 30.4055 41.5521 31.7031V47.5812H37.9305V24.554H41.5521V27.0623H42.1087C42.511 25.9791 43.0981 25.191 43.8725 24.6948C44.6471 24.1683 45.5592 23.9065 46.6121 23.9065C47.7255 23.9065 48.6409 24.2017 49.3517 24.7885C50.0927 25.3756 50.6059 26.1332 50.8843 27.0623H51.4408C52.4939 24.9563 54.1637 23.9065 56.4539 23.9065C58.1875 23.9065 59.5189 24.4635 60.4477 25.5765C61.4069 26.6598 61.8864 28.0851 61.8864 29.8488V47.5845ZM85.2771 37.433H68.4942V34.0585H85.2771V37.433Z" fill="white"/>
-</g>
-<defs>
-<clipPath id="clip0_105_3430">
-<rect width="121.97" height="112.945" fill="white" transform="translate(0.148438)"/>
-</clipPath>
-</defs>
-</svg>

docs/assets/images/partner_logo_root.svg

@@ -1,15 +0,0 @@
-<svg width="195" height="45" viewBox="0 0 195 45" fill="none" xmlns="http://www.w3.org/2000/svg">
-<g clip-path="url(#clip0_105_3431)">
-<path d="M90.2387 8.59574C86.5111 8.59574 83.6196 9.64525 81.5667 11.7397C79.5094 13.8342 78.4814 16.7784 78.4814 20.5738V43.2223H83.6775V21.0333C83.6775 18.4579 84.3028 16.5279 85.561 15.2417C86.8162 13.9525 88.5701 13.3086 90.8226 13.3086C91.6905 13.3086 92.5979 13.4177 93.5527 13.6359V8.98758C92.7717 8.72485 91.6691 8.59424 90.2402 8.59424" fill="white"/>
-<path d="M126.189 13.6696C122.833 10.289 118.644 8.59717 113.619 8.59717C108.594 8.59717 104.404 10.289 101.049 13.6696C97.6938 17.0534 96.0176 21.296 96.0176 26.4007C96.0176 31.5054 97.6815 35.7634 101.018 39.1655C104.352 42.5676 108.554 44.2702 113.619 44.2702C118.684 44.2702 122.885 42.5691 126.222 39.1655C129.556 35.7634 131.223 31.5069 131.223 26.4007C131.223 21.2945 129.547 17.0534 126.189 13.6696ZM122.455 35.7941C120.117 38.3035 117.17 39.5588 113.619 39.5588C110.068 39.5588 107.134 38.3127 104.816 35.828C102.501 33.34 101.343 30.1961 101.343 26.4007C101.343 22.6052 102.502 19.4642 104.816 16.9765C107.134 14.4887 110.068 13.2455 113.619 13.2455C117.17 13.2455 120.117 14.4887 122.455 16.9765C124.795 19.4642 125.964 22.6051 125.964 26.4007C125.964 30.1963 124.795 33.2848 122.455 35.7941Z" fill="white"/>
-<path d="M166.919 13.6696C163.564 10.289 159.375 8.59717 154.349 8.59717C149.324 8.59717 145.134 10.289 141.78 13.6696C138.424 17.0534 136.748 21.296 136.748 26.4007C136.748 31.5054 138.412 35.7634 141.749 39.1655C145.082 42.5676 149.285 44.2702 154.349 44.2702C159.415 44.2702 163.616 42.5691 166.952 39.1655C170.287 35.7634 171.954 31.5069 171.954 26.4007C171.954 21.2945 170.275 17.0534 166.919 13.6696ZM163.187 35.7941C160.845 38.3035 157.9 39.5588 154.349 39.5588C150.799 39.5588 147.865 38.3127 145.547 35.828C143.232 33.34 142.074 30.1961 142.074 26.4007C142.074 22.6052 143.233 19.4642 145.547 16.9765C147.865 14.4887 150.799 13.2455 154.349 13.2455C157.9 13.2455 160.845 14.4887 163.187 16.9765C165.525 19.4642 166.694 22.6051 166.694 26.4007C166.694 30.1963 165.525 33.2848 163.187 35.7941Z" fill="white"/>
-<path d="M182.225 9.6446L179.975 14.2284H194.612V9.6446H182.225ZM185.077 37.1658C183.778 35.8796 183.128 33.9727 183.128 31.4403V0.675293H177.932V31.9643C177.932 35.8042 178.959 38.7485 181.017 40.7983C183.074 42.8498 185.987 43.8731 189.754 43.8731C191.183 43.8731 192.436 43.655 193.521 43.2201V38.6378C192.74 38.9436 191.747 39.0974 190.532 39.0974C188.195 39.0974 186.379 38.455 185.075 37.1642" fill="white"/>
-<path d="M43.0491 0.675293C30.0883 0.675293 19.5439 11.2994 19.5439 24.3582V43.417H33.8967V24.3582C33.8967 19.2737 38.0028 15.1366 43.0491 15.1366H53.3235V0.675293H43.0491Z" fill="white"/>
-<path d="M0.118164 12.0776V26.5389H10.3926C15.4389 26.5389 19.545 30.6759 19.545 35.7604V43.4164H33.8978V35.7604C33.8978 22.7017 23.3534 12.0776 10.3926 12.0776L0.118164 12.0776Z" fill="white"/>
-</g>
-<defs>
-<clipPath id="clip0_105_3431">
-<rect width="194.494" height="43.5947" fill="white" transform="translate(0.118164 0.675293)"/>
-</clipPath>
-</defs>
-</svg>

docs/assets/images/partners_hero_stage_full.svg

@@ -1,136 +0,0 @@
-<svg width="955" height="552" viewBox="0 0 955 552" fill="none" xmlns="http://www.w3.org/2000/svg">
-<g clip-path="url(#clip0_105_3404)">
-<path style="mix-blend-mode:screen" d="M477.5 550.515C739.041 550.515 951.062 493.881 951.062 424.02C951.062 354.159 739.041 297.525 477.5 297.525C215.959 297.525 3.93848 354.159 3.93848 424.02C3.93848 493.881 215.959 550.515 477.5 550.515Z" fill="url(#paint0_radial_105_3404)"/>
-<path d="M477.429 517.872C662.885 517.872 813.227 471.96 813.227 415.324C813.227 358.688 662.885 312.776 477.429 312.776C291.972 312.776 141.63 358.688 141.63 415.324C141.63 471.96 291.972 517.872 477.429 517.872Z" fill="url(#paint1_radial_105_3404)" style="mix-blend-mode:screen"/>
-<path d="M477.499 483.397C408.305 483.397 346.09 475.886 297.949 462.558C257.175 451.269 232.037 437.294 221.353 422.418C212.469 410.048 214.366 398.034 224.335 386.952C232.921 377.408 247.227 368.914 265.452 361.526C281.004 355.221 298.91 349.929 318.43 345.55C335.215 341.785 353.006 338.733 371.507 336.329C388.652 334.101 406.148 332.463 423.91 331.372C441.601 330.285 459.458 329.75 477.499 329.75C495.541 329.75 513.398 330.285 531.089 331.372C548.851 332.463 566.347 334.101 583.492 336.329C601.993 338.733 619.784 341.785 636.569 345.55C656.089 349.929 673.995 355.221 689.547 361.526C707.771 368.914 722.078 377.408 730.664 386.952C740.633 398.034 742.53 410.048 733.646 422.418C722.962 437.294 697.824 451.269 657.05 462.558C608.908 475.886 546.694 483.397 477.499 483.397ZM477.499 332.335C409.79 332.335 332.638 342.537 291.568 361.526C217.996 395.542 266.477 452.503 477.499 452.503C688.522 452.503 737.002 395.542 663.431 361.526C622.361 342.537 545.209 332.335 477.499 332.335Z" fill="url(#paint2_linear_105_3404)"/>
-<path d="M477.499 483.397C408.305 483.397 346.09 475.886 297.949 462.558C257.175 451.269 232.037 437.294 221.353 422.418C212.469 410.048 214.366 398.034 224.335 386.952C232.921 377.408 247.227 368.914 265.452 361.526C281.004 355.221 298.91 349.929 318.43 345.55C335.215 341.785 353.006 338.733 371.507 336.329C388.652 334.101 406.148 332.463 423.91 331.372C441.601 330.285 459.458 329.75 477.499 329.75C495.541 329.75 513.398 330.285 531.089 331.372C548.851 332.463 566.347 334.101 583.492 336.329C601.993 338.733 619.784 341.785 636.569 345.55C656.089 349.929 673.995 355.221 689.547 361.526C707.771 368.914 722.078 377.408 730.664 386.952C740.633 398.034 742.53 410.048 733.646 422.418C722.962 437.294 697.824 451.269 657.05 462.558C608.908 475.886 546.694 483.397 477.499 483.397ZM477.499 332.335C409.79 332.335 332.638 342.537 291.568 361.526C217.996 395.542 266.477 452.503 477.499 452.503C688.522 452.503 737.002 395.542 663.431 361.526C622.361 342.537 545.209 332.335 477.499 332.335Z" fill="url(#paint3_radial_105_3404)" style="mix-blend-mode:screen"/>
-<path d="M259.918 195.625V396.907C259.918 421.741 335.038 450.272 479.289 450.272C623.54 450.272 694.755 421.741 694.755 396.907V195.625H259.918Z" fill="url(#paint4_radial_105_3404)" style="mix-blend-mode:screen"/>
-</g>
-<rect x="270" width="127.4" height="127.4" rx="63.7" fill="url(#paint5_radial_105_3404)" style="mix-blend-mode:screen"/>
-<path d="M308.683 38.6782V88.7221H358.717V38.6782H308.683ZM333.897 71.9874H331.365V60.4175C331.365 59.6592 331.191 59.0418 330.844 58.5655C330.496 58.0677 329.945 57.8189 329.186 57.8189C328.47 57.8189 327.886 58.0888 327.431 58.6311C326.996 59.1521 326.78 59.9644 326.78 61.0677V71.9874H324.245V60.2883C324.245 59.5724 324.05 58.988 323.661 58.5325C323.271 58.056 322.75 57.8166 322.1 57.8166C321.321 57.8166 320.713 58.0982 320.281 58.6617C319.87 59.2249 319.663 59.962 319.663 60.8704V71.985H317.128V55.8661H319.663V57.6218H320.053C320.335 56.8636 320.746 56.3119 321.288 55.9646C321.83 55.596 322.468 55.4128 323.205 55.4128C323.985 55.4128 324.626 55.6194 325.123 56.0302C325.642 56.4411 326.001 56.9715 326.196 57.6218H326.585C327.323 56.1476 328.492 55.4128 330.095 55.4128C331.308 55.4128 332.24 55.8026 332.89 56.5818C333.562 57.3401 333.897 58.3378 333.897 59.5724V71.9874ZM350.271 64.8814H338.523V62.5192H350.271V64.8814Z" fill="white"/>
-<rect x="582" y="53" width="127.4" height="127.4" rx="63.7" fill="url(#paint6_radial_105_3404)" style="mix-blend-mode:screen"/>
-<path d="M657.129 101.741C648.057 101.741 640.676 109.178 640.676 118.319V131.66H650.723V118.319C650.723 114.76 653.597 111.864 657.129 111.864H664.322V101.741H657.129Z" fill="white"/>
-<path d="M627.078 109.722V119.845H634.27C637.803 119.845 640.677 122.741 640.677 126.3V131.659H650.724V126.3C650.724 117.159 643.343 109.722 634.27 109.722L627.078 109.722Z" fill="white"/>
-<rect x="413" y="142" width="127.4" height="127.4" rx="63.7" fill="url(#paint7_radial_105_3404)" style="mix-blend-mode:screen"/>
-<path d="M474.372 205.716C474.372 215.983 479.546 223.174 482.084 226.069C482.931 227.035 482.713 227.493 481.429 227.384C469.882 226.407 460.826 217.079 460.826 205.716C460.826 194.134 470.236 184.665 482.103 184.001C482.562 183.975 482.807 184.557 482.491 184.89C480.169 187.338 474.372 194.563 474.372 205.716Z" fill="white"/>
-<path d="M492.574 205.7C492.574 213.349 490.099 219.549 487.604 219.549C485.108 219.549 482.634 213.349 482.634 205.7C482.634 198.052 485.108 191.852 487.604 191.852C490.099 191.852 492.574 198.052 492.574 205.7Z" fill="white"/>
-<defs>
-<radialGradient id="paint0_radial_105_3404" cx="0" cy="0" r="1" gradientUnits="userSpaceOnUse" gradientTransform="translate(477.5 424.02) scale(473.592 126.487)">
-<stop offset="0.21561" stop-opacity="0"/>
-<stop offset="0.35857" stop-color="#000001" stop-opacity="0.01719"/>
-<stop offset="0.41007" stop-color="#000008" stop-opacity="0.07948"/>
-<stop offset="0.44677" stop-color="#000014" stop-opacity="0.18793"/>
-<stop offset="0.47644" stop-color="#000025" stop-opacity="0.34281"/>
-<stop offset="0.50185" stop-color="#00003B" stop-opacity="0.54446"/>
-<stop offset="0.52396" stop-color="#000055" stop-opacity="0.78851"/>
-<stop offset="0.53903" stop-color="#00006D"/>
-<stop offset="0.61684" stop-color="#00004F" stop-opacity="0.73138"/>
-<stop offset="0.72594" stop-color="#00002D" stop-opacity="0.41483"/>
-<stop offset="0.82925" stop-color="#000014" stop-opacity="0.18628"/>
-<stop offset="0.92338" stop-color="#000005" stop-opacity="0.048"/>
-<stop offset="1" stop-opacity="0"/>
-</radialGradient>
-<radialGradient id="paint1_radial_105_3404" cx="0" cy="0" r="1" gradientUnits="userSpaceOnUse" gradientTransform="translate(476.404 415.324) scale(334.454 101.214)">
-<stop offset="0.37547" stop-opacity="0"/>
-<stop offset="0.52923" stop-color="#000001" stop-opacity="0.01"/>
-<stop offset="0.58463" stop-color="#000308" stop-opacity="0.03399"/>
-<stop offset="0.62411" stop-color="#000914" stop-opacity="0.08036"/>
-<stop offset="0.65606" stop-color="#001025" stop-opacity="0.14667"/>
-<stop offset="0.6834" stop-color="#001A3B" stop-opacity="0.23299"/>
-<stop offset="0.70763" stop-color="#002656" stop-opacity="0.33967"/>
-<stop offset="0.72955" stop-color="#003577" stop-opacity="0.46688"/>
-<stop offset="0.74969" stop-color="#00469C" stop-opacity="0.61488"/>
-<stop offset="0.76843" stop-color="#0059C7" stop-opacity="0.78417"/>
-<stop offset="0.78506" stop-color="#006DF5" stop-opacity="0.96381"/>
-<stop offset="0.7881" stop-color="#0072FF"/>
-<stop offset="0.79431" stop-color="#0067E7" stop-opacity="0.90832"/>
-<stop offset="0.80858" stop-color="#0052B7" stop-opacity="0.71982"/>
-<stop offset="0.82404" stop-color="#003E8B" stop-opacity="0.54822"/>
-<stop offset="0.84034" stop-color="#002D66" stop-opacity="0.40029"/>
-<stop offset="0.8577" stop-color="#001F46" stop-opacity="0.27587"/>
-<stop offset="0.87644" stop-color="#00132C" stop-opacity="0.17473"/>
-<stop offset="0.89707" stop-color="#000B18" stop-opacity="0.09676"/>
-<stop offset="0.92064" stop-color="#00040A" stop-opacity="0.04174"/>
-<stop offset="0.94961" stop-color="#000102" stop-opacity="0.01"/>
-<stop offset="1" stop-opacity="0"/>
-</radialGradient>
-<linearGradient id="paint2_linear_105_3404" x1="215.656" y1="406.574" x2="739.343" y2="406.574" gradientUnits="userSpaceOnUse">
-<stop stop-color="#0F0F4D" stop-opacity="0"/>
-<stop offset="0.06993" stop-color="#09092F" stop-opacity="0.38183"/>
-<stop offset="0.5"/>
-<stop offset="0.93423" stop-color="#141437" stop-opacity="0.3394"/>
-<stop offset="1" stop-color="#1F1F54" stop-opacity="0"/>
-</linearGradient>
-<radialGradient id="paint3_radial_105_3404" cx="0" cy="0" r="1" gradientUnits="userSpaceOnUse" gradientTransform="translate(479.469 413.466) scale(288.083 84.978)">
-<stop offset="0.34944" stop-color="#0000FF"/>
-<stop offset="0.38473" stop-color="#0000DF" stop-opacity="0.87819"/>
-<stop offset="0.45062" stop-color="#0000AC" stop-opacity="0.67456"/>
-<stop offset="0.51936" stop-color="#00007D" stop-opacity="0.49409"/>
-<stop offset="0.58969" stop-color="#000057" stop-opacity="0.3418"/>
-<stop offset="0.66193" stop-color="#000037" stop-opacity="0.21771"/>
-<stop offset="0.73665" stop-color="#00001F" stop-opacity="0.12169"/>
-<stop offset="0.81499" stop-color="#00000D" stop-opacity="0.05347"/>
-<stop offset="0.89922" stop-color="#000003" stop-opacity="0.01299"/>
-<stop offset="1" stop-opacity="0"/>
-</radialGradient>
-<radialGradient id="paint4_radial_105_3404" cx="0" cy="0" r="1" gradientUnits="userSpaceOnUse" gradientTransform="translate(476.238 239.456) scale(407.82 212.251)">
-<stop offset="0.52932" stop-opacity="0"/>
-<stop offset="0.55556" stop-color="#000005" stop-opacity="0.02053"/>
-<stop offset="0.58783" stop-color="#020214" stop-opacity="0.07976"/>
-<stop offset="0.62327" stop-color="#04042D" stop-opacity="0.17775"/>
-<stop offset="0.66098" stop-color="#080850" stop-opacity="0.31462"/>
-<stop offset="0.70049" stop-color="#0D0D7D" stop-opacity="0.49051"/>
-<stop offset="0.74152" stop-color="#1313B3" stop-opacity="0.70559"/>
-<stop offset="0.78306" stop-color="#1A1AF3" stop-opacity="0.95483"/>
-<stop offset="0.79009" stop-color="#1C1CFF"/>
-<stop offset="0.88294" stop-color="#0E88FF"/>
-<stop offset="0.96101" stop-color="#04DDFF"/>
-<stop offset="0.99628" stop-color="#00FFFF"/>
-</radialGradient>
-<radialGradient id="paint5_radial_105_3404" cx="0" cy="0" r="1" gradientUnits="userSpaceOnUse" gradientTransform="translate(333.378 21.9285) scale(119.484 106.189)">
-<stop offset="0.52932" stop-opacity="0"/>
-<stop offset="0.55556" stop-color="#000005" stop-opacity="0.02053"/>
-<stop offset="0.58783" stop-color="#020214" stop-opacity="0.07976"/>
-<stop offset="0.62327" stop-color="#04042D" stop-opacity="0.17775"/>
-<stop offset="0.66098" stop-color="#080850" stop-opacity="0.31462"/>
-<stop offset="0.70049" stop-color="#0D0D7D" stop-opacity="0.49051"/>
-<stop offset="0.74152" stop-color="#1313B3" stop-opacity="0.70559"/>
-<stop offset="0.78306" stop-color="#1A1AF3" stop-opacity="0.95483"/>
-<stop offset="0.79009" stop-color="#1C1CFF"/>
-<stop offset="0.88294" stop-color="#0E88FF"/>
-<stop offset="0.96101" stop-color="#04DDFF"/>
-<stop offset="0.99628" stop-color="#00FFFF"/>
-</radialGradient>
-<radialGradient id="paint6_radial_105_3404" cx="0" cy="0" r="1" gradientUnits="userSpaceOnUse" gradientTransform="translate(645.378 74.9285) scale(119.484 106.189)">
-<stop offset="0.52932" stop-opacity="0"/>
-<stop offset="0.55556" stop-color="#000005" stop-opacity="0.02053"/>
-<stop offset="0.58783" stop-color="#020214" stop-opacity="0.07976"/>
-<stop offset="0.62327" stop-color="#04042D" stop-opacity="0.17775"/>
-<stop offset="0.66098" stop-color="#080850" stop-opacity="0.31462"/>
-<stop offset="0.70049" stop-color="#0D0D7D" stop-opacity="0.49051"/>
-<stop offset="0.74152" stop-color="#1313B3" stop-opacity="0.70559"/>
-<stop offset="0.78306" stop-color="#1A1AF3" stop-opacity="0.95483"/>
-<stop offset="0.79009" stop-color="#1C1CFF"/>
-<stop offset="0.88294" stop-color="#0E88FF"/>
-<stop offset="0.96101" stop-color="#04DDFF"/>
-<stop offset="0.99628" stop-color="#00FFFF"/>
-</radialGradient>
-<radialGradient id="paint7_radial_105_3404" cx="0" cy="0" r="1" gradientUnits="userSpaceOnUse" gradientTransform="translate(476.378 163.928) scale(119.484 106.189)">
-<stop offset="0.52932" stop-opacity="0"/>
-<stop offset="0.55556" stop-color="#000005" stop-opacity="0.02053"/>
-<stop offset="0.58783" stop-color="#020214" stop-opacity="0.07976"/>
-<stop offset="0.62327" stop-color="#04042D" stop-opacity="0.17775"/>
-<stop offset="0.66098" stop-color="#080850" stop-opacity="0.31462"/>
-<stop offset="0.70049" stop-color="#0D0D7D" stop-opacity="0.49051"/>
-<stop offset="0.74152" stop-color="#1313B3" stop-opacity="0.70559"/>
-<stop offset="0.78306" stop-color="#1A1AF3" stop-opacity="0.95483"/>
-<stop offset="0.79009" stop-color="#1C1CFF"/>
-<stop offset="0.88294" stop-color="#0E88FF"/>
-<stop offset="0.96101" stop-color="#04DDFF"/>
-<stop offset="0.99628" stop-color="#00FFFF"/>
-</radialGradient>
-<clipPath id="clip0_105_3404">
-<rect width="955" height="356.375" fill="white" transform="translate(0 195.625)"/>
-</clipPath>
-</defs>
-</svg>

docs/assets/images/trivy_logo_horizontal_white.svg

@@ -1 +0,0 @@
-<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" x="0" y="0" viewBox="0 0 1920 891" style="enable-background:new 0 0 1920 891" xml:space="preserve"><style>.st0{fill:#fff}.st1{fill:#50f0ff}</style><path class="st0" d="M1421.86 281.92h-46.97c-25.9 0-46.97-21.07-46.97-46.97s21.07-46.97 46.97-46.97 46.97 21.07 46.97 46.97v46.97zm-46.97-74.87c-15.38 0-27.9 12.52-27.9 27.9 0 15.38 12.52 27.9 27.9 27.9h27.9v-27.9c0-15.38-12.51-27.9-27.9-27.9zM1737.06 281.92h-46.97c-25.9 0-46.97-21.07-46.97-46.97s21.07-46.97 46.97-46.97 46.97 21.07 46.97 46.97v46.97zm-46.97-74.87c-15.38 0-27.9 12.52-27.9 27.9 0 15.38 12.52 27.9 27.9 27.9h27.9v-27.9c-.01-15.38-12.52-27.9-27.9-27.9zM1585.02 281.94c-25.91 0-46.99-21.08-46.99-46.99v-44.08h19.08v44.08c0 15.39 12.52 27.91 27.91 27.91s27.91-12.52 27.91-27.91v-44.08h19.09v44.08c-.01 25.91-21.1 46.99-47 46.99zM1479.94 187.98c-25.9 0-46.97 21.07-46.97 46.97s21.07 46.97 46.97 46.97l19.07-19.07h-19.07c-15.38 0-27.9-12.52-27.9-27.9 0-15.38 12.52-27.9 27.9-27.9 15.38 0 27.9 12.52 27.9 27.9v91.8h19.07v-91.8c0-25.9-21.07-46.97-46.97-46.97zM942.76 588.45v46.29c-31.53 0-59.94-11.34-82.34-30.14-28.15-23.63-46.04-59.08-46.04-98.71V274.06h46.04v105.2h82.34v46.59h-82.34v81.19c.63 45.06 37.13 81.41 82.34 81.41zM1106.82 379.26v45.98c-43.65.1-79.18 34.71-80.78 77.98v131.52h-46.12V379.26h46.12v29.16c21.93-18.18 50.08-29.12 80.78-29.16zM1136.4 353.72v-40.29h46.05v40.29h-46.05zm0 281.02V379.26h46.05v255.48h-46.05zM1464.76 379.26l-127.64 255.48-127.8-255.48h52.33l75.47 150.88 75.31-150.88h52.33zM1740.81 379.26v297.8c0 71.31-58.52 128.26-127.83 128.2-32.47.03-62.55-12.29-85.37-32.76l33.1-33.09c14.13 11.97 32.36 19.22 52.28 19.2 44.86 0 81.17-36.69 81.17-81.55v-71.39c-22.26 18.42-50.67 29.09-81.17 29.06-69.46.06-127.95-56-127.95-127.85V379.24h46.64l.02 127.64c0 44.67 36.39 81.6 81.28 81.55 44.86 0 81.17-36.69 81.17-81.55V379.26h46.66z"/><path class="st1" d="M428.54 364.9h.12c6.56.01 11.98-5.03 11.98-11.58V135.99l-12.23-6.83-12.18 6.8v217.36c0 6.56 5.43 11.61 11.98 11.58h.33z"/><path d="M355.18 463.55 153.55 598.87v15.41l11.49 6.29 203.73-136.73c5.23-3.51 6.53-10.52 3.15-15.84-.14-.23-.29-.45-.43-.68-3.5-5.62-10.81-7.46-16.31-3.77z" style="fill:#0744dd"/><path d="m488.27 483.95 203.55 136.61 11.45-6.28v-15.44L501.86 463.66c-5.51-3.7-12.82-1.87-16.32 3.76-.13.21-.27.43-.4.64-3.41 5.34-2.12 12.37 3.13 15.89z" style="fill:#ffc900"/><path class="st0" d="M727.69 282.29v-13.96l-12.5-6.98-.93-.49-273.93-152.99-11.92-6.64-11.87 6.64-273.98 152.99-.93.49-12.5 6.98v13.96l-.93.54.93.49v345.42l12.69 6.94 266.85 146.2 3.37 1.85 16.41 8.98 16.36-8.98 3.37-1.85 266.85-146.2 12.65-6.94V283.37l.98-.54-.97-.54zM440.95 758.05V511.4c0-6.72-5.5-12.22-12.22-12.21h-.32c-6.72-.01-12.22 5.49-12.22 12.21v246.64L165.04 620.57l-11.49-6.29V294.7l199.98 109.56c5.77 3.16 13.1 1.04 16.28-4.72l.14-.26c3.22-5.83 1.08-13.22-4.76-16.42L167.81 274.72l248.42-138.75 12.18-6.8 12.23 6.83 248.37 138.73-197.54 108.22c-5.81 3.18-7.63 10.45-4.41 16.24.05.1.11.2.16.29 3.16 5.73 10.22 8.01 15.96 4.86L703.27 294.7v319.59l-11.45 6.28-250.87 137.48z"/><circle cx="428.54" cy="432.05" r="35.42" style="fill:#ff0036"/><path class="st1" d="M617.65 262.99 426.32 155.74c-5.88-3.3-7.98-10.74-4.68-16.62 3.3-5.88 10.74-7.98 16.62-4.68l191.33 107.25c5.88 3.3 7.98 10.74 4.68 16.62-3.3 5.88-10.74 7.98-16.62 4.68zM533.81 271.27l-107.48-60.25c-5.88-3.3-7.98-10.74-4.68-16.62 3.3-5.88 10.74-7.98 16.62-4.68l107.48 60.25c5.88 3.3 7.98 10.74 4.68 16.62-3.3 5.88-10.74 7.97-16.62 4.68zM569.02 291c-5.88-3.3-7.98-10.74-4.68-16.62 3.3-5.88 10.74-7.98 16.62-4.68 5.88 3.3 7.98 10.74 4.68 16.62-3.3 5.88-10.74 7.98-16.62 4.68zM462.29 288.33l-35.7-20.01c-5.88-3.3-7.98-10.74-4.68-16.62 3.3-5.88 10.74-7.98 16.62-4.68l35.7 20.01c5.88 3.3 7.98 10.74 4.68 16.62-3.3 5.88-10.74 7.98-16.62 4.68zM516.16 321.21l-20.67-11.58c-5.88-3.3-7.98-10.74-4.68-16.62 3.3-5.88 10.74-7.98 16.62-4.68l20.67 11.58c5.88 3.3 7.98 10.74 4.68 16.62-3.3 5.88-10.74 7.98-16.62 4.68z"/></svg>

docs/build/requirements.txt

@@ -72,7 +72,7 @@ pathspec==0.12.1
     #   mkdocs-macros-plugin
 platformdirs==4.3.6
     # via mkdocs-get-deps
-pygments==2.18.0
+pygments==2.19.2
     # via mkdocs-material
 pymdown-extensions==10.12
     # via mkdocs-material

docs/commercial/compare.md

@@ -1,7 +1,7 @@
 # Aqua Security is the home of Trivy
 
 Trivy is proudly maintained by [Aqua Security](https://aquasec.com).
-If you liked Trivy, you will love Aqua which builds on top of Trivy to provide even more enhanced capabilities for a complete security management offering.  
+If you liked Trivy, you will love Aqua which builds on top of Trivy to provide even more enhanced capabilities for a complete security management offering.
 In this page you can find a high level comparison between Trivy Open Source and Aqua's commercial product.
 If you'd like to learn more or request a demo, [click here to contact us](./contact.md).
 
@@ -66,7 +66,7 @@ If you'd like to learn more or request a demo, [click here to contact us](./cont
 
 | Feature | Trivy OSS | Aqua |
 | --- | --- | --- |
-| Infrastructure as Code (IaC) | Many popular languages as detailed [here](https://trivy.dev/latest/docs/scanner/misconfiguration/policy/builtin/) | In addition, Build Pipeline configuration scanning |
+| Infrastructure as Code (IaC) | Many popular languages as detailed [here](https://trivy.dev/docs/latest/scanner/misconfiguration/check/builtin/) | In addition, Build Pipeline configuration scanning |
 | Checks customization | Create custom checks with Rego | Create custom checks in no-code interface <br> Customize existing checks with organizational preferences |
 | Cloud scanning | AWS (subset of services) | AWS, Azure, GCP, Alibaba Cloud, Oracle Cloud |
 | Compliance frameworks | CIS, NSA, vendor guides | More than 25 compliance programs |

docs/community/contribute/checks/overview.md

@@ -88,13 +88,13 @@ Running `make id` in the root of the trivy-checks repository will provide you wi
 
 Rego Checks for Trivy can utilise Schemas to map the input to specific objects. The schemas available are listed [here.](https://github.com/aquasecurity/trivy/tree/main/pkg/iac/rego/schemas). 
 
-More information on using the builtin schemas is provided in the [main documentation.](../../../docs/scanner/misconfiguration/custom/schema.md)
+More information on using the builtin schemas is provided in the [main documentation.](../../../guide/scanner/misconfiguration/custom/schema.md)
 
 ## Check Metadata
 
 The metadata is the top section that starts with `# METADATA`, and has to be placed on top of the check. You can copy and paste from another check as a starting point. This format is effectively _yaml_ within a Rego comment, and is [defined as part of Rego itself](https://www.openpolicyagent.org/docs/latest/policy-language/#metadata).
 
-For detailed information on each component of the Check Metadata, please refer to the [main documentation.](../../../docs/scanner/misconfiguration/custom/index.md)
+For detailed information on each component of the Check Metadata, please refer to the [main documentation.](../../../guide/scanner/misconfiguration/custom/index.md)
 
 Note that while the Metadata is optional in your own custom checks for Trivy, if you are contributing your check to the Trivy builtin checks, the Metadata section will be required.
 
@@ -123,7 +123,7 @@ Finally, you'll want to generate documentation for your newly added rule. Please
 
 ## Adding Tests
 
-All Rego checks need to have tests. There are many examples of these in the `checks` directory for each check ([Link](https://github.com/aquasecurity/trivy-checks/tree/main/checks)). More information on how to write tests for Rego checks is provided in the [custom misconfiguration](../../../docs/scanner/misconfiguration/custom/testing.md) section of the docs.
+All Rego checks need to have tests. There are many examples of these in the `checks` directory for each check ([Link](https://github.com/aquasecurity/trivy-checks/tree/main/checks)). More information on how to write tests for Rego checks is provided in the [custom misconfiguration](../../../guide/scanner/misconfiguration/custom/testing.md) section of the docs.
 
 ## Example PR
 

docs/community/contribute/discussion.md

@@ -24,7 +24,7 @@ There are 4 categories:
     If you find any false positives or false negatives, please make sure to report them under the "False Detection" category, not "Bugs".
 
 ## False detection
-Trivy depends on [multiple data sources](https://trivy.dev/latest/docs/scanner/vulnerability/#data-sources).
+Trivy depends on [multiple data sources](https://trivy.dev/docs/latest/scanner/vulnerability/#data-sources).
 Sometime these databases contain mistakes.
 
 If Trivy can't detect any CVE-IDs or shows false positive result, at first please follow the next steps:

docs/community/contribute/pr.md

@@ -3,7 +3,7 @@ Thank you for taking interest in contributing to Trivy!
 1. Every Pull Request should have an associated GitHub issue link in the PR description. Note that issues are created by Trivy maintainers based on feedback provided in a GitHub discussion. Please refer to the [issue](./issue.md) and [discussion](./discussion.md) pages for explanation about this process. If you think your change is trivial enough, you can skip the issue and instead add justification and explanation in the PR description.
 1. Your PR is more likely to be accepted if it focuses on just one change.
 1. There's no need to add or tag reviewers.
-1. If a reviewer commented on your code or asked for changes, please remember to respond with comment. Do not mark discussion as resolved. It's up to reviewer to mark it resolved (in case if suggested fix addresses problem properly). PRs with unresolved issues should not be merged (even if the comment is unclear or requires no action from your side).
+1. If a reviewer commented on your code or asked for changes, please remember to respond with a comment. Do not mark the discussion as resolved. It's up to the reviewer to mark it resolved (in case the suggested fix addresses the problem properly). PRs with unresolved issues should not be merged (even if the comment is unclear or requires no action from your side).
 1. Please include a comment with the results before and after your change.
 1. Your PR is more likely to be accepted if it includes tests (We have not historically been very strict about tests, but we would like to improve this!).
 1. If your PR affects the user experience in some way, please update the README.md and the CLI help accordingly.
@@ -54,6 +54,21 @@ Your PR must pass all the integration tests. You can test it as below.
 $ mage test:integration
 ```
 
+### Protocol Buffers
+If you update protobuf files (`.proto`), you need to regenerate the Go code:
+
+```shell
+$ mage protoc:generate
+```
+
+You can also format and lint protobuf files:
+
+```shell
+$ mage protoc:fmt     # Format protobuf files
+$ mage protoc:lint    # Lint protobuf files
+$ mage protoc:breaking # Check for breaking changes against main branch
+```
+
 ### Documentation
 If you update CLI flags, you need to generate the CLI references.
 The test will fail if they are not up-to-date.

docs/community/contribute/vulnerability-database/add-vulnerability-source.md

@@ -0,0 +1,144 @@
+# Add Vulnerability Advisory Source
+
+This guide walks through the process of adding a new vulnerability advisory source to Trivy.
+
+!!! info
+    For an overview of how Trivy's vulnerability database works, see the [Overview](overview.md) page.
+
+## Prerequisites
+
+Before starting, ensure you have:
+
+1. Identified the upstream advisory source and its API/format
+2. Checked that the data source doesn't already exist in Trivy
+3. Created a GitHub discussion or issue to discuss the addition
+
+## Required Changes
+
+To add a new vulnerability advisory source, you'll need to make changes across three repositories. Below we'll use the Echo OS support as an example.
+
+### Step 1: Add Fetcher Script (vuln-list-update)
+
+!!! note
+    Skip this step if your advisory source is already managed in a Git repository (e.g., GitHub, GitLab).
+
+Create a fetcher script in [vuln-list-update] to collect advisories from the upstream source.
+
+**Key tasks:**
+
+- Fetch advisories from the upstream API or source
+- Validate the advisory format and data
+- Save advisories as JSON files in the [vuln-list] directory structure
+- **Store original data as-is where possible**: Avoid preprocessing or modifying advisory fields. Save the raw data exactly as provided by the upstream source (format conversion like YAML to JSON is acceptable for consistency)
+- Include all necessary metadata (CVE ID, affected versions, severity, etc.)
+
+**Example PR:**
+
+- [feat(echo): Add Echo Support (vuln-list-update#350)](https://github.com/aquasecurity/vuln-list-update/pull/350)
+
+### Step 2: Add Parser (trivy-db)
+
+Create a parser in [trivy-db] to transform raw advisories into Trivy's database format.
+
+**Key tasks:**
+
+- Create a new vulnerability source in `pkg/vulnsrc/`
+- Implement the advisory parsing logic
+- Map advisory fields to Trivy's vulnerability schema
+- Handle version ranges and affected packages correctly
+- Store CVE mappings if available
+- Add unit tests for the parser
+
+**Example PR:**
+
+- [feat(echo): Add Echo Support (trivy-db#528)](https://github.com/aquasecurity/trivy-db/pull/528)
+
+### Step 3: Add OS/Ecosystem Support (Trivy)
+
+Update [trivy] to support the new operating system or package ecosystem.
+
+**Key tasks:**
+
+- Add OS analyzer in `pkg/fanal/analyzer/os/` to detect the OS
+- Implement vulnerability detection logic if special handling is needed
+- Add integration tests with test data
+- Update documentation to include the new data source
+
+**Example PR:**
+
+- [feat(echo): Add Echo Support (trivy#8833)](https://github.com/aquasecurity/trivy/pull/8833)
+
+## Complete Example: Echo OS Support
+
+The Echo OS support was added through three coordinated PRs:
+
+1. **vuln-list-update**: Fetches Echo advisories from `https://advisory.echohq.com/data.json`
+    - PR: https://github.com/aquasecurity/vuln-list-update/pull/350
+2. **trivy-db**: Parses Echo advisories and stores them in the database
+    - PR: https://github.com/aquasecurity/trivy-db/pull/528
+3. **Trivy**: Detects Echo OS and scans for vulnerabilities
+    - PR: https://github.com/aquasecurity/trivy/pull/8833
+
+## Testing Your Changes
+
+### Test vuln-list-update
+
+First, fetch all existing advisories (required for building the database):
+
+```bash
+cd vuln-list-update
+go run main.go -vuln-list-dir /path/to/vuln-list
+```
+
+Then, test your new data source by fetching only your target:
+
+```bash
+go run main.go -target your-source -vuln-list-dir /path/to/vuln-list
+```
+
+Verify that advisories are correctly saved in the vuln-list directory.
+
+### Test trivy-db
+
+```bash
+cd trivy-db
+make db-build CACHE_DIR=/path/to/cache
+```
+
+Check that the database is built without errors and contains your advisories.
+
+!!! note
+    The `CACHE_DIR` should point to the parent directory of your vuln-list directory. For example, if your vuln-list is at `/tmp/test/vuln-list`, set `CACHE_DIR=/tmp/test`.
+
+You can inspect the built database using BoltDB viewer tools like [boltwiz](https://github.com/Moniseeta/boltwiz):
+
+```bash
+# Open the database
+boltwiz out/trivy.db
+```
+
+This allows you to verify that your vulnerabilities are correctly stored in the database.
+
+### Test Trivy
+
+```bash
+# Build Trivy with your changes
+mage build
+
+# Use your local database
+./trivy image --skip-db-update --cache-dir /path/to/cache your-test-image
+```
+
+Verify that vulnerabilities from your new data source are detected correctly.
+
+## Getting Help
+
+If you have questions or need help:
+
+1. Check existing data sources for reference implementations
+2. [Start a discussion](https://github.com/aquasecurity/trivy/discussions/new) in the Trivy repository
+
+[vuln-list]: https://github.com/aquasecurity/vuln-list
+[vuln-list-update]: https://github.com/aquasecurity/vuln-list-update
+[trivy-db]: https://github.com/aquasecurity/trivy-db
+[trivy]: https://github.com/aquasecurity/trivy

docs/community/contribute/vulnerability-database/overview.md

@@ -0,0 +1,86 @@
+# Vulnerability Data Sources
+
+This section explains how Trivy's vulnerability database works and how to contribute new advisory data sources.
+
+## Overview
+
+Trivy's vulnerability database is built through a multi-repository workflow involving three main repositories:
+
+```mermaid
+graph LR
+    A[Advisory Sources] -->|vuln-list-update| B[vuln-list]
+    B --> C["trivy-db<br/>(Trivy DB)"]
+    C --> D["trivy<br/>(Trivy CLI)"]
+    E[GitHub-managed<br/>Advisories] --> C
+```
+
+### Workflow Steps
+
+1. **Advisory Collection** ([vuln-list-update])
+    - Fetch raw advisories from upstream sources
+    - Store them in [vuln-list] repository
+    - Run periodically via cron to keep advisories up-to-date
+    - This step can be skipped if advisories are already managed in a Git repository (e.g., GitHub Security Advisories)
+
+2. **Database Build** ([trivy-db])
+    - Parse advisories from [vuln-list] or directly from Git-managed sources
+    - Transform them into Trivy's database format
+    - Publish the built database periodically via cron
+
+3. **Database Consumption** ([trivy])
+    - Download the latest vulnerability database at scan time
+    - Use it to detect vulnerabilities in scan targets
+
+## Why Store Advisories in vuln-list?
+
+For data sources that are not already Git-managed, storing advisories in the [vuln-list] repository provides several benefits:
+
+- **Transparency**: Easy to track changes and differences between advisory versions
+- **Web UI**: Browse advisories directly on GitHub with a user-friendly interface
+- **Stability**: Mitigate issues when upstream advisory servers are unstable or unavailable
+- **Shareability**: Provide stable URLs to reference specific advisories
+- **Data Quality**: Validate advisory data before committing to vuln-list, preventing malformed data or unexpected format changes from breaking Trivy DB
+- **Historical Data**: Preserve past advisories when upstream formats change
+
+## Repository Overview
+
+### [vuln-list-update]
+
+This repository contains scripts that fetch advisories from various upstream sources. Each data source has its own package that handles:
+
+- Fetching advisories from APIs or web sources
+- Validating the advisory format and data
+- Saving them to the [vuln-list] repository
+
+### [vuln-list]
+
+This repository serves as a data storage for raw advisories fetched by [vuln-list-update]. Key characteristics:
+
+- Contains raw advisory data in JSON format
+- Updated automatically by [vuln-list-update] scripts via cron
+- **Not for manual contributions**: Direct pull requests to this repository are not accepted
+- Used as the source for [trivy-db] to build the vulnerability database
+
+### [trivy-db]
+
+This repository contains parsers that transform raw advisories into Trivy's database format. Each data source has its own vulnerability source handler that:
+
+- Reads advisory files from [vuln-list] or directly from Git-managed sources (e.g., GitHub Security Advisories)
+- Maps advisory fields to Trivy's schema
+- Stores vulnerability information in the database
+
+### [trivy]
+
+The main Trivy repository contains:
+
+- OS and package analyzers to detect what's installed
+- Vulnerability detection logic
+
+## Next Steps
+
+Ready to add a new vulnerability advisory source? See the [Add Vulnerability Advisory Source](add-vulnerability-source.md) guide for detailed steps.
+
+[vuln-list]: https://github.com/aquasecurity/vuln-list
+[vuln-list-update]: https://github.com/aquasecurity/vuln-list-update
+[trivy-db]: https://github.com/aquasecurity/trivy-db
+[trivy]: https://github.com/aquasecurity/trivy

docs/docs/coverage/os/index.md

@@ -1,52 +0,0 @@
-# OS
-
-## Scanner
-Trivy supports operating systems for 
-
-- [SBOM][sbom]
-- [Vulnerabilities][vuln]
-- [Licenses][license]
-
-## Supported OS
-
-| OS                                    | Supported Versions                  | Package Managers |
-|---------------------------------------|-------------------------------------|------------------|
-| [Alpine Linux](alpine.md)             | 2.2 - 2.7, 3.0 - 3.22, edge         | apk              |
-| [Wolfi Linux](wolfi.md)               | (n/a)                               | apk              |
-| [Chainguard](chainguard.md)           | (n/a)                               | apk              |
-| [MinimOS](minimos.md)                 | (n/a)                               | apk              |
-| [Red Hat Enterprise Linux](rhel.md)   | 6, 7, 8, 9                          | dnf/yum/rpm      |
-| [Red Hat Enterprise Linux](rhel.md)   | 10 (SBOM only)                      | dnf/yum/rpm      |
-| [CentOS](centos.md)[^1]               | 6, 7, 8                             | dnf/yum/rpm      |
-| [AlmaLinux](alma.md)                  | 8, 9                                | dnf/yum/rpm      |
-| [Rocky Linux](rocky.md)               | 8, 9                                | dnf/yum/rpm      |
-| [Oracle Linux](oracle.md)             | 5, 6, 7, 8                          | dnf/yum/rpm      |
-| [Azure Linux (CBL-Mariner)](azure.md) | 1.0, 2.0, 3.0                       | tdnf/dnf/yum/rpm |
-| [Amazon Linux](amazon.md)             | 1, 2, 2023                          | dnf/yum/rpm      |
-| [openSUSE Leap](suse.md)              | 42, 15                              | zypper/rpm       |
-| [openSUSE Tumbleweed](suse.md)        | (n/a)                               | zypper/rpm       |
-| [SUSE Linux Enterprise](suse.md)      | 11, 12, 15                          | zypper/rpm       |
-| [SUSE Linux Enterprise Micro](suse.md)| 5, 6                                | zypper/rpm       |
-| [Photon OS](photon.md)                | 1.0, 2.0, 3.0, 4.0                  | tndf/yum/rpm     |
-| [Echo](echo.md)                       | (n/a)                               | apt/dpkg         |
-| [Debian GNU/Linux](debian.md)         | 7, 8, 9, 10, 11, 12                 | apt/dpkg         |
-| [Ubuntu](ubuntu.md)                   | All versions supported by Canonical | apt/dpkg         |
-| [Bottlerocket](bottlerocket.md)       | 1.7.0 and upper                     | bottlerocket     |
-| [OSs with installed Conda](../others/conda.md)  | -                                   | conda            |
-
-## Supported container images
-
-| Container image                               | Supported Versions                  | Package Managers |
-|-----------------------------------------------|-------------------------------------|------------------|
-| [Google Distroless](google-distroless.md)[^2] | Any                                 | apt/dpkg         |
-| [Bitnami](../others/bitnami.md)                         | Any                                 | -                |
-
-Each page gives more details.
-
-[^1]: CentOS Stream is not supported 
-[^2]: https://github.com/GoogleContainerTools/distroless
-
-
-[sbom]: ../../supply-chain/sbom.md
-[vuln]: ../../scanner/vulnerability.md
-[license]: ../../scanner/license.md

docs/docs/scanner/misconfiguration/custom/data.md

@@ -1,33 +0,0 @@
-# Custom Data
-
-Custom checks may require additional data in order to make a resolution. You can pass arbitrary data files to Trivy to be used when evaluating rego checks using the `--data` flag. 
-Trivy recursively searches the specified data paths for JSON (`*.json`) and YAML (`*.yaml`) files.
-
-For example, consider an allowed list of resources that can be created. 
-Instead of hardcoding this information inside your policy, you can maintain the list in a separate file.
-
-Example data file:
-
-```yaml
-services:
-  ports:
-    - "20"
-    - "20/tcp"
-    - "20/udp"
-    - "23"
-    - "23/tcp"
-```
-
-Example usage in a Rego check:
-
-```rego
-import data.services
-
-ports := services.ports
-```
-
-Example loading the data file:
-
-```bash
-trivy config --config-check ./checks --data ./data --namespaces user ./configs
-```

docs/ecosystem/cicd.md

@@ -43,11 +43,11 @@ The Dagger module for Trivy provides functions for scanning container images fro
 
 
 ## Semaphore (Community)
-[Semaphore](https://semaphoreci.com/) is a CI/CD service.
+[Semaphore](https://semaphore.io/) is a CI/CD service.
 
 You can use Trivy in Semaphore for scanning code, containers, infrastructure, and Kubernetes in Semaphore workflow.
 
-👉 Get it at: <https://semaphoreci.com/blog/continuous-container-vulnerability-testing-with-trivy>
+👉 Get it at: <https://docs.semaphore.io/using-semaphore/recipes/trivy>
 
 ## CircleCI (Community)
 [CircleCI](https://circleci.com/) is a CI/CD service.
@@ -82,8 +82,8 @@ It has capabilities to fail the pipeline, create issues, alert communication cha
 
 
 ## SecObserve GitHub actions and GitLab templates (Community)
-[SecObserve GitHub actions and GitLab templates](https://github.com/MaibornWolff/secobserve_actions_templates) run various vulnerability scanners, providing uniform methods and parameters for launching the tools.
+[SecObserve GitHub actions and GitLab templates](https://github.com/SecObserve/secobserve_actions_templates) run various vulnerability scanners, providing uniform methods and parameters for launching the tools.
 
 The Trivy integration supports scanning Docker images and local filesystems for vulnerabilities as well as scanning IaC files for misconfigurations.
 
-👉 Get it at: <https://github.com/MaibornWolff/secobserve_actions_templates>
+👉 Get it at: <https://github.com/SecObserve/secobserve_actions_templates>

docs/ecosystem/reporting.md

@@ -8,7 +8,7 @@ DefectDojo can parse Trivy JSON reports. The parser supports deduplication and a
 ## SecObserve (Community)
 SecObserve can parse Trivy results as CycloneDX reports and provides an unified overview of vulnerabilities from different sources. Vulnerabilities can be evaluated with manual and rule based assessments.
 
-👉 Get it at: <https://github.com/MaibornWolff/SecObserve>
+👉 Get it at: <https://github.com/SecObserve/SecObserve>
 
 ## Scan2html (Community)
 A Trivy plugin that scans and outputs the results to an interactive html file.

docs/getting-started/faq.md

@@ -6,7 +6,7 @@
 
 ### Does Trivy support X?
 
-Check out the [Scanning coverage page](../docs/coverage/index.md).
+Check out the [Scanning coverage page](../guide/coverage/index.md).
 
 ### Is there a paid version of Trivy?
 
@@ -16,10 +16,10 @@ In addition check out the <https://aquasec.com> website for more information abo
 If you'd like to contact Aqua or request a demo, please use this form: <https://www.aquasec.com/demo>
 
 ### How to generate multiple reports?
-See [here](../docs/configuration/reporting.md#converting).
+See [here](../guide/configuration/reporting.md#converting).
 
 ### How to run Trivy under air-gapped environment?
-See [here](../docs/advanced/air-gap.md).
+See [here](../guide/advanced/air-gap.md).
 
 ### Why `trivy fs` and `trivy repo` does not scan JAR files for vulnerabilities?
-See [here](../docs/target/repository.md#rationale).
+See [here](../guide/target/repository.md#rationale).

docs/getting-started/index.md

@@ -9,7 +9,7 @@ Trivy is available in most common distribution channels. The complete list of in
 - Download binary from [GitHub Release](https://github.com/aquasecurity/trivy/releases/latest/)
 - See [Installation](./installation.md) for more
 
-Trivy is integrated with many popular platforms and applications. The complete list of integrations is available in the [Ecosystem](../ecosystem/index.md) page. Here are a few popular options examples:
+Trivy is integrated with many popular platforms and applications. The complete list of integrations is available in the [Ecosystem](../ecosystem/index.md) page. Here are a few popular examples:
 
 - [GitHub Actions](https://github.com/aquasecurity/trivy-action)
 - [Kubernetes operator](https://github.com/aquasecurity/trivy-operator)
@@ -26,7 +26,7 @@ trivy <target> [--scanners <scanner1,scanner2>] <subject>
 
 ### Examples
 
-Scan a container image from registry, with the default scanner which is Vulnerabilities scanner:
+Scan a container image from a registry with the default scanner, which is the Vulnerabilities scanner:
 
 ```bash
 trivy image python:3.4-alpine
@@ -58,10 +58,10 @@ For a more complete introduction, check out the basic Trivy Demo: <https://githu
 
 ## Learn more
 
-Now that you up and ready, here are some resources to help you deepen your knowledge:
+Now that you are up and ready, here are some resources to help you deepen your knowledge:
 
-- Learn more about Trivy's capabilities by exploring the complete [documentation](../docs/index.md).
-- Explore community questions and under [GitHub Discussions](https://github.com/aquasecurity/trivy/discussions).
+- Learn more about Trivy's capabilities by exploring the complete [documentation](../guide/index.md).
+- Explore community questions under [GitHub Discussions](https://github.com/aquasecurity/trivy/discussions).
 - Stay up to date by watching for [New Releases & Announcements](https://github.com/aquasecurity/trivy/discussions/categories/announcements).
 - Follow Trivy on Twitter/X: [@aquatrivy](https://x.com/aquatrivy)
 - Explore and subscribe to our YouTube channel [@AquaSecOSS](http://youtube.com/@aquasecoss)

docs/getting-started/installation.md

@@ -16,7 +16,7 @@ Use one of the official Trivy images:
 | AWS Elastic Container Registry (ECR) | `public.ecr.aws/aquasecurity/trivy` | https://gallery.ecr.aws/aquasecurity/trivy |
 
 !!! Tip
-    It is advisable to mount a persistent [cache dir](../docs/configuration/cache.md) on the host into the Trivy container.
+    It is advisable to mount a persistent [cache dir](../guide/configuration/cache.md) on the host into the Trivy container.
 
 !!! Tip
     For scanning container images with Trivy, mount the container engine socket from the host into the Trivy container.

docs/getting-started/signature-verification.md

@@ -31,7 +31,7 @@ Download the required tarball, associated signature and certificate files from t
 Use the following command for keyless verification:
 
 ```shell
-cosign verify-blob <path to binray> \
+cosign verify-blob <path to binary> \
 --certificate <path to cert> \
 --signature <path to sig> \
 --certificate-identity-regexp 'https://github\.com/aquasecurity/trivy/\.github/workflows/.+' \

docs/guide/advanced/air-gap.md

@@ -1,7 +1,7 @@
 # Connectivity and Network considerations
 
-Trivy requires internet connectivity in order to function normally. If your organizations blocks or restricts network traffic, that could prevent Trivy from working correctly.
-This document explains Trivy's network connectivity requirements, and how to configure Trivy to work in restricted networks environments, including completely air-gapped environments.
+Trivy requires internet connectivity in order to function normally. If your organization blocks or restricts network traffic, that could prevent Trivy from working correctly.
+This document explains Trivy's network connectivity requirements, and how to configure Trivy to work in restricted network environments, including completely air-gapped environments.
 
 The following table lists all external resources that are required by Trivy:
 
@@ -47,7 +47,7 @@ Checks Bundle is embedded in the Trivy binary (at build time), and will be used
 
 ### Connectivity Requirements
 
-VEX Hub is hosted as at <https://github.com/aquasecurity/vexhub>.
+VEX Hub is hosted at <https://github.com/aquasecurity/vexhub>.
 
 Trivy is fetching VEX Hub GitHub Repository directly using simple HTTPS requests.
 
@@ -64,7 +64,7 @@ You can host a copy of VEX Hub on your own internal server. Please refer to the
 
 ## Maven Central / Remote Repositories
 
-Trivy might call out to Maven central or other remote repositories to fetch in order to correctly identify Java packages during a vulnerability scan.
+Trivy might call out to Maven Central or other remote repositories in order to correctly identify Java packages during a vulnerability scan.
 
 ### Connectivity requirements
 

docs/guide/advanced/modules.md

@@ -47,8 +47,8 @@ Trivy adheres to the XDG specification, so the location depends on whether XDG_D
 Trivy will now search XDG_DATA_HOME for the location of the Trivy modules cache.
 The preference order is as follows:
 
-- XDG_DATA_HOME if set and .trivy/plugins exists within the XDG_DATA_HOME dir
-- $HOME/.trivy/plugins
+- XDG_DATA_HOME if set and .trivy/modules exists within the XDG_DATA_HOME dir
+- $HOME/.trivy/modules
 
 For example, to download the WebAssembly module, you can execute the following command:
 
@@ -137,6 +137,10 @@ $ go mod init github.com/aquasecurity/trivy-module-wordpress
 ```go
 package main
 
+import (
+    "github.com/aquasecurity/trivy/pkg/module/wasm"
+)
+
 const (
     version = 1
     name = "wordpress-module"
@@ -145,6 +149,10 @@ const (
 // main is required for Go to compile the Wasm module
 func main() {}  
 
+func init() {
+	wasm.RegisterModule(WordpressModule{})
+}
+
 type WordpressModule struct{
 	// Cannot define fields as modules can't keep state.
 }

docs/guide/advanced/self-hosting.md

@@ -104,7 +104,8 @@ For Java DB the process is the same, except for the following:
 
 1. Image location is `ghcr.io/aquasecurity/trivy-java-db:1`
 2. Archive file name is `javadb.tar.gz`
-3. DB file name is `trivy-java.db`
+3. Java DB files names are `trivy-java.db` and `metadata.json`
+4. The cache subdirectory is `java-db`.
 
 ## VEX Hub
 

docs/guide/advanced/telemetry-flags.md

@@ -24,6 +24,7 @@
 --pkg-types
 --quiet
 --redis-tls
+--rego-error-limit
 --removed-pkgs
 --report
 --scanners
@@ -35,6 +36,7 @@
 --slow
 --tf-exclude-downloaded-modules
 --timeout
---trace
+--trace-http
+--trace-rego
 --vuln-severity-source
 ```

docs/guide/advanced/telemetry.md

@@ -16,7 +16,7 @@ The following information could be collected:
 ### Captured scan options
 The following flags will be included with their value:
 
---8<-- "./docs/docs/advanced/telemetry-flags.md"
+--8<-- "./docs/guide/advanced/telemetry-flags.md"
 
 
 ## Privacy

docs/guide/compliance/compliance.md

@@ -12,12 +12,12 @@ Compliance report is currently supported in the following targets (trivy sub-com
 - `trivy image`
 - `trivy k8s`
 
-Add the `--compliance` flag to the command line, and set it's value to desired report.
+Add the `--compliance` flag to the command line, and set its value to the desired report.
 For example: `trivy k8s cluster --compliance k8s-nsa` (see below for built-in and custom reports)
 
 ### Options
 
-The following flags are compatible with `--compliance` flag and allows customizing it's output:
+The following flags are compatible with the `--compliance` flag and allow customizing its output:
 
 | flag               | effect                                                                               |
 |--------------------|--------------------------------------------------------------------------------------|
@@ -28,8 +28,8 @@ The following flags are compatible with `--compliance` flag and allows customizi
 
 ## Built-in compliance
 
-Trivy has a number of built-in compliance reports that you can asses right out of the box.
-to specify a built-in compliance report, select it by ID like `trivy --compliance <compliance_id>`.
+Trivy has a number of built-in compliance reports that you can assess right out of the box.
+To specify a built-in compliance report, select it by ID like `trivy --compliance <compliance_id>`.
 
 For the list of built-in compliance reports, please see the relevant section:
 
@@ -264,7 +264,7 @@ You can create your own custom compliance report. A compliance report is a simpl
 
 ```yaml
 spec:
-  id: "k8s-myreport" # report unique identifier. this should not container spaces.
+  id: "k8s-myreport" # report unique identifier. this should not contain spaces.
   title: "My custom Kubernetes report" # report title. Any one-line title.
   description: "Describe your report" # description of the report. Any text.
   relatedResources :

docs/guide/compliance/contrib-compliance.md

@@ -1,6 +1,6 @@
 # Custom Compliance Spec
 
-Trivy supports several different compliance specs. The details on compliance scanning with Trivy are provided in the [compliance documentation](../../docs/compliance/compliance.md).
+Trivy supports several different compliance specs. The details on compliance scanning with Trivy are provided in the [compliance documentation](../../guide/compliance/compliance.md).
 All of the Compliance Specs currently available in Trivy can be found in the `trivy-checks/pkg/specs/compliance/` directory ([Link](https://github.com/aquasecurity/trivy-checks/tree/main/pkg/specs/compliance)).
 
 New checks are based on the custom compliance report detailed in the [main documentation.](./compliance.md#custom-compliance)

docs/guide/configuration/cache.md

@@ -86,7 +86,7 @@ If you want to use TLS with Redis, you can enable it by specifying the `--redis-
 $ trivy server --cache-backend redis://localhost:6379 --redis-tls
 ```
 
-Trivy also supports for connecting to Redis with your certificates.
+Trivy also supports connecting to Redis with your certificates.
 You need to specify `--redis-ca` , `--redis-cert` , and `--redis-key` options.
 
 ```
@@ -100,7 +100,7 @@ $ trivy server --cache-backend redis://localhost:6379 \
 [trivy-java-db]: ./db.md
 [misconf-checks]: ../scanner/misconfiguration/check/builtin.md
 [boltdb]: https://github.com/etcd-io/bbolt
-[parallel-run]: https://trivy.dev/{{ git.tag}}/docs/references/troubleshooting/#running-in-parallel-takes-same-time-as-series-run
+[parallel-run]: https://trivy.dev/docs/{{ git.tag}}/guide/references/troubleshooting/#running-in-parallel-takes-same-time-as-series-run
 
 [^1]: Downloaded when scanning for vulnerabilities
 [^2]: Downloaded when scanning `jar/war/par/ear` files

docs/guide/configuration/db.md

@@ -62,7 +62,7 @@ For example:
 trivy image --db-repository registry.gitlab.com/gitlab-org/security-products/dependencies/trivy-db alpine
 ```
 
-The flags accepts multiple values, which can be used to specify multiple alternative repository locations. In case of a transient errors (e.g. status 429 or 5xx), Trivy will fall back to alternative registries in the order specified.
+The flag accepts multiple values, which can be used to specify multiple alternative repository locations. In case of transient errors (e.g. status 429 or 5xx), Trivy will fall back to alternative registries in the order specified.
 
 For example:
 
@@ -72,8 +72,8 @@ trivy image --db-repository my.registry.local/trivy-db --db-repository registry.
 
 The Checks Bundle registry location option does not support fallback through multiple options. This is because in case of a failure pulling the Checks Bundle, Trivy will use the embedded checks as a fallback.
 
-!!! note 
-    Setting the repository location flags override the default values which include the official db locations. In case you want to preserve the default locations, you should include them in the list the you set as repository locations.
+!!! note
+    Setting the repository location flags overrides the default values which include the official db locations. In case you want to preserve the default locations, you should include them in the list you set as repository locations.
 
 !!!note
     When pulling `trivy-db` or `trivy-java-db`, if image tag is not specified, Trivy defaults to the db schema number instead of the `latest` tag.

docs/guide/configuration/filtering.md

@@ -280,8 +280,7 @@ Trivy supports the [.trivyignore](#trivyignore) and [.trivyignore.yaml](#trivyig
 |  Vulnerability   |     ✓     |
 | Misconfiguration |     ✓     |
 |      Secret      |     ✓     |
-|     License      |           |
-
+|     License      |     ✓     |
 
 ```bash
 $ cat .trivyignore
@@ -300,6 +299,10 @@ AVD-DS-0002
 # Ignore secrets
 generic-unwanted-rule
 aws-account-id
+
+# Ignore licenses
+GPL-3.0
+Apache-2.0 WITH LLVM-exception
 ```
 
 ```bash
@@ -324,7 +327,7 @@ Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)
 #### .trivyignore.yaml
 
 |     Scanner      | Supported |
-|:----------------:|:---------:|
+| :--------------: | :-------: |
 |  Vulnerability   |     ✓     |
 | Misconfiguration |     ✓     |
 |      Secret      |     ✓     |
@@ -378,8 +381,24 @@ licenses:
   - id: GPL-3.0 # License name is used as ID
     paths:
       - "usr/share/gcc/python/libstdcxx/v6/__init__.py"
+  - id: MIT AND GPL-2.0-or-later # Compound license expressions are supported
+  - id: Apache-2.0 WITH LLVM-exception # License expressions with exceptions are supported
+  - id: LLVM-exception # Individual license components or exceptions can be ignored
 ```
 
+!!! info "Enhanced License Expression Support"
+    Trivy supports filtering complex SPDX license expressions including:
+
+    - **Compound expressions** with AND/OR operators: `MIT AND GPL-2.0-or-later`
+    - **License exceptions** with WITH operator: `Apache-2.0 WITH LLVM-exception`
+    - **Individual components**: You can ignore specific license components or exceptions from compound expressions
+
+    When filtering compound expressions:
+
+    - **AND/OR expressions**: All individual license components must be explicitly ignored for the entire expression to be ignored
+    - **WITH expressions**: License expressions with exceptions are treated as single entities and can be ignored as a whole
+    - **Component matching**: You can also ignore individual license names or exception names to filter specific parts of compound expressions
+
 Since this feature is experimental, you must explicitly specify the YAML file path using the `--ignorefile` flag.
 Once this functionality is stable, the YAML file will be loaded automatically.
 
@@ -480,6 +499,19 @@ ignore {
 trivy image --ignore-policy examples/ignore-policies/basic.rego centos:7
 ```
 
+To filter findings of a specific type based on a field that may exist in multiple structures (for example, `PkgName` in both `DetectedVulnerability` and `DetectedLicense`), you can use the `Type` field. This field is automatically added when exporting findings to Rego and indicates the kind of finding. Possible values are: `vulnerability`, `misconfiguration`, `secret`, and `license`.
+
+For example, the following policy ignores vulnerabilities with a specific package name without affecting other finding types:
+
+```rego
+package trivy
+
+ignore {
+  input.Type == "vulnerability"
+  input.PkgName == "foo"
+}
+```
+
 For more advanced use cases, there is a built-in Rego library with helper functions that you can import into your policy using: `import data.lib.trivy`.
 More info about the helper functions are in the library [here](https://github.com/aquasecurity/trivy/tree/{{ git.tag }}/pkg/result/module.go).
 

docs/guide/configuration/index.md

@@ -9,7 +9,7 @@ Trivy's settings can be configured in any of the following methods, which will a
 You can view the list of available flags by adding the `--help` flag to a Trivy command, or by exploring the [CLI reference](../references/configuration/cli/trivy.md).
 
 ## Environment Variables
-Any CLI option can be set as an environment variable. The environment variable name are similar to the CLI option name, with the following augmentations:
+Any CLI option can be set as an environment variable. The environment variable names are similar to the CLI option names, with the following augmentations:
 
 - Add `TRIVY_` prefix
 - All uppercase letters

docs/guide/configuration/reporting.md

@@ -118,6 +118,11 @@ Nuances of table contents:
     - `-` means that the scanner didn't scan this target.
     - `0` means that the scanner scanned this target, but found no security issues.
 
+!!! Note
+    For the secret/license scanner, the Trivy report contains only findings.
+    Therefore, we can’t say for sure whether Trivy scanned at least one file or simply didn’t find any findings.
+    That’s why, for these scanners, the summary table uses “-” if no findings are found.
+
 <details>
 <summary>Report Summary</summary>
 
@@ -612,19 +617,15 @@ For more details, please check [here](../plugin/user-guide.md#output-mode-suppor
 To generate multiple reports, you can generate the JSON report first and convert it to other formats with the `convert` subcommand.
 
 ```shell
-$ trivy image --format json -o result.json --list-all-pkgs debian:11
+$ trivy image --format json -o result.json debian:11
 $ trivy convert --format cyclonedx --output result.cdx result.json
 ```
 
-!!! note
-    Please note that if you want to convert to a format that requires a list of packages,
-    such as SBOM, you need to add the `--list-all-pkgs` flag when outputting in JSON.
-
 [Filtering options](./filtering.md) such as `--severity` are also available with `convert`.
 
 ```shell
 # Output all severities in JSON
-$ trivy image --format json -o result.json --list-all-pkgs debian:11
+$ trivy image --format json -o result.json debian:11
 
 # Output only critical issues in table format
 $ trivy convert --format table --severity CRITICAL result.json