release: v0.57.1 [release/v0.57] (#7943 )

Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>
feat: Update registry fallbacks [backport: release/v0.57] (#7944 )
2025-12-21 23:00:42 -08:00 · 2024-11-18 10:51:29 +00:00 · 2024-11-18 10:21:40 +00:00 · 2024-11-18 09:30:47 +00:00 · 2024-11-18 08:41:56 +00:00 · 2024-11-01 04:01:54 +00:00
237 changed files with 5822 additions and 4249 deletions
--- a/.github/workflows/bypass-test.yaml
+++ b/.github/workflows/bypass-test.yaml
@@ -9,6 +9,7 @@ on:
      - 'mkdocs.yml'
      - 'LICENSE'
      - '.release-please-manifest.json'
+      - 'helm/trivy/Chart.yaml'
  pull_request:
    paths:
      - '**.md'
@@ -16,6 +17,7 @@ on:
      - 'mkdocs.yml'
      - 'LICENSE'
      - '.release-please-manifest.json'
+      - 'helm/trivy/Chart.yaml'
 jobs:
  test:
    name: Test
--- a/.github/workflows/cache-test-images.yaml
+++ b/.github/workflows/cache-test-images.yaml
@@ -27,7 +27,8 @@ jobs:
        if: github.ref_name == 'main'
        id: image-digest
        run: |
-          IMAGE_LIST=$(skopeo list-tags docker://ghcr.io/aquasecurity/trivy-test-images)
+          source integration/testimages.ini
+          IMAGE_LIST=$(skopeo list-tags docker://$TEST_IMAGES)
          DIGEST=$(echo "$IMAGE_LIST" | sha256sum | cut -d' ' -f1)
          echo "digest=$DIGEST" >> $GITHUB_OUTPUT

@@ -67,7 +68,8 @@ jobs:
        if: github.ref_name == 'main'
        id: image-digest
        run: |
-          IMAGE_LIST=$(skopeo list-tags docker://ghcr.io/aquasecurity/trivy-test-vm-images)
+          source integration/testimages.ini
+          IMAGE_LIST=$(skopeo list-tags docker://$TEST_VM_IMAGES)
          DIGEST=$(echo "$IMAGE_LIST" | sha256sum | cut -d' ' -f1)
          echo "digest=$DIGEST" >> $GITHUB_OUTPUT

--- a/.github/workflows/publish-chart.yaml
+++ b/.github/workflows/publish-chart.yaml
@@ -4,6 +4,11 @@ name: Publish Helm chart
 on:
  workflow_dispatch:
  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - closed
    branches:
      - main
    paths:
@@ -18,8 +23,10 @@ env:
  KIND_VERSION: "v0.14.0"
  KIND_IMAGE: "kindest/node:v1.23.6@sha256:b1fa224cc6c7ff32455e0b1fd9cbfd3d3bc87ecaa8fcb06961ed1afb3db0f9ae"
 jobs:
+  # `test-chart` job starts if a PR with Helm Chart is created, merged etc.
  test-chart:
-    runs-on: ubuntu-20.04
+    if: github.event_name != 'push'
+    runs-on: ubuntu-24.04
    steps:
      - name: Checkout
        uses: actions/checkout@v4.1.6
@@ -28,11 +35,12 @@ jobs:
      - name: Install Helm
        uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814
        with:
-          version: v3.5.0
+          version: v3.14.4
      - name: Set up python
        uses: actions/setup-python@v5
        with:
-          python-version: 3.7
+          python-version: '3.x'
+          check-latest: true
      - name: Setup Chart Linting
        id: lint
        uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992
@@ -48,11 +56,39 @@ jobs:
          sed -i -e '136s,false,'true',g' ./helm/trivy/values.yaml
          ct lint-and-install --validate-maintainers=false --charts helm/trivy

+  # `update-chart-version` job starts if a new tag is pushed
+  update-chart-version:
+    if: github.event_name == 'push'
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4.1.6
+        with:
+          fetch-depth: 0
+      - name: Set up Git user
+        run: |
+          git config --global user.email "actions@github.com"
+          git config --global user.name "GitHub Actions"
+
+      - name: Install tools
+        uses: aquaproj/aqua-installer@v3.0.1
+        with:
+          aqua_version: v1.25.0
+          aqua_opts: ""
+
+      - name: Create a PR with Trivy version
+        run: mage helm:updateVersion
+        env:
+          # Use ORG_REPO_TOKEN instead of GITHUB_TOKEN
+          # This allows the created PR to trigger tests and other workflows
+          GITHUB_TOKEN: ${{ secrets.ORG_REPO_TOKEN }}
+
+  # `publish-chart` job starts if a PR with a new Helm Chart is merged or manually
  publish-chart:
-    if: github.event_name == 'push' || github.event_name == 'workflow_dispatch'
+    if: github.event.pull_request.merged == true || github.event_name == 'workflow_dispatch'
    needs:
      - test-chart
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-24.04
    steps:
      - name: Checkout
        uses: actions/checkout@v4.1.6
--- a/.github/workflows/test.yaml
+++ b/.github/workflows/test.yaml
@@ -7,6 +7,7 @@ on:
      - 'mkdocs.yml'
      - 'LICENSE'
      - '.release-please-manifest.json' ## don't run tests for release-please PRs
+      - 'helm/trivy/Chart.yaml'
  merge_group:
  workflow_dispatch:

@@ -90,7 +91,8 @@ jobs:
      - name: Generate image list digest
        id: image-digest
        run: |
-          IMAGE_LIST=$(skopeo list-tags docker://ghcr.io/aquasecurity/trivy-test-images)
+          source integration/testimages.ini
+          IMAGE_LIST=$(skopeo list-tags docker://$TEST_IMAGES)
          DIGEST=$(echo "$IMAGE_LIST" | sha256sum | cut -d' ' -f1)
          echo "digest=$DIGEST" >> $GITHUB_OUTPUT

@@ -147,7 +149,8 @@ jobs:
      - name: Generate image list digest
        id: image-digest
        run: |
-          IMAGE_LIST=$(skopeo list-tags docker://ghcr.io/aquasecurity/trivy-test-images)
+          source integration/testimages.ini
+          IMAGE_LIST=$(skopeo list-tags docker://$TEST_IMAGES)
          DIGEST=$(echo "$IMAGE_LIST" | sha256sum | cut -d' ' -f1)
          echo "digest=$DIGEST" >> $GITHUB_OUTPUT

@@ -185,7 +188,8 @@ jobs:
      - name: Generate image list digest
        id: image-digest
        run: |
-          IMAGE_LIST=$(skopeo list-tags docker://ghcr.io/aquasecurity/trivy-test-vm-images)
+          source integration/testimages.ini
+          IMAGE_LIST=$(skopeo list-tags docker://$TEST_VM_IMAGES)
          DIGEST=$(echo "$IMAGE_LIST" | sha256sum | cut -d' ' -f1)
          echo "digest=$DIGEST" >> $GITHUB_OUTPUT

--- a/.golangci.yaml
+++ b/.golangci.yaml
@@ -105,6 +105,7 @@ linters:
    - typecheck
    - unconvert
    - unused
+    - usestdlibvars

 run:
  go: '1.22'
--- a/.release-please-manifest.json
+++ b/.release-please-manifest.json
@@ -1 +1 @@
-{".":"0.56.0"}
+{".":"0.57.1"}
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,58 @@
 # Changelog

+## [0.57.1](https://github.com/aquasecurity/trivy/compare/v0.57.0...v0.57.1) (2024-11-18)
+
+### Bug Fixes
+
+* Update registry fallbacks [backport: release/v0.57] ([#7944](https://github.com/aquasecurity/trivy/issues/7944)) ([cd0d128](https://github.com/aquasecurity/trivy/commit/cd0d1281bfd1e2804c2305fafde7831d3ec571df))
+* **redhat:** don't return error if `root/buildinfo/content_manifests/` contains files that are not `contentSets` files [backport: release/v0.57] ([#7939](https://github.com/aquasecurity/trivy/issues/7939)) ([7dd70dc](https://github.com/aquasecurity/trivy/commit/7dd70dcf3e3b0b49af7f375d1ca20777ef6e28e2))
+
+## [0.57.0](https://github.com/aquasecurity/trivy/compare/v0.56.0...v0.57.0) (2024-10-31)
+
+
+### ⚠ BREAKING CHANGES
+
+* **k8s:** support k8s multi container ([#7444](https://github.com/aquasecurity/trivy/issues/7444))
+
+### Features
+
+* add end of life date for Ubuntu 24.10 ([#7787](https://github.com/aquasecurity/trivy/issues/7787)) ([ad3c09e](https://github.com/aquasecurity/trivy/commit/ad3c09e006e134f3c5b879ffc34ce9895a8c860f))
+* **cli:** add `trivy auth` ([#7664](https://github.com/aquasecurity/trivy/issues/7664)) ([27117f8](https://github.com/aquasecurity/trivy/commit/27117f81d52483c3ceec56fe56ac298e242fbc9a))
+* **cli:** error out when ignore file cannot be found ([#7624](https://github.com/aquasecurity/trivy/issues/7624)) ([cb0b3a9](https://github.com/aquasecurity/trivy/commit/cb0b3a9279b31810ecd686a385e5140e567ce86f))
+* **cli:** rename `trivy auth` to `trivy registry` ([#7727](https://github.com/aquasecurity/trivy/issues/7727)) ([633a7ab](https://github.com/aquasecurity/trivy/commit/633a7abeea4287899392a24f2705f96dfeb7e312))
+* **cyclonedx:** add file checksums to `CycloneDX` reports ([#7507](https://github.com/aquasecurity/trivy/issues/7507)) ([c225883](https://github.com/aquasecurity/trivy/commit/c225883649f58128a99fa2c1cef327d0e57940be))
+* **db:** append errors ([#7843](https://github.com/aquasecurity/trivy/issues/7843)) ([5e78b6c](https://github.com/aquasecurity/trivy/commit/5e78b6c12fb5740c12dedeea3d335d48ec2f752b))
+* **misconf:** export unresolvable field of IaC types to Rego ([#7765](https://github.com/aquasecurity/trivy/issues/7765)) ([9514148](https://github.com/aquasecurity/trivy/commit/9514148767865baddd73a49245385574927f7a74))
+* **misconf:** public network support for Azure Storage Account ([#7601](https://github.com/aquasecurity/trivy/issues/7601)) ([ad91412](https://github.com/aquasecurity/trivy/commit/ad914123c4d203af1e1da6b7e2d3e49d9d3831d8))
+* **misconf:** Show misconfig ID in output ([#7762](https://github.com/aquasecurity/trivy/issues/7762)) ([f75c0d1](https://github.com/aquasecurity/trivy/commit/f75c0d1f0069d4856cb4826d6049f32c5b9409d9))
+* **misconf:** ssl_mode support for GCP SQL DB instance ([#7564](https://github.com/aquasecurity/trivy/issues/7564)) ([2eaa17e](https://github.com/aquasecurity/trivy/commit/2eaa17e0717940b27a79050e2efd9213b71178c9))
+* **parser:** ignore white space in pom.xml files ([#7747](https://github.com/aquasecurity/trivy/issues/7747)) ([a7baa93](https://github.com/aquasecurity/trivy/commit/a7baa93b00b8636aa097e64cdb8eed97dbd68511))
+* **report:** update gitlab template to populate operating_system value ([#7735](https://github.com/aquasecurity/trivy/issues/7735)) ([c0d79fa](https://github.com/aquasecurity/trivy/commit/c0d79fa09e645f3a3dbff878e393b8631fb17b64))
+
+
+### Bug Fixes
+
+* **cli:** `clean --all` deletes only relevant dirs ([#7704](https://github.com/aquasecurity/trivy/issues/7704)) ([672e886](https://github.com/aquasecurity/trivy/commit/672e886aed152ae0f09a16941706746f3053ca94))
+* **cli:** add config name to skip-policy-update alias ([#7820](https://github.com/aquasecurity/trivy/issues/7820)) ([b661d68](https://github.com/aquasecurity/trivy/commit/b661d680ff0372c8e4beea0db13bf69d6a2203a8))
+* **db:** fix javadb downloading error handling ([#7642](https://github.com/aquasecurity/trivy/issues/7642)) ([2c87f0c](https://github.com/aquasecurity/trivy/commit/2c87f0cb794acd77446a273582ba1a45b9f18980))
+* enable usestdlibvars linter ([#7770](https://github.com/aquasecurity/trivy/issues/7770)) ([57e24aa](https://github.com/aquasecurity/trivy/commit/57e24aa85382f749df7f673e241caaf3fcbb45cb))
+* **go:** Do not trim v prefix from versions in Go Mod Analyzer ([#7733](https://github.com/aquasecurity/trivy/issues/7733)) ([e872ec0](https://github.com/aquasecurity/trivy/commit/e872ec006c0745a5a142728af0096c6d6bb9ddf3))
+* **helm:** properly handle multiple archived dependencies ([#7782](https://github.com/aquasecurity/trivy/issues/7782)) ([6fab88d](https://github.com/aquasecurity/trivy/commit/6fab88dd56c257ef2cc63b617c2a5decb1c4cf98))
+* **java:** correctly inherit `version` and `scope` from upper/root `depManagement` and `dependencies` into parents ([#7541](https://github.com/aquasecurity/trivy/issues/7541)) ([778df82](https://github.com/aquasecurity/trivy/commit/778df828eaad9827cb833c6285058a33aa2b83ca))
+* **k8s:** skip resources without misconfigs ([#7797](https://github.com/aquasecurity/trivy/issues/7797)) ([7882776](https://github.com/aquasecurity/trivy/commit/78827768a612ab305bf9c55409ce76d6774302a5))
+* **k8s:** support k8s multi container ([#7444](https://github.com/aquasecurity/trivy/issues/7444)) ([c434775](https://github.com/aquasecurity/trivy/commit/c4347759234dcb5f372b07f92fb4230ef391d710))
+* **k8s:** support kubernetes v1.31 ([#7810](https://github.com/aquasecurity/trivy/issues/7810)) ([7a4f4d8](https://github.com/aquasecurity/trivy/commit/7a4f4d8b12996687f3095a2042cdf2f5985332c9))
+* **license:** fix license normalization for Universal Permissive License ([#7766](https://github.com/aquasecurity/trivy/issues/7766)) ([f6acdf7](https://github.com/aquasecurity/trivy/commit/f6acdf713991f8ffdbe765178fcb8a9cde433cba))
+* **misconf:** change default ACL of digitalocean_spaces_bucket to private ([#7577](https://github.com/aquasecurity/trivy/issues/7577)) ([9da84f5](https://github.com/aquasecurity/trivy/commit/9da84f54fadbe6ad0d73983952e945ed63b666f3))
+* **misconf:** check if property is not nil before conversion ([#7578](https://github.com/aquasecurity/trivy/issues/7578)) ([c8c14d3](https://github.com/aquasecurity/trivy/commit/c8c14d36245623019f29d258f813d2325f7490f7))
+* **misconf:** fix for Azure Storage Account network acls adaptation ([#7602](https://github.com/aquasecurity/trivy/issues/7602)) ([35fd018](https://github.com/aquasecurity/trivy/commit/35fd018ae7ad86823f114f0ac2f1376726aee444))
+* **misconf:** properly expand dynamic blocks ([#7612](https://github.com/aquasecurity/trivy/issues/7612)) ([8d5dbc9](https://github.com/aquasecurity/trivy/commit/8d5dbc9fec3569b22ed81a03c40eaf732768718b))
+* **redhat:** include arch in PURL qualifiers ([#7654](https://github.com/aquasecurity/trivy/issues/7654)) ([a585e95](https://github.com/aquasecurity/trivy/commit/a585e95f3398631d9ad10505c5ff642fde21aef7))
+* **repo:** `git clone` output to Stderr ([#7561](https://github.com/aquasecurity/trivy/issues/7561)) ([fdf203c](https://github.com/aquasecurity/trivy/commit/fdf203cd209aeb40f454bd12d121a54d6ed7a542))
+* **report:** Fix invalid URI in SARIF report ([#7645](https://github.com/aquasecurity/trivy/issues/7645)) ([015bb88](https://github.com/aquasecurity/trivy/commit/015bb885ac414b91201fa9791eead395d878149c))
+* **sbom:** add options for DBs in private registries ([#7660](https://github.com/aquasecurity/trivy/issues/7660)) ([1f2e91b](https://github.com/aquasecurity/trivy/commit/1f2e91b02b3606dd11963002a8cfac7962f3478f))
+* **sbom:** use `Annotation` instead of `AttributionTexts` for `SPDX` formats ([#7811](https://github.com/aquasecurity/trivy/issues/7811)) ([f2bb9c6](https://github.com/aquasecurity/trivy/commit/f2bb9c6227743dd61f44eb591d4b15192fe110c6))
+
 ## [0.56.0](https://github.com/aquasecurity/trivy/compare/v0.55.0...v0.56.0) (2024-10-03)


--- a/contrib/Trivy.gitlab-ci.yml
+++ b/contrib/Trivy.gitlab-ci.yml
@@ -12,9 +12,9 @@ Trivy_container_scanning:
  before_script:
    - export TRIVY_VERSION=${TRIVY_VERSION:-v0.19.2}
    - apk add --no-cache curl docker-cli
-    - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
    - curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin ${TRIVY_VERSION}
    - curl -sSL -o /tmp/trivy-gitlab.tpl https://github.com/aquasecurity/trivy/raw/${TRIVY_VERSION}/contrib/gitlab.tpl
+    - trivy registry login --username "$CI_REGISTRY_USER" --password "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
  script:
    - trivy --exit-code 0 --cache-dir .trivycache/ --no-progress --format template --template "@/tmp/trivy-gitlab.tpl" -o gl-container-scanning-report.json $IMAGE
  cache:
--- a/contrib/gitlab.tpl
+++ b/contrib/gitlab.tpl
@@ -24,11 +24,18 @@
    "status": "success",
    "type": "container_scanning"
  },
+  {{- $image := "Unknown" -}}
+  {{- $os := "Unknown" -}}
+  {{- range . }}
+    {{- if eq .Class "os-pkgs" -}}
+      {{- $target := .Target }}
+        {{- $image = $target | regexFind "[^\\s]+" }}
+        {{- $os = $target | splitList "(" | last | trimSuffix ")" }}
+    {{- end }}
+  {{- end }}
  "vulnerabilities": [
  {{- $t_first := true }}
  {{- range . }}
-  {{- $target := .Target }}
-    {{- $image := $target | regexFind "[^\\s]+" }}
    {{- range .Vulnerabilities -}}
    {{- if $t_first -}}
      {{- $t_first = false -}}
@@ -65,7 +72,7 @@
          "version": "{{ .InstalledVersion }}"
        },
        {{- /* TODO: No mapping available - https://github.com/aquasecurity/trivy/issues/332 */}}
-        "operating_system": "Unknown",
+        "operating_system": "{{ $os }}",
        "image": "{{ $image }}"
      },
      "identifiers": [
--- a/contrib/junit.tpl
+++ b/contrib/junit.tpl
@@ -16,7 +16,7 @@
    </testsuite>

 {{- if .MisconfSummary }}
-    <testsuite tests="{{ add .MisconfSummary.Successes .MisconfSummary.Failures }}" failures="{{ .MisconfSummary.Failures }}" name="{{  .Target }}" errors="0" skipped="{{ .MisconfSummary.Exceptions }}" time="">
+    <testsuite tests="{{ add .MisconfSummary.Successes .MisconfSummary.Failures }}" failures="{{ .MisconfSummary.Failures }}" name="{{  .Target }}" errors="0" time="">
 {{- else }}
    <testsuite tests="0" failures="0" name="{{  .Target }}" errors="0" skipped="0" time="">
 {{- end }}
--- a/docs/docs/advanced/private-registries/index.md
+++ b/docs/docs/advanced/private-registries/index.md
@@ -1,13 +1,30 @@
 Trivy can download images from a private registry without the need for installing Docker or any other 3rd party tools.
 This makes it easy to run within a CI process.

-## Credential
-To use Trivy with private images, simply install it and provide your credentials:
+## Login
+You can log in to a private registry using the `trivy registry login` command.
+It uses the Docker configuration file (`~/.docker/config.json`) to store the credentials under the hood, and the configuration file path can be configured by `DOCKER_CONFIG` environment variable.
+
+```shell
+$ cat ~/my_password.txt | trivy registry login --username foo --password-stdin ghcr.io
+$ trivy image ghcr.io/your/private_image
+```
+
+## Passing Credentials
+You can also provide your credentials when scanning.

 ```shell
 $ TRIVY_USERNAME=YOUR_USERNAME TRIVY_PASSWORD=YOUR_PASSWORD trivy image YOUR_PRIVATE_IMAGE
 ```

+!!! warning
+    When passing credentials via environment variables or CLI flags, Trivy will attempt to use these credentials for all registries encountered during scanning, regardless of the target registry.
+    This can potentially lead to unintended credential exposure.
+    To mitigate this risk:
+
+    1. Set credentials cautiously and only when necessary.
+    2. Prefer using `trivy registry login` to pre-configure credentials with specific registries, which ensures credentials are only sent to appropriate registries.
+
 Trivy also supports providing credentials through CLI flags:

 ```shell
@@ -17,6 +34,7 @@ $ TRIVY_PASSWORD=YOUR_PASSWORD trivy image --username YOUR_USERNAME YOUR_PRIVATE
 !!! warning
    The CLI flag `--password` is available, but its use is not recommended for security reasons.

+
 You can also store your credentials in `trivy.yaml`.
 For more information, please refer to [the documentation](../../references/configuration/config-file.md).

@@ -35,15 +53,5 @@ In the example above, Trivy attempts to use two pairs of credentials:

 Please note that the number of usernames and passwords must be the same.

-## docker login
-If you have Docker configured locally and have set up the credentials, Trivy can access them.
-
-```shell
-$ docker login ghcr.io
-Username: 
-Password:
-$ trivy image ghcr.io/your/private_image
-```
-
 !!! note
-    `docker login` can be used with any container runtime, such as Podman.
+    `--password-stdin` doesn't support comma-separated passwords.
--- a/docs/docs/configuration/db.md
+++ b/docs/docs/configuration/db.md
@@ -92,6 +92,19 @@ You can reference the OCI manifest of [trivy-db].
    `trivy-db-registry:latest` => `trivy-db-registry:latest`, but `trivy-db-registry` => `trivy-db-registry:2`.


+### Rate limits
+Trivy hosts its databases on public OCI registries that are subject to their respective rate limits. While we strive to make the databases available to every
+Trivy user, there are certain recommendations that one can make in order to ensure rate limits are not hit.
+
+#### Authenticated use of Registries
+By authenticating with the registries that Trivy hosts its DBs on can significantly increase the limit for users. For Amazon ECR, the details for rate limits can be found [ecr-limits].
+
+Please see more info on how to authenticate with ECR [auth-ecr].
+
+#### Caching DBs
+Trivy DB and Trivy Java DB are published every 6 hours and 24 hours, respectively. If you are running Trivy scans more often than this, you can significantly benefit from caching the DBs on each run and updating them as needed.
+Once example of this can be seen in Trivy Action, where with caching multiple CI invocations can be performed with a single download of the DBs. More on info Trivy Action caching can be found [trivy-action-cache].
+
 ## Java Index Database
 The same options are also available for the Java index DB, which is used for scanning Java applications.
 Skipping an update can be done by using the `--skip-java-db-update` option, while `--download-java-db-only` can be used to only download the Java index DB.
@@ -124,3 +137,6 @@ $ trivy clean --vuln-db --java-db

 [trivy-db]: https://github.com/aquasecurity/trivy-db/pkgs/container/trivy-db
 [trivy-java-db]: https://github.com/aquasecurity/trivy-java-db/pkgs/container/trivy-java-db
+[ecr-limits]: https://docs.aws.amazon.com/AmazonECR/latest/public/public-service-quotas.html
+[auth-ecr]: https://aws.amazon.com/blogs/compute/authenticating-amazon-ecr-repositories-for-docker-cli-with-credential-helper/
+[trivy-action-cache]: https://github.com/aquasecurity/trivy-action?tab=readme-ov-file#cache
--- a/docs/docs/configuration/filtering.md
+++ b/docs/docs/configuration/filtering.md
@@ -112,7 +112,7 @@ trivy config --severity HIGH,CRITICAL examples/misconf/mixed

 Dockerfile (dockerfile)
 =======================
-Tests: 17 (SUCCESSES: 16, FAILURES: 1, EXCEPTIONS: 0)
+Tests: 17 (SUCCESSES: 16, FAILURES: 1)
 Failures: 1 (HIGH: 1, CRITICAL: 0)

 HIGH: Last USER command in Dockerfile should not be 'root'
@@ -130,13 +130,13 @@ See https://avd.aquasec.com/misconfig/ds002

 deployment.yaml (kubernetes)
 ============================
-Tests: 8 (SUCCESSES: 8, FAILURES: 0, EXCEPTIONS: 0)
+Tests: 8 (SUCCESSES: 8, FAILURES: 0)
 Failures: 0 (HIGH: 0, CRITICAL: 0)


 main.tf (terraform)
 ===================
-Tests: 1 (SUCCESSES: 0, FAILURES: 1, EXCEPTIONS: 0)
+Tests: 1 (SUCCESSES: 0, FAILURES: 1)
 Failures: 1 (HIGH: 0, CRITICAL: 1)

 CRITICAL: Classic resources should not be used.
@@ -477,13 +477,13 @@ ignore {
 ```

 ```bash
-trivy image --ignore-policy contrib/example_policy/basic.rego centos:7
+trivy image --ignore-policy examples/ignore-policies/basic.rego centos:7
 ```

 For more advanced use cases, there is a built-in Rego library with helper functions that you can import into your policy using: `import data.lib.trivy`.
 More info about the helper functions are in the library [here](https://github.com/aquasecurity/trivy/tree/{{ git.tag }}/pkg/result/module.go).

-You can find more example checks [here](https://github.com/aquasecurity/trivy/tree/{{ git.tag }}/pkg/result/module.go)
+You can create a whitelist of checks using Rego, see the detailed [example](https://github.com/aquasecurity/trivy/tree/{{ git.tag }}/examples/ignore-policies/whitelist.rego). Additional examples are available [here](https://github.com/aquasecurity/trivy/tree/{{ git.tag }}/examples/ignore-policies).

 ### By Vulnerability Exploitability Exchange (VEX)
 |     Scanner      | Supported |
--- a/docs/docs/configuration/reporting.md
+++ b/docs/docs/configuration/reporting.md
@@ -5,7 +5,7 @@ Trivy supports the following formats:

 - Table
 - JSON
- [SARIF](https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning)
+- [SARIF][sarif-home]
 - Template
 - SBOM
 - GitHub dependency snapshot
@@ -252,16 +252,19 @@ $ trivy image -f json -o results.json golang:1.12-alpine
 |      Secret      |     ✓     |
 |     License      |     ✓     |

-[SARIF][sarif] can be generated with the `--format sarif` flag.
+[SARIF][sarif-home] (Static Analysis Results Interchange Format) complying with [SARIF 2.1.0 OASIS standard][sarif-spec] can be generated with the `--format sarif` flag.

 ```
 $ trivy image --format sarif -o report.sarif  golang:1.12-alpine
 ```

-This SARIF file can be uploaded to GitHub code scanning results, and there is a [Trivy GitHub Action][action] for automating this process.
+This SARIF file can be uploaded to several platforms, including:
+
+- [GitHub code scanning results][sarif-github], and there is a [Trivy GitHub Action][action] for automating this process
+- [SonarQube][sarif-sonar]

 ### GitHub dependency snapshot
-Trivy supports the following packages.
+Trivy supports the following packages:

 - [OS packages][os_packages]
 - [Language-specific packages][language_packages]
@@ -430,7 +433,10 @@ $ trivy convert --format table --severity CRITICAL result.json
 [cargo-auditable]: https://github.com/rust-secure-code/cargo-auditable/
 [action]: https://github.com/aquasecurity/trivy-action
 [asff]: ../../tutorials/integrations/aws-security-hub.md
-[sarif]: https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/managing-results-from-code-scanning
+[sarif-home]: https://sarifweb.azurewebsites.net
+[sarif-spec]: https://docs.oasis-open.org/sarif/sarif/v2.1.0/sarif-v2.1.0.html
+[sarif-github]: https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning
+[sarif-sonar]: https://docs.sonarsource.com/sonarqube/latest/analyzing-source-code/importing-external-issues/importing-issues-from-sarif-reports/
 [sprig]: http://masterminds.github.io/sprig/
 [github-sbom]: https://docs.github.com/en/rest/dependency-graph/dependency-submission?apiVersion=2022-11-28#about-dependency-submissions
 [github-sbom-submit]: https://docs.github.com/en/rest/dependency-graph/dependency-submission?apiVersion=2022-11-28#create-a-snapshot-of-dependencies-for-a-repository
--- a/docs/docs/coverage/language/java.md
+++ b/docs/docs/coverage/language/java.md
@@ -69,6 +69,9 @@ The vulnerability database will be downloaded anyway.
 !!! Warning
    Trivy may skip some dependencies (that were not found on your local machine) when the `--offline-scan` flag is passed.

+### supported scopes
+Trivy only scans `import`, `compile`, `runtime` and empty [maven scopes][maven-scopes]. Other scopes and `Optional` dependencies are not currently being analyzed.
+
 ### empty dependency version
 There are cases when Trivy cannot determine the version of dependencies:

@@ -128,6 +131,7 @@ Make sure that you have cache[^8] directory to find licenses from `*.pom` depend
 [maven-invoker-plugin]: https://maven.apache.org/plugins/maven-invoker-plugin/usage.html
 [maven-central]: https://repo.maven.apache.org/maven2/
 [maven-pom-repos]: https://maven.apache.org/settings.html#repositories
+[maven-scopes]: https://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html#Dependency_Scope
 [sbt-dependency-lock]: https://stringbean.github.io/sbt-dependency-lock
 [detection-priority]: ../../scanner/vulnerability.md#detection-priority
 [version-requirement]: https://maven.apache.org/pom.html#dependency-version-requirement-specification
--- a/docs/docs/references/configuration/cli/trivy.md
+++ b/docs/docs/references/configuration/cli/trivy.md
@@ -51,6 +51,7 @@ trivy [global flags] command [flags] target
 * [trivy kubernetes](trivy_kubernetes.md)	 - [EXPERIMENTAL] Scan kubernetes cluster
 * [trivy module](trivy_module.md)	 - Manage modules
 * [trivy plugin](trivy_plugin.md)	 - Manage plugins
+* [trivy registry](trivy_registry.md)	 - Manage registry authentication
 * [trivy repository](trivy_repository.md)	 - Scan a repository
 * [trivy rootfs](trivy_rootfs.md)	 - Scan rootfs
 * [trivy sbom](trivy_sbom.md)	 - Scan SBOM for vulnerabilities and licenses
--- a/docs/docs/references/configuration/cli/trivy_config.md
+++ b/docs/docs/references/configuration/cli/trivy_config.md
@@ -32,13 +32,14 @@ trivy config [flags] DIR
      --ignore-policy string              specify the Rego file path to evaluate each vulnerability
      --ignorefile string                 specify .trivyignore file (default ".trivyignore")
      --include-deprecated-checks         include deprecated checks
-      --include-non-failures              include successes and exceptions, available with '--scanners misconfig'
+      --include-non-failures              include successes, available with '--scanners misconfig'
      --k8s-version string                specify k8s version to validate outdated api by it (example: 1.21.0)
      --misconfig-scanners strings        comma-separated list of misconfig scanners to use for misconfiguration scanning (default [azure-arm,cloudformation,dockerfile,helm,kubernetes,terraform,terraformplan-json,terraformplan-snapshot])
      --module-dir string                 specify directory to the wasm modules that will be loaded (default "$HOME/.trivy/modules")
  -o, --output string                     output file name
      --output-plugin-arg string          [EXPERIMENTAL] output plugin arguments
      --password strings                  password. Comma-separated passwords allowed. TRIVY_PASSWORD should be used for security reasons.
+      --password-stdin                    password from stdin. Comma-separated passwords are not supported.
      --redis-ca string                   redis ca file location, if using redis as cache backend
      --redis-cert string                 redis certificate file location, if using redis as cache backend
      --redis-key string                  redis key file location, if using redis as cache backend
--- a/docs/docs/references/configuration/cli/trivy_filesystem.md
+++ b/docs/docs/references/configuration/cli/trivy_filesystem.md
@@ -29,7 +29,7 @@ trivy filesystem [flags] PATH
      --config-data strings               specify paths from which data for the Rego checks will be recursively loaded
      --config-file-schemas strings       specify paths to JSON configuration file schemas to determine that a file matches some configuration and pass the schema to Rego checks for type checking
      --custom-headers strings            custom headers in client mode
-      --db-repository strings             OCI repository(ies) to retrieve trivy-db in order of priority (default [ghcr.io/aquasecurity/trivy-db:2])
+      --db-repository strings             OCI repository(ies) to retrieve trivy-db in order of priority (default [mirror.gcr.io/aquasec/trivy-db:2,ghcr.io/aquasecurity/trivy-db:2])
      --dependency-tree                   [EXPERIMENTAL] show dependency origin tree of vulnerable packages
      --detection-priority string         specify the detection priority:
                                            - "precise": Prioritizes precise by minimizing false positives.
@@ -55,8 +55,8 @@ trivy filesystem [flags] PATH
      --ignorefile string                 specify .trivyignore file (default ".trivyignore")
      --include-deprecated-checks         include deprecated checks
      --include-dev-deps                  include development dependencies in the report (supported: npm, yarn)
-      --include-non-failures              include successes and exceptions, available with '--scanners misconfig'
-      --java-db-repository strings        OCI repository(ies) to retrieve trivy-java-db in order of priority (default [ghcr.io/aquasecurity/trivy-java-db:1])
+      --include-non-failures              include successes, available with '--scanners misconfig'
+      --java-db-repository strings        OCI repository(ies) to retrieve trivy-java-db in order of priority (default [mirror.gcr.io/aquasec/trivy-java-db:1,ghcr.io/aquasecurity/trivy-java-db:1])
      --license-confidence-level float    specify license classifier's confidence level (default 0.9)
      --license-full                      eagerly look for licenses in source code headers and license files
      --list-all-pkgs                     output all packages in the JSON report regardless of vulnerability
@@ -68,6 +68,7 @@ trivy filesystem [flags] PATH
      --output-plugin-arg string          [EXPERIMENTAL] output plugin arguments
      --parallel int                      number of goroutines enabled for parallel scanning, set 0 to auto-detect parallelism (default 5)
      --password strings                  password. Comma-separated passwords allowed. TRIVY_PASSWORD should be used for security reasons.
+      --password-stdin                    password from stdin. Comma-separated passwords are not supported.
      --pkg-relationships strings         list of package relationships (unknown,root,direct,indirect) (default [unknown,root,direct,indirect])
      --pkg-types strings                 list of package types (os,library) (default [os,library])
      --redis-ca string                   redis ca file location, if using redis as cache backend
--- a/docs/docs/references/configuration/cli/trivy_image.md
+++ b/docs/docs/references/configuration/cli/trivy_image.md
@@ -43,7 +43,7 @@ trivy image [flags] IMAGE_NAME
      --config-data strings               specify paths from which data for the Rego checks will be recursively loaded
      --config-file-schemas strings       specify paths to JSON configuration file schemas to determine that a file matches some configuration and pass the schema to Rego checks for type checking
      --custom-headers strings            custom headers in client mode
-      --db-repository strings             OCI repository(ies) to retrieve trivy-db in order of priority (default [ghcr.io/aquasecurity/trivy-db:2])
+      --db-repository strings             OCI repository(ies) to retrieve trivy-db in order of priority (default [mirror.gcr.io/aquasec/trivy-db:2,ghcr.io/aquasecurity/trivy-db:2])
      --dependency-tree                   [EXPERIMENTAL] show dependency origin tree of vulnerable packages
      --detection-priority string         specify the detection priority:
                                            - "precise": Prioritizes precise by minimizing false positives.
@@ -72,9 +72,9 @@ trivy image [flags] IMAGE_NAME
      --image-config-scanners strings     comma-separated list of what security issues to detect on container image configurations (misconfig,secret)
      --image-src strings                 image source(s) to use, in priority order (docker,containerd,podman,remote) (default [docker,containerd,podman,remote])
      --include-deprecated-checks         include deprecated checks
-      --include-non-failures              include successes and exceptions, available with '--scanners misconfig'
+      --include-non-failures              include successes, available with '--scanners misconfig'
      --input string                      input file path instead of image name
-      --java-db-repository strings        OCI repository(ies) to retrieve trivy-java-db in order of priority (default [ghcr.io/aquasecurity/trivy-java-db:1])
+      --java-db-repository strings        OCI repository(ies) to retrieve trivy-java-db in order of priority (default [mirror.gcr.io/aquasec/trivy-java-db:1,ghcr.io/aquasecurity/trivy-java-db:1])
      --license-confidence-level float    specify license classifier's confidence level (default 0.9)
      --license-full                      eagerly look for licenses in source code headers and license files
      --list-all-pkgs                     output all packages in the JSON report regardless of vulnerability
@@ -86,6 +86,7 @@ trivy image [flags] IMAGE_NAME
      --output-plugin-arg string          [EXPERIMENTAL] output plugin arguments
      --parallel int                      number of goroutines enabled for parallel scanning, set 0 to auto-detect parallelism (default 5)
      --password strings                  password. Comma-separated passwords allowed. TRIVY_PASSWORD should be used for security reasons.
+      --password-stdin                    password from stdin. Comma-separated passwords are not supported.
      --pkg-relationships strings         list of package relationships (unknown,root,direct,indirect) (default [unknown,root,direct,indirect])
      --pkg-types strings                 list of package types (os,library) (default [os,library])
      --platform string                   set platform in the form os/arch if image is multi-platform capable
--- a/docs/docs/references/configuration/cli/trivy_kubernetes.md
+++ b/docs/docs/references/configuration/cli/trivy_kubernetes.md
@@ -38,7 +38,7 @@ trivy kubernetes [flags] [CONTEXT]
      --config-check strings              specify the paths to the Rego check files or to the directories containing them, applying config files
      --config-data strings               specify paths from which data for the Rego checks will be recursively loaded
      --config-file-schemas strings       specify paths to JSON configuration file schemas to determine that a file matches some configuration and pass the schema to Rego checks for type checking
-      --db-repository strings             OCI repository(ies) to retrieve trivy-db in order of priority (default [ghcr.io/aquasecurity/trivy-db:2])
+      --db-repository strings             OCI repository(ies) to retrieve trivy-db in order of priority (default [mirror.gcr.io/aquasec/trivy-db:2,ghcr.io/aquasecurity/trivy-db:2])
      --dependency-tree                   [EXPERIMENTAL] show dependency origin tree of vulnerable packages
      --detection-priority string         specify the detection priority:
                                            - "precise": Prioritizes precise by minimizing false positives.
@@ -69,8 +69,8 @@ trivy kubernetes [flags] [CONTEXT]
      --include-deprecated-checks         include deprecated checks
      --include-kinds strings             indicate the kinds included in scanning (example: node)
      --include-namespaces strings        indicate the namespaces included in scanning (example: kube-system)
-      --include-non-failures              include successes and exceptions, available with '--scanners misconfig'
-      --java-db-repository strings        OCI repository(ies) to retrieve trivy-java-db in order of priority (default [ghcr.io/aquasecurity/trivy-java-db:1])
+      --include-non-failures              include successes, available with '--scanners misconfig'
+      --java-db-repository strings        OCI repository(ies) to retrieve trivy-java-db in order of priority (default [mirror.gcr.io/aquasec/trivy-java-db:1,ghcr.io/aquasecurity/trivy-java-db:1])
      --k8s-version string                specify k8s version to validate outdated api by it (example: 1.21.0)
      --kubeconfig string                 specify the kubeconfig file path to use
      --list-all-pkgs                     output all packages in the JSON report regardless of vulnerability
@@ -83,6 +83,7 @@ trivy kubernetes [flags] [CONTEXT]
      --output-plugin-arg string          [EXPERIMENTAL] output plugin arguments
      --parallel int                      number of goroutines enabled for parallel scanning, set 0 to auto-detect parallelism (default 5)
      --password strings                  password. Comma-separated passwords allowed. TRIVY_PASSWORD should be used for security reasons.
+      --password-stdin                    password from stdin. Comma-separated passwords are not supported.
      --pkg-relationships strings         list of package relationships (unknown,root,direct,indirect) (default [unknown,root,direct,indirect])
      --pkg-types strings                 list of package types (os,library) (default [os,library])
      --qps float                         specify the maximum QPS to the master from this client (default 5)
--- a/docs/docs/references/configuration/cli/trivy_registry.md
+++ b/docs/docs/references/configuration/cli/trivy_registry.md
@@ -0,0 +1,29 @@
+## trivy registry
+
+Manage registry authentication
+
+### Options
+
+```
+  -h, --help   help for registry
+```
+
+### Options inherited from parent commands
+
+```
+      --cache-dir string          cache directory (default "/path/to/cache")
+  -c, --config string             config path (default "trivy.yaml")
+  -d, --debug                     debug mode
+      --generate-default-config   write the default config to trivy-default.yaml
+      --insecure                  allow insecure server connections
+  -q, --quiet                     suppress progress bar and log output
+      --timeout duration          timeout (default 5m0s)
+  -v, --version                   show version
+```
+
+### SEE ALSO
+
+* [trivy](trivy.md)	 - Unified security scanner
+* [trivy registry login](trivy_registry_login.md)	 - Log in to a registry
+* [trivy registry logout](trivy_registry_logout.md)	 - Log out of a registry
+
--- a/docs/docs/references/configuration/cli/trivy_registry_login.md
+++ b/docs/docs/references/configuration/cli/trivy_registry_login.md
@@ -0,0 +1,41 @@
+## trivy registry login
+
+Log in to a registry
+
+```
+trivy registry login SERVER [flags]
+```
+
+### Examples
+
+```
+  # Log in to reg.example.com
+  cat ~/my_password.txt | trivy registry login --username foo --password-stdin reg.example.com
+```
+
+### Options
+
+```
+  -h, --help               help for login
+      --password strings   password. Comma-separated passwords allowed. TRIVY_PASSWORD should be used for security reasons.
+      --password-stdin     password from stdin. Comma-separated passwords are not supported.
+      --username strings   username. Comma-separated usernames allowed.
+```
+
+### Options inherited from parent commands
+
+```
+      --cache-dir string          cache directory (default "/path/to/cache")
+  -c, --config string             config path (default "trivy.yaml")
+  -d, --debug                     debug mode
+      --generate-default-config   write the default config to trivy-default.yaml
+      --insecure                  allow insecure server connections
+  -q, --quiet                     suppress progress bar and log output
+      --timeout duration          timeout (default 5m0s)
+  -v, --version                   show version
+```
+
+### SEE ALSO
+
+* [trivy registry](trivy_registry.md)	 - Manage registry authentication
+
--- a/docs/docs/references/configuration/cli/trivy_registry_logout.md
+++ b/docs/docs/references/configuration/cli/trivy_registry_logout.md
@@ -0,0 +1,38 @@
+## trivy registry logout
+
+Log out of a registry
+
+```
+trivy registry logout SERVER [flags]
+```
+
+### Examples
+
+```
+  # Log out of reg.example.com
+  trivy registry logout reg.example.com
+```
+
+### Options
+
+```
+  -h, --help   help for logout
+```
+
+### Options inherited from parent commands
+
+```
+      --cache-dir string          cache directory (default "/path/to/cache")
+  -c, --config string             config path (default "trivy.yaml")
+  -d, --debug                     debug mode
+      --generate-default-config   write the default config to trivy-default.yaml
+      --insecure                  allow insecure server connections
+  -q, --quiet                     suppress progress bar and log output
+      --timeout duration          timeout (default 5m0s)
+  -v, --version                   show version
+```
+
+### SEE ALSO
+
+* [trivy registry](trivy_registry.md)	 - Manage registry authentication
+
--- a/docs/docs/references/configuration/cli/trivy_repository.md
+++ b/docs/docs/references/configuration/cli/trivy_repository.md
@@ -29,7 +29,7 @@ trivy repository [flags] (REPO_PATH | REPO_URL)
      --config-data strings               specify paths from which data for the Rego checks will be recursively loaded
      --config-file-schemas strings       specify paths to JSON configuration file schemas to determine that a file matches some configuration and pass the schema to Rego checks for type checking
      --custom-headers strings            custom headers in client mode
-      --db-repository strings             OCI repository(ies) to retrieve trivy-db in order of priority (default [ghcr.io/aquasecurity/trivy-db:2])
+      --db-repository strings             OCI repository(ies) to retrieve trivy-db in order of priority (default [mirror.gcr.io/aquasec/trivy-db:2,ghcr.io/aquasecurity/trivy-db:2])
      --dependency-tree                   [EXPERIMENTAL] show dependency origin tree of vulnerable packages
      --detection-priority string         specify the detection priority:
                                            - "precise": Prioritizes precise by minimizing false positives.
@@ -55,8 +55,8 @@ trivy repository [flags] (REPO_PATH | REPO_URL)
      --ignorefile string                 specify .trivyignore file (default ".trivyignore")
      --include-deprecated-checks         include deprecated checks
      --include-dev-deps                  include development dependencies in the report (supported: npm, yarn)
-      --include-non-failures              include successes and exceptions, available with '--scanners misconfig'
-      --java-db-repository strings        OCI repository(ies) to retrieve trivy-java-db in order of priority (default [ghcr.io/aquasecurity/trivy-java-db:1])
+      --include-non-failures              include successes, available with '--scanners misconfig'
+      --java-db-repository strings        OCI repository(ies) to retrieve trivy-java-db in order of priority (default [mirror.gcr.io/aquasec/trivy-java-db:1,ghcr.io/aquasecurity/trivy-java-db:1])
      --license-confidence-level float    specify license classifier's confidence level (default 0.9)
      --license-full                      eagerly look for licenses in source code headers and license files
      --list-all-pkgs                     output all packages in the JSON report regardless of vulnerability
@@ -68,6 +68,7 @@ trivy repository [flags] (REPO_PATH | REPO_URL)
      --output-plugin-arg string          [EXPERIMENTAL] output plugin arguments
      --parallel int                      number of goroutines enabled for parallel scanning, set 0 to auto-detect parallelism (default 5)
      --password strings                  password. Comma-separated passwords allowed. TRIVY_PASSWORD should be used for security reasons.
+      --password-stdin                    password from stdin. Comma-separated passwords are not supported.
      --pkg-relationships strings         list of package relationships (unknown,root,direct,indirect) (default [unknown,root,direct,indirect])
      --pkg-types strings                 list of package types (os,library) (default [os,library])
      --redis-ca string                   redis ca file location, if using redis as cache backend
--- a/docs/docs/references/configuration/cli/trivy_rootfs.md
+++ b/docs/docs/references/configuration/cli/trivy_rootfs.md
@@ -31,7 +31,7 @@ trivy rootfs [flags] ROOTDIR
      --config-data strings               specify paths from which data for the Rego checks will be recursively loaded
      --config-file-schemas strings       specify paths to JSON configuration file schemas to determine that a file matches some configuration and pass the schema to Rego checks for type checking
      --custom-headers strings            custom headers in client mode
-      --db-repository strings             OCI repository(ies) to retrieve trivy-db in order of priority (default [ghcr.io/aquasecurity/trivy-db:2])
+      --db-repository strings             OCI repository(ies) to retrieve trivy-db in order of priority (default [mirror.gcr.io/aquasec/trivy-db:2,ghcr.io/aquasecurity/trivy-db:2])
      --dependency-tree                   [EXPERIMENTAL] show dependency origin tree of vulnerable packages
      --detection-priority string         specify the detection priority:
                                            - "precise": Prioritizes precise by minimizing false positives.
@@ -57,8 +57,8 @@ trivy rootfs [flags] ROOTDIR
      --ignored-licenses strings          specify a list of license to ignore
      --ignorefile string                 specify .trivyignore file (default ".trivyignore")
      --include-deprecated-checks         include deprecated checks
-      --include-non-failures              include successes and exceptions, available with '--scanners misconfig'
-      --java-db-repository strings        OCI repository(ies) to retrieve trivy-java-db in order of priority (default [ghcr.io/aquasecurity/trivy-java-db:1])
+      --include-non-failures              include successes, available with '--scanners misconfig'
+      --java-db-repository strings        OCI repository(ies) to retrieve trivy-java-db in order of priority (default [mirror.gcr.io/aquasec/trivy-java-db:1,ghcr.io/aquasecurity/trivy-java-db:1])
      --license-confidence-level float    specify license classifier's confidence level (default 0.9)
      --license-full                      eagerly look for licenses in source code headers and license files
      --list-all-pkgs                     output all packages in the JSON report regardless of vulnerability
@@ -70,6 +70,7 @@ trivy rootfs [flags] ROOTDIR
      --output-plugin-arg string          [EXPERIMENTAL] output plugin arguments
      --parallel int                      number of goroutines enabled for parallel scanning, set 0 to auto-detect parallelism (default 5)
      --password strings                  password. Comma-separated passwords allowed. TRIVY_PASSWORD should be used for security reasons.
+      --password-stdin                    password from stdin. Comma-separated passwords are not supported.
      --pkg-relationships strings         list of package relationships (unknown,root,direct,indirect) (default [unknown,root,direct,indirect])
      --pkg-types strings                 list of package types (os,library) (default [os,library])
      --redis-ca string                   redis ca file location, if using redis as cache backend
--- a/docs/docs/references/configuration/cli/trivy_sbom.md
+++ b/docs/docs/references/configuration/cli/trivy_sbom.md
@@ -24,7 +24,7 @@ trivy sbom [flags] SBOM_PATH
      --cache-ttl duration           cache TTL when using redis as cache backend
      --compliance string            compliance report to generate
      --custom-headers strings       custom headers in client mode
-      --db-repository strings        OCI repository(ies) to retrieve trivy-db in order of priority (default [ghcr.io/aquasecurity/trivy-db:2])
+      --db-repository strings        OCI repository(ies) to retrieve trivy-db in order of priority (default [mirror.gcr.io/aquasec/trivy-db:2,ghcr.io/aquasecurity/trivy-db:2])
      --detection-priority string    specify the detection priority:
                                       - "precise": Prioritizes precise by minimizing false positives.
                                       - "comprehensive": Aims to detect more security findings at the cost of potential false positives.
@@ -41,18 +41,21 @@ trivy sbom [flags] SBOM_PATH
      --ignore-unfixed               display only fixed vulnerabilities
      --ignored-licenses strings     specify a list of license to ignore
      --ignorefile string            specify .trivyignore file (default ".trivyignore")
-      --java-db-repository strings   OCI repository(ies) to retrieve trivy-java-db in order of priority (default [ghcr.io/aquasecurity/trivy-java-db:1])
+      --java-db-repository strings   OCI repository(ies) to retrieve trivy-java-db in order of priority (default [mirror.gcr.io/aquasec/trivy-java-db:1,ghcr.io/aquasecurity/trivy-java-db:1])
      --list-all-pkgs                output all packages in the JSON report regardless of vulnerability
      --no-progress                  suppress progress bar
      --offline-scan                 do not issue API requests to identify dependencies
  -o, --output string                output file name
      --output-plugin-arg string     [EXPERIMENTAL] output plugin arguments
+      --password strings             password. Comma-separated passwords allowed. TRIVY_PASSWORD should be used for security reasons.
+      --password-stdin               password from stdin. Comma-separated passwords are not supported.
      --pkg-relationships strings    list of package relationships (unknown,root,direct,indirect) (default [unknown,root,direct,indirect])
      --pkg-types strings            list of package types (os,library) (default [os,library])
      --redis-ca string              redis ca file location, if using redis as cache backend
      --redis-cert string            redis certificate file location, if using redis as cache backend
      --redis-key string             redis key file location, if using redis as cache backend
      --redis-tls                    enable redis TLS with public certificates, if using redis as cache backend
+      --registry-token string        registry token
      --rekor-url string             [EXPERIMENTAL] address of rekor STL server (default "https://rekor.sigstore.dev")
      --sbom-sources strings         [EXPERIMENTAL] try to retrieve SBOM from the specified sources (oci,rekor)
      --scanners strings             comma-separated list of what security issues to detect (vuln,license) (default [vuln])
@@ -67,6 +70,7 @@ trivy sbom [flags] SBOM_PATH
  -t, --template string              output template
      --token string                 for authentication in client/server mode
      --token-header string          specify a header name for token in client/server mode (default "Trivy-Token")
+      --username strings             username. Comma-separated usernames allowed.
      --vex strings                  [EXPERIMENTAL] VEX sources ("repo", "oci" or file path)
 ```

--- a/docs/docs/references/configuration/cli/trivy_server.md
+++ b/docs/docs/references/configuration/cli/trivy_server.md
@@ -22,7 +22,7 @@ trivy server [flags]
 ```
      --cache-backend string     [EXPERIMENTAL] cache backend (e.g. redis://localhost:6379) (default "fs")
      --cache-ttl duration       cache TTL when using redis as cache backend
-      --db-repository strings    OCI repository(ies) to retrieve trivy-db in order of priority (default [ghcr.io/aquasecurity/trivy-db:2])
+      --db-repository strings    OCI repository(ies) to retrieve trivy-db in order of priority (default [mirror.gcr.io/aquasec/trivy-db:2,ghcr.io/aquasecurity/trivy-db:2])
      --download-db-only         download/update vulnerability database but don't run a scan
      --enable-modules strings   [EXPERIMENTAL] module names to enable
  -h, --help                     help for server
@@ -30,6 +30,7 @@ trivy server [flags]
      --module-dir string        specify directory to the wasm modules that will be loaded (default "$HOME/.trivy/modules")
      --no-progress              suppress progress bar
      --password strings         password. Comma-separated passwords allowed. TRIVY_PASSWORD should be used for security reasons.
+      --password-stdin           password from stdin. Comma-separated passwords are not supported.
      --redis-ca string          redis ca file location, if using redis as cache backend
      --redis-cert string        redis certificate file location, if using redis as cache backend
      --redis-key string         redis key file location, if using redis as cache backend
--- a/docs/docs/references/configuration/cli/trivy_vm.md
+++ b/docs/docs/references/configuration/cli/trivy_vm.md
@@ -27,7 +27,7 @@ trivy vm [flags] VM_IMAGE
      --compliance string                 compliance report to generate
      --config-file-schemas strings       specify paths to JSON configuration file schemas to determine that a file matches some configuration and pass the schema to Rego checks for type checking
      --custom-headers strings            custom headers in client mode
-      --db-repository strings             OCI repository(ies) to retrieve trivy-db in order of priority (default [ghcr.io/aquasecurity/trivy-db:2])
+      --db-repository strings             OCI repository(ies) to retrieve trivy-db in order of priority (default [mirror.gcr.io/aquasec/trivy-db:2,ghcr.io/aquasecurity/trivy-db:2])
      --dependency-tree                   [EXPERIMENTAL] show dependency origin tree of vulnerable packages
      --detection-priority string         specify the detection priority:
                                            - "precise": Prioritizes precise by minimizing false positives.
@@ -51,8 +51,8 @@ trivy vm [flags] VM_IMAGE
      --ignore-status strings             comma-separated list of vulnerability status to ignore (unknown,not_affected,affected,fixed,under_investigation,will_not_fix,fix_deferred,end_of_life)
      --ignore-unfixed                    display only fixed vulnerabilities
      --ignorefile string                 specify .trivyignore file (default ".trivyignore")
-      --include-non-failures              include successes and exceptions, available with '--scanners misconfig'
-      --java-db-repository strings        OCI repository(ies) to retrieve trivy-java-db in order of priority (default [ghcr.io/aquasecurity/trivy-java-db:1])
+      --include-non-failures              include successes, available with '--scanners misconfig'
+      --java-db-repository strings        OCI repository(ies) to retrieve trivy-java-db in order of priority (default [mirror.gcr.io/aquasec/trivy-java-db:1,ghcr.io/aquasecurity/trivy-java-db:1])
      --list-all-pkgs                     output all packages in the JSON report regardless of vulnerability
      --misconfig-scanners strings        comma-separated list of misconfig scanners to use for misconfiguration scanning (default [azure-arm,cloudformation,dockerfile,helm,kubernetes,terraform,terraformplan-json,terraformplan-snapshot])
      --module-dir string                 specify directory to the wasm modules that will be loaded (default "$HOME/.trivy/modules")
--- a/docs/docs/references/configuration/config-file.md
+++ b/docs/docs/references/configuration/config-file.md
@@ -105,6 +105,7 @@ db:

  # Same as '--java-db-repository'
  java-repository:
+   - mirror.gcr.io/aquasec/trivy-java-db:1
   - ghcr.io/aquasecurity/trivy-java-db:1

  # Same as '--skip-java-db-update'
@@ -115,6 +116,7 @@ db:

  # Same as '--db-repository'
  repository:
+   - mirror.gcr.io/aquasec/trivy-db:2
   - ghcr.io/aquasecurity/trivy-db:2

  # Same as '--skip-db-update'
@@ -461,6 +463,9 @@ registry:
  # Same as '--password'
  password: []

+  # Same as '--password-stdin'
+  password-stdin: false
+
  # Same as '--registry-token'
  token: ""

--- a/docs/docs/scanner/misconfiguration/check/exceptions.md
+++ b/docs/docs/scanner/misconfiguration/check/exceptions.md
@@ -1,92 +0,0 @@
-# Exceptions
-Exceptions let you specify cases where you allow policy violations.
-Trivy supports two types of exceptions.
-
-!!! info
-    Exceptions can be applied to built-in checks as well as custom checks.
-
-## Namespace-based exceptions
-There are some cases where you need to disable built-in checks partially or fully.
-Namespace-based exceptions lets you rough choose which individual packages to exempt.
-
-To use namespace-based exceptions, create a Rego rule with the name `exception` that returns the package names to exempt.
-The `exception` rule must be defined under `namespace.exceptions`.
-`data.namespaces` includes all package names.
-
-
-!!! example
-    ``` rego
-    package namespace.exceptions
-
-    import data.namespaces
-        
-    exception[ns] {
-        ns := data.namespaces[_]
-        startswith(ns, "builtin.kubernetes")
-    }
-    ```
-
-This example exempts all built-in checks for Kubernetes.
-
-## Rule-based exceptions
-There are some cases where you need more flexibility and granularity in defining which cases to exempt.
-Rule-based exceptions lets you granularly choose which individual rules to exempt, while also declaring under which conditions to exempt them.
-
-To use rule-based exceptions, create a Rego rule with the name `exception` that returns the rule name suffixes to exempt, prefixed by `deny_` (for example, returning `foo` will exempt `deny_foo`). 
-The rule can make any other assertion, for example, on the input or data documents. 
-This is useful to specify the exemption for a specific case.
-
-Note that if you specify the empty string, the exception will match all rules named `deny`.
-
-```
-exception[rules] {
-    # Logic
-
-    rules = ["foo","bar"]
-}
-```
-
-The above would provide an exception from `deny_foo` and `deny_bar`.
-
-
-!!! example
-    ```
-    package user.kubernetes.ID100
-
-    __rego_metadata := {
-        "id": "ID100",
-        "title": "Deployment not allowed",
-        "severity": "HIGH",
-        "type": "Kubernetes Custom Check",
-    }
-    
-    deny_deployment[msg] {
-        input.kind == "Deployment"
-    	msg = sprintf("Found deployment '%s' but deployments are not allowed", [name])
-    }
-    
-    exception[rules] {
-        input.kind == "Deployment"
-        input.metadata.name == "allow-deployment"
-        
-        rules := ["deployment"]
-    }
-    ```
-
-If you want to apply rule-based exceptions to built-in checks, you have to define the exception under the same package.
-
-!!! example
-    ``` rego
-    package builtin.kubernetes.KSV012
-
-    exception[rules] {
-        input.metadata.name == "can-run-as-root"
-        rules := [""]
-    }
-    ```
-
-This exception is applied to [KSV012][ksv012] in trivy-checks.
-You can get the package names in the [trivy-checks repository][trivy-checks] or the JSON output from Trivy.
-
-[ksv012]: https://github.com/aquasecurity/trivy-checks/blob/f36a5b732c4b1293a720c40baab0a7c106ea455e/checks/kubernetes/pss/restricted/3_runs_as_root.rego 
-[trivy-checks]: https://github.com/aquasecurity/trivy-checks/
--- a/docs/docs/scanner/misconfiguration/custom/debug.md
+++ b/docs/docs/scanner/misconfiguration/custom/debug.md
@@ -12,7 +12,7 @@ $ trivy config --trace configs/

 Dockerfile (dockerfile)
 =======================
-Tests: 23 (SUCCESSES: 21, FAILURES: 2, EXCEPTIONS: 0)
+Tests: 23 (SUCCESSES: 21, FAILURES: 2)
 Failures: 2 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 1, CRITICAL: 0)

 MEDIUM: Specify a tag in the 'FROM' statement for image 'alpine'
--- a/docs/docs/scanner/misconfiguration/custom/index.md
+++ b/docs/docs/scanner/misconfiguration/custom/index.md
@@ -163,7 +163,7 @@ Some fields are displayed in scan results.
 k.yaml (kubernetes)
 ───────────────────

-Tests: 32 (SUCCESSES: 31, FAILURES: 1, EXCEPTIONS: 0)
+Tests: 32 (SUCCESSES: 31, FAILURES: 1)
 Failures: 1 (UNKNOWN: 0, LOW: 1, MEDIUM: 0, HIGH: 0, CRITICAL: 0)

 LOW: Found deployment 'my-deployment' but deployments are not allowed
--- a/docs/docs/scanner/misconfiguration/index.md
+++ b/docs/docs/scanner/misconfiguration/index.md
@@ -20,7 +20,7 @@ $ trivy config [YOUR_IaC_DIRECTORY]
    
    Dockerfile (dockerfile)
    =======================
-    Tests: 23 (SUCCESSES: 22, FAILURES: 1, EXCEPTIONS: 0)
+    Tests: 23 (SUCCESSES: 22, FAILURES: 1)
    Failures: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0)
    
    MEDIUM: Specify a tag in the 'FROM' statement for image 'alpine'
@@ -75,7 +75,7 @@ You can specify `--scanners vuln,misconfig,secret` to enable vulnerability and s
    
    Dockerfile (dockerfile)
    =======================
-    Tests: 17 (SUCCESSES: 16, FAILURES: 1, EXCEPTIONS: 0)
+    Tests: 17 (SUCCESSES: 16, FAILURES: 1)
    Failures: 1 (HIGH: 1, CRITICAL: 0)
    
    HIGH: Last USER command in Dockerfile should not be 'root'
@@ -112,7 +112,7 @@ $ trivy config --severity HIGH,CRITICAL ./iac

 Dockerfile (dockerfile)

-Tests: 21 (SUCCESSES: 20, FAILURES: 1, EXCEPTIONS: 0)
+Tests: 21 (SUCCESSES: 20, FAILURES: 1)
 Failures: 1 (MEDIUM: 0, HIGH: 1, CRITICAL: 0)

 HIGH: Specify at least 1 USER command in Dockerfile with non-root user as argument
@@ -126,7 +126,7 @@ See https://avd.aquasec.com/misconfig/ds002

 deployment.yaml (kubernetes)

-Tests: 20 (SUCCESSES: 15, FAILURES: 5, EXCEPTIONS: 0)
+Tests: 20 (SUCCESSES: 15, FAILURES: 5)
 Failures: 5 (MEDIUM: 4, HIGH: 1, CRITICAL: 0)

 MEDIUM: Container 'hello-kubernetes' of Deployment 'hello-kubernetes' should set 'securityContext.allowPrivilegeEscalation' to false
@@ -225,7 +225,7 @@ See https://avd.aquasec.com/misconfig/ksv026

 mysql-8.8.26.tar:templates/primary/statefulset.yaml (helm)

-Tests: 20 (SUCCESSES: 18, FAILURES: 2, EXCEPTIONS: 0)
+Tests: 20 (SUCCESSES: 18, FAILURES: 2)
 Failures: 2 (MEDIUM: 2, HIGH: 0, CRITICAL: 0)

 MEDIUM: Container 'mysql' of StatefulSet 'mysql' should set 'securityContext.allowPrivilegeEscalation' to false
@@ -279,35 +279,35 @@ You can see the config type next to each file name.
 ``` bash
 Dockerfile (dockerfile)
 =======================
-Tests: 23 (SUCCESSES: 22, FAILURES: 1, EXCEPTIONS: 0)
+Tests: 23 (SUCCESSES: 22, FAILURES: 1)
 Failures: 1 (HIGH: 1, CRITICAL: 0)

 ...

 deployment.yaml (kubernetes)
 ============================
-Tests: 28 (SUCCESSES: 15, FAILURES: 13, EXCEPTIONS: 0)
+Tests: 28 (SUCCESSES: 15, FAILURES: 13)
 Failures: 13 (MEDIUM: 4, HIGH: 1, CRITICAL: 0)

 ...

 main.tf (terraform)
 ===================
-Tests: 23 (SUCCESSES: 14, FAILURES: 9, EXCEPTIONS: 0)
+Tests: 23 (SUCCESSES: 14, FAILURES: 9)
 Failures: 9 (HIGH: 6, CRITICAL: 1)

 ...

 bucket.yaml (cloudformation)
 ============================
-Tests: 9 (SUCCESSES: 3, FAILURES: 6, EXCEPTIONS: 0)
+Tests: 9 (SUCCESSES: 3, FAILURES: 6)
 Failures: 6 (UNKNOWN: 0, LOW: 0, MEDIUM: 2, HIGH: 4, CRITICAL: 0)

 ...

 mysql-8.8.26.tar:templates/primary/statefulset.yaml (helm)
 ==========================================================
-Tests: 20 (SUCCESSES: 18, FAILURES: 2, EXCEPTIONS: 0)
+Tests: 20 (SUCCESSES: 18, FAILURES: 2)
 Failures: 2 (MEDIUM: 2, HIGH: 0, CRITICAL: 0)
 ```

@@ -381,7 +381,7 @@ deny[res] {
 $ trivy config --misconfig-scanners=json,yaml --config-check ./serverless.rego --check-namespaces user ./iac
 serverless.yaml (yaml)

-Tests: 4 (SUCCESSES: 3, FAILURES: 1, EXCEPTIONS: 0)
+Tests: 4 (SUCCESSES: 3, FAILURES: 1)
 Failures: 1 (UNKNOWN: 0, LOW: 1, MEDIUM: 0, HIGH: 0, CRITICAL: 0)

 LOW: Service name "serverless-rest-api-with-pynamodb" is not allowed
--- a/docs/docs/supply-chain/vex/file.md
+++ b/docs/docs/supply-chain/vex/file.md
@@ -64,7 +64,7 @@ $ cat <<EOF > trivy.vex.cdx
      },
      "affects": [
        {
-          "ref": "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#pkg:golang/github.com/aws/aws-sdk-go@1.44.234"
+          "ref": "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#pkg:golang/github.com/aws/aws-sdk-go@v1.44.234"
        }
      ]
    }
@@ -115,7 +115,7 @@ Total: 1 (UNKNOWN: 0, LOW: 1, MEDIUM: 0, HIGH: 0, CRITICAL: 0)
 ┌───────────────────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐
 │          Library          │ Vulnerability │ Severity │ Installed Version │ Fixed Version │                           Title                            │
 ├───────────────────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤
-│ github.com/aws/aws-sdk-go │ CVE-2020-8912 │ LOW      │ 1.44.234          │               │ aws-sdk-go: In-band key negotiation issue in AWS S3 Crypto │
+│ github.com/aws/aws-sdk-go │ CVE-2020-8912 │ LOW      │ v1.44.234         │               │ aws-sdk-go: In-band key negotiation issue in AWS S3 Crypto │
 │                           │               │          │                   │               │ SDK for golang...                                          │
 │                           │               │          │                   │               │ https://avd.aquasec.com/nvd/cve-2020-8912                  │
 └───────────────────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘
@@ -497,9 +497,9 @@ Now, suppose a VEX statement is issued for `Module B` as follows:
    "vulnerability": {"name": "CVE-XXXX-YYYY"},
    "products": [
      {
-        "@id": "pkg:golang/module-b@1.0.0",
+        "@id": "pkg:golang/module-b@v1.0.0",
        "subcomponents": [
-          { "@id": "pkg:golang/module-c@2.0.0" }
+          { "@id": "pkg:golang/module-c@v2.0.0" }
        ]
      }
    ],
--- a/docs/docs/target/container_image.md
+++ b/docs/docs/target/container_image.md
@@ -119,7 +119,7 @@ $ trivy image --image-config-scanners misconfig [YOUR_IMAGE_NAME]
 ```
 alpine:3.17 (dockerfile)
 ========================
-Tests: 24 (SUCCESSES: 21, FAILURES: 3, EXCEPTIONS: 0)
+Tests: 24 (SUCCESSES: 21, FAILURES: 3)
 Failures: 3 (UNKNOWN: 0, LOW: 2, MEDIUM: 0, HIGH: 1, CRITICAL: 0)

 HIGH: Specify at least 1 USER command in Dockerfile with non-root user as argument
@@ -154,6 +154,8 @@ See https://avd.aquasec.com/misconfig/ds026
 !!! tip
    You can see how each layer is created with `docker history`.

+The [AVD-DS-0016](https://avd.aquasec.com/misconfig/dockerfile/general/avd-ds-0016/) check is disabled for this scan type, see [issue](https://github.com/aquasecurity/trivy/issues/7368) for details.
+
 ### Secrets
 Trivy detects secrets on the configuration of container images.
 The image config is converted into JSON and Trivy scans the file for secrets.
@@ -297,7 +299,7 @@ Trivy supports registries that comply with the following specifications.
 - [Docker Registry HTTP API V2](https://docs.docker.com/registry/spec/api/)
 - [OCI Distribution Specification](https://github.com/opencontainers/distribution-spec)

-You can configure credentials with `docker login`.
+You can configure credentials with `trivy registry login`.
 See [here](../advanced/private-registries/index.md) for the detail.

 ### Tar Files
--- a/docs/docs/target/kubernetes.md
+++ b/docs/docs/target/kubernetes.md
@@ -280,8 +280,7 @@ trivy k8s --format json -o results.json cluster
          "Type": "kubernetes",
          "MisconfSummary": {
            "Successes": 20,
-            "Failures": 19,
-            "Exceptions": 0
+            "Failures": 19
          },
          "Misconfigurations": [
            {
--- a/docs/getting-started/installation.md
+++ b/docs/getting-started/installation.md
@@ -34,7 +34,7 @@ In this section you will find an aggregation of the different ways to install Tr
    Add repository setting to `/etc/apt/sources.list.d`.

    ``` bash
-    sudo apt-get install wget apt-transport-https gnupg
+    sudo apt-get install wget gnupg
    wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | gpg --dearmor | sudo tee /usr/share/keyrings/trivy.gpg > /dev/null
    echo "deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb generic main" | sudo tee -a /etc/apt/sources.list.d/trivy.list
    sudo apt-get update
@@ -56,6 +56,13 @@ Homebrew for MacOS and Linux.
 brew install trivy
 ```

+### Windows (Official)
+
+1. Download trivy_x.xx.x_windows-64bit.zip file from [releases page](https://github.com/aquasecurity/trivy/releases/).
+2. Unzip file and copy to any folder.
+3. Ensure PATH environment variable is configured to folder trivy installed.
+
+
 ### Arch Linux (Community)

 Arch Linux Package Repository.
--- a/examples/ignore-policies/advanced.rego
+++ b/examples/ignore-policies/advanced.rego
--- a/examples/ignore-policies/basic.rego
+++ b/examples/ignore-policies/basic.rego
--- a/examples/ignore-policies/whitelist.rego
+++ b/examples/ignore-policies/whitelist.rego
@@ -0,0 +1,13 @@
+package trivy
+
+import rego.v1
+
+allowed_checks := {
+    "AVD-AWS-0089"
+}
+
+default ignore := false
+
+ignore if not is_check_allowed
+
+is_check_allowed if input.AVDID in allowed_checks
--- a/go.mod
+++ b/go.mod
@@ -25,10 +25,10 @@ require (
 	github.com/aquasecurity/table v1.8.0
 	github.com/aquasecurity/testdocker v0.0.0-20240730042311-4642e94c7fc8
 	github.com/aquasecurity/tml v0.6.1
-	github.com/aquasecurity/trivy-checks v1.1.0
+	github.com/aquasecurity/trivy-checks v1.2.2
 	github.com/aquasecurity/trivy-db v0.0.0-20240910133327-7e0f4d2ed4c1
 	github.com/aquasecurity/trivy-java-db v0.0.0-20240109071736-184bd7481d48
-	github.com/aquasecurity/trivy-kubernetes v0.6.7-0.20240707095038-0300bc49b68b
+	github.com/aquasecurity/trivy-kubernetes v0.6.7-0.20241029051843-2606b7e0f0b4
 	github.com/aws/aws-sdk-go-v2 v1.31.0
 	github.com/aws/aws-sdk-go-v2/config v1.27.38
 	github.com/aws/aws-sdk-go-v2/credentials v1.17.36
@@ -43,6 +43,7 @@ require (
 	github.com/cheggaaa/pb/v3 v3.1.5
 	github.com/containerd/containerd v1.7.22
 	github.com/csaf-poc/csaf_distribution/v3 v3.0.0
+	github.com/docker/cli v27.2.1+incompatible
 	github.com/docker/docker v27.3.1+incompatible
 	github.com/docker/go-connections v0.5.0
 	github.com/fatih/color v1.17.0
@@ -123,14 +124,14 @@ require (
 	golang.org/x/mod v0.21.0
 	golang.org/x/net v0.29.0
 	golang.org/x/sync v0.8.0
-	golang.org/x/term v0.24.0
+	golang.org/x/term v0.25.0
 	golang.org/x/text v0.18.0
 	golang.org/x/vuln v1.1.3
 	golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028
 	google.golang.org/protobuf v1.34.2
 	gopkg.in/yaml.v3 v3.0.1
 	helm.sh/helm/v3 v3.16.1
-	k8s.io/api v0.31.0
+	k8s.io/api v0.31.2
 	k8s.io/utils v0.0.0-20240711033017-18e509b52bc8
 	modernc.org/sqlite v1.33.1
 	sigs.k8s.io/yaml v1.4.0
@@ -172,7 +173,7 @@ require (
 	github.com/antchfx/xpath v1.3.1 // indirect
 	github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
-	github.com/aws/aws-sdk-go v1.54.6 // indirect
+	github.com/aws/aws-sdk-go v1.55.5 // indirect
 	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.14 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.18 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.18 // indirect
@@ -210,7 +211,6 @@ require (
 	github.com/digitorus/timestamp v0.0.0-20231217203849-220c5c2851b7 // indirect
 	github.com/distribution/reference v0.6.0 // indirect
 	github.com/dlclark/regexp2 v1.4.0 // indirect
-	github.com/docker/cli v27.2.1+incompatible // indirect
 	github.com/docker/distribution v2.8.3+incompatible // indirect
 	github.com/docker/docker-credential-helpers v0.8.2 // indirect
 	github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect
@@ -385,7 +385,7 @@ require (
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.27.0 // indirect
 	golang.org/x/oauth2 v0.21.0 // indirect
-	golang.org/x/sys v0.25.0 // indirect
+	golang.org/x/sys v0.26.0 // indirect
 	golang.org/x/telemetry v0.0.0-20240522233618-39ace7a40ae7 // indirect
 	golang.org/x/time v0.6.0 // indirect
 	golang.org/x/tools v0.24.0 // indirect
@@ -402,21 +402,21 @@ require (
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	k8s.io/apiextensions-apiserver v0.31.0 // indirect
-	k8s.io/apimachinery v0.31.0 // indirect
+	k8s.io/apimachinery v0.31.2 // indirect
 	k8s.io/apiserver v0.31.0 // indirect
-	k8s.io/cli-runtime v0.31.0 // indirect
-	k8s.io/client-go v0.31.0 // indirect
-	k8s.io/component-base v0.31.0 // indirect
+	k8s.io/cli-runtime v0.31.2 // indirect
+	k8s.io/client-go v0.31.2 // indirect
+	k8s.io/component-base v0.31.2 // indirect
 	k8s.io/klog/v2 v2.130.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect
-	k8s.io/kubectl v0.31.0 // indirect
+	k8s.io/kubectl v0.31.2 // indirect
 	modernc.org/gc/v3 v3.0.0-20240107210532-573471604cb6 // indirect
 	modernc.org/libc v1.55.3 // indirect
 	modernc.org/mathutil v1.6.0 // indirect
 	modernc.org/memory v1.8.0 // indirect
 	modernc.org/strutil v1.2.0 // indirect
 	modernc.org/token v1.1.0 // indirect
-	mvdan.cc/sh/v3 v3.8.0 // indirect
+	mvdan.cc/sh/v3 v3.10.0 // indirect
 	oras.land/oras-go v1.2.5 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 	sigs.k8s.io/kustomize/api v0.17.2 // indirect
--- a/go.sum
+++ b/go.sum
@@ -349,14 +349,14 @@ github.com/aquasecurity/testdocker v0.0.0-20240730042311-4642e94c7fc8 h1:b43UVqY
 github.com/aquasecurity/testdocker v0.0.0-20240730042311-4642e94c7fc8/go.mod h1:wXA9k3uuaxY3yu7gxrxZDPo/04FEMJtwyecdAlYrEIo=
 github.com/aquasecurity/tml v0.6.1 h1:y2ZlGSfrhnn7t4ZJ/0rotuH+v5Jgv6BDDO5jB6A9gwo=
 github.com/aquasecurity/tml v0.6.1/go.mod h1:OnYMWY5lvI9ejU7yH9LCberWaaTBW7hBFsITiIMY2yY=
-github.com/aquasecurity/trivy-checks v1.1.0 h1:I0tVOK8dG/KHrWsqfGNYp2uD/i0f+yS7Je31F+LIUqQ=
-github.com/aquasecurity/trivy-checks v1.1.0/go.mod h1:tVzhU0gajD3GmxKPLn/BHR8ZeUquc5ajQTmAsi0kCCU=
+github.com/aquasecurity/trivy-checks v1.2.2 h1:EVHi0gthYzDLfqdAqBBwVGfg2l/gdZ622pIlC9rP+lU=
+github.com/aquasecurity/trivy-checks v1.2.2/go.mod h1:TNV0QNVFyBIkt865eO2PtfpubmHt3Ve19Klny//SWIU=
 github.com/aquasecurity/trivy-db v0.0.0-20240910133327-7e0f4d2ed4c1 h1:G0gnacAORRUqz2Tm5MqivSpldY2GZ74ijhJcMsae+sA=
 github.com/aquasecurity/trivy-db v0.0.0-20240910133327-7e0f4d2ed4c1/go.mod h1:PYkSRx4dlgFATEt+okGwibvbxVEtqsOdH+vX/saACYE=
 github.com/aquasecurity/trivy-java-db v0.0.0-20240109071736-184bd7481d48 h1:JVgBIuIYbwG+ekC5lUHUpGJboPYiCcxiz06RCtz8neI=
 github.com/aquasecurity/trivy-java-db v0.0.0-20240109071736-184bd7481d48/go.mod h1:Ldya37FLi0e/5Cjq2T5Bty7cFkzUDwTcPeQua+2M8i8=
-github.com/aquasecurity/trivy-kubernetes v0.6.7-0.20240707095038-0300bc49b68b h1:h7gsIzHyrxpQnayOuQI0kX7+8rVcqhV6G5bM3KVFyJU=
-github.com/aquasecurity/trivy-kubernetes v0.6.7-0.20240707095038-0300bc49b68b/go.mod h1:HOhrqoyIeTxpwnKr1EyWtQ+rt2XahV8b0UDBrRpSfEQ=
+github.com/aquasecurity/trivy-kubernetes v0.6.7-0.20241029051843-2606b7e0f0b4 h1:i0Z0JS4xtMAcBVOpYSciS7slmIBi1SmjT6garbrJtcA=
+github.com/aquasecurity/trivy-kubernetes v0.6.7-0.20241029051843-2606b7e0f0b4/go.mod h1:ctlibFXOQyjWybeVVQI6NLG6GJoPWZJ4cIirQ/wPCQs=
 github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0 h1:jfIu9sQUG6Ig+0+Ap1h4unLjW6YQJpKZVmUzxsD4E/Q=
 github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0/go.mod h1:t2tdKJDJF9BV14lnkjHmOQgcvEKgtqs5a1N3LNdJhGE=
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
@@ -364,8 +364,8 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkY
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so=
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/aws/aws-sdk-go v1.44.122/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
-github.com/aws/aws-sdk-go v1.54.6 h1:HEYUib3yTt8E6vxjMWM3yAq5b+qjj/6aKA62mkgux9g=
-github.com/aws/aws-sdk-go v1.54.6/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU=
+github.com/aws/aws-sdk-go v1.55.5 h1:KKUZBfBoyqy5d3swXyiC7Q76ic40rYcbqH7qjh59kzU=
+github.com/aws/aws-sdk-go v1.55.5/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU=
 github.com/aws/aws-sdk-go-v2 v1.31.0 h1:3V05LbxTSItI5kUqNwhJrrrY1BAXxXt0sN0l72QmG5U=
 github.com/aws/aws-sdk-go-v2 v1.31.0/go.mod h1:ztolYtaEUtdpf9Wftr31CJfLVjOnD/CVRkKOOYgF8hA=
 github.com/aws/aws-sdk-go-v2/config v1.27.38 h1:mMVyJJuSUdbD4zKXoxDgWrgM60QwlFEg+JhihCq6wCw=
@@ -510,8 +510,8 @@ github.com/cpuguy83/dockercfg v0.3.1/go.mod h1:sugsbF4//dDlL/i+S+rtpIWp+5h0BHJHf
 github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/cpuguy83/go-md2man/v2 v2.0.4 h1:wfIWP927BUkWJb2NmU/kNDYIBTh/ziUX91+lVfRxZq4=
 github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
-github.com/creack/pty v1.1.21 h1:1/QdRyBaHHJP61QkWMXlOIBfsgdDeeKfK8SYVUWJKf0=
-github.com/creack/pty v1.1.21/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4=
+github.com/creack/pty v1.1.23 h1:4M6+isWdcStXEf15G/RbrMPOQj1dZ7HPZCGwE4kOeP0=
+github.com/creack/pty v1.1.23/go.mod h1:08sCNb52WyoAwi2QDyzUCTgcvVFhUzewun7wtTfvcwE=
 github.com/csaf-poc/csaf_distribution/v3 v3.0.0 h1:ob9+Fmpff0YWgTP3dYaw7G2hKQ9cegh9l3zksc+q3sM=
 github.com/csaf-poc/csaf_distribution/v3 v3.0.0/go.mod h1:uilCTiNKivq+6zrDvjtZaUeLk70oe21iwKivo6ILwlQ=
 github.com/cyberphone/json-canonicalization v0.0.0-20231011164504-785e29786b46 h1:2Dx4IHfC1yHWI12AxQDJM1QbRCDfk6M+blLzlZCXdrc=
@@ -683,6 +683,8 @@ github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91
 github.com/go-playground/validator/v10 v10.4.1/go.mod h1:nlOn6nFhuKACm19sB/8EGNn9GlaMV7XkbRSipzJ0Ii4=
 github.com/go-playground/validator/v10 v10.18.0 h1:BvolUXjp4zuvkZ5YN5t7ebzbhlUtPsPm2S9NAZ5nl9U=
 github.com/go-playground/validator/v10 v10.18.0/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM=
+github.com/go-quicktest/qt v1.101.0 h1:O1K29Txy5P2OK0dGo59b7b0LR6wKfIhttaAhHUyn7eI=
+github.com/go-quicktest/qt v1.101.0/go.mod h1:14Bz/f7NwaXPtdYEgzsx46kqSxVwTbzVZsDC26tQJow=
 github.com/go-redis/redis/v8 v8.11.5 h1:AcZZR7igkdvfVmQTPnu9WE37LRrO/YrBH5zWyjDC0oI=
 github.com/go-redis/redis/v8 v8.11.5/go.mod h1:gREzHqY1hg6oD9ngVRbLStwAWKhA0FEgq8Jd4h5lpwo=
 github.com/go-sql-driver/mysql v1.8.1 h1:LedoTUt/eveggdHS9qUFC1EFSa8bU2+1pZjSRpvNJ1Y=
@@ -1204,8 +1206,8 @@ github.com/rivo/uniseg v0.4.4 h1:8TfxU8dW6PdqD27gjM8MVNuicgxIjxpm4K7x4jp8sis=
 github.com/rivo/uniseg v0.4.4/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
 github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
-github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
-github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
+github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII=
+github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o=
 github.com/rubenv/sql-migrate v1.7.0 h1:HtQq1xyTN2ISmQDggnh0c9U3JlP8apWh8YO2jzlXpTI=
 github.com/rubenv/sql-migrate v1.7.0/go.mod h1:S4wtDEG1CKn+0ShpTtzWhFpHHI5PvCUtiGI+C+Z2THE=
 github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
@@ -1703,8 +1705,8 @@ golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34=
-golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo=
+golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/telemetry v0.0.0-20240522233618-39ace7a40ae7 h1:FemxDzfMUcK2f3YY4H+05K9CDzbSVr2+q/JKN45pey0=
 golang.org/x/telemetry v0.0.0-20240522233618-39ace7a40ae7/go.mod h1:pRgIJT+bRLFKnoM1ldnzKoxTIn14Yxz928LQRYYgIN0=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
@@ -1715,8 +1717,8 @@ golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
 golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU=
 golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY=
-golang.org/x/term v0.24.0 h1:Mh5cbb+Zk2hqqXNO7S1iTjEphVL+jb8ZWaqh/g+JWkM=
-golang.org/x/term v0.24.0/go.mod h1:lOBK/LVxemqiMij05LGJ0tzNr8xlmwBRJ81PX6wVLH8=
+golang.org/x/term v0.25.0 h1:WtHI/ltw4NvSUig5KARz9h521QvRC8RmF/cuYqifU24=
+golang.org/x/term v0.25.0/go.mod h1:RPyXicDX+6vLxogjjRxjgD2TKtmAO6NZBsBRfrOLu7M=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -2076,26 +2078,26 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh
 honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
 honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-k8s.io/api v0.31.0 h1:b9LiSjR2ym/SzTOlfMHm1tr7/21aD7fSkqgD/CVJBCo=
-k8s.io/api v0.31.0/go.mod h1:0YiFF+JfFxMM6+1hQei8FY8M7s1Mth+z/q7eF1aJkTE=
+k8s.io/api v0.31.2 h1:3wLBbL5Uom/8Zy98GRPXpJ254nEFpl+hwndmk9RwmL0=
+k8s.io/api v0.31.2/go.mod h1:bWmGvrGPssSK1ljmLzd3pwCQ9MgoTsRCuK35u6SygUk=
 k8s.io/apiextensions-apiserver v0.31.0 h1:fZgCVhGwsclj3qCw1buVXCV6khjRzKC5eCFt24kyLSk=
 k8s.io/apiextensions-apiserver v0.31.0/go.mod h1:b9aMDEYaEe5sdK+1T0KU78ApR/5ZVp4i56VacZYEHxk=
-k8s.io/apimachinery v0.31.0 h1:m9jOiSr3FoSSL5WO9bjm1n6B9KROYYgNZOb4tyZ1lBc=
-k8s.io/apimachinery v0.31.0/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo=
+k8s.io/apimachinery v0.31.2 h1:i4vUt2hPK56W6mlT7Ry+AO8eEsyxMD1U44NR22CLTYw=
+k8s.io/apimachinery v0.31.2/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo=
 k8s.io/apiserver v0.31.0 h1:p+2dgJjy+bk+B1Csz+mc2wl5gHwvNkC9QJV+w55LVrY=
 k8s.io/apiserver v0.31.0/go.mod h1:KI9ox5Yu902iBnnyMmy7ajonhKnkeZYJhTZ/YI+WEMk=
-k8s.io/cli-runtime v0.31.0 h1:V2Q1gj1u3/WfhD475HBQrIYsoryg/LrhhK4RwpN+DhA=
-k8s.io/cli-runtime v0.31.0/go.mod h1:vg3H94wsubuvWfSmStDbekvbla5vFGC+zLWqcf+bGDw=
-k8s.io/client-go v0.31.0 h1:QqEJzNjbN2Yv1H79SsS+SWnXkBgVu4Pj3CJQgbx0gI8=
-k8s.io/client-go v0.31.0/go.mod h1:Y9wvC76g4fLjmU0BA+rV+h2cncoadjvjjkkIGoTLcGU=
-k8s.io/component-base v0.31.0 h1:/KIzGM5EvPNQcYgwq5NwoQBaOlVFrghoVGr8lG6vNRs=
-k8s.io/component-base v0.31.0/go.mod h1:TYVuzI1QmN4L5ItVdMSXKvH7/DtvIuas5/mm8YT3rTo=
+k8s.io/cli-runtime v0.31.2 h1:7FQt4C4Xnqx8V1GJqymInK0FFsoC+fAZtbLqgXYVOLQ=
+k8s.io/cli-runtime v0.31.2/go.mod h1:XROyicf+G7rQ6FQJMbeDV9jqxzkWXTYD6Uxd15noe0Q=
+k8s.io/client-go v0.31.2 h1:Y2F4dxU5d3AQj+ybwSMqQnpZH9F30//1ObxOKlTI9yc=
+k8s.io/client-go v0.31.2/go.mod h1:NPa74jSVR/+eez2dFsEIHNa+3o09vtNaWwWwb1qSxSs=
+k8s.io/component-base v0.31.2 h1:Z1J1LIaC0AV+nzcPRFqfK09af6bZ4D1nAOpWsy9owlA=
+k8s.io/component-base v0.31.2/go.mod h1:9PeyyFN/drHjtJZMCTkSpQJS3U9OXORnHQqMLDz0sUQ=
 k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
 k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
 k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag=
 k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98=
-k8s.io/kubectl v0.31.0 h1:kANwAAPVY02r4U4jARP/C+Q1sssCcN/1p9Nk+7BQKVg=
-k8s.io/kubectl v0.31.0/go.mod h1:pB47hhFypGsaHAPjlwrNbvhXgmuAr01ZBvAIIUaI8d4=
+k8s.io/kubectl v0.31.2 h1:gTxbvRkMBwvTSAlobiTVqsH6S8Aa1aGyBcu5xYLsn8M=
+k8s.io/kubectl v0.31.2/go.mod h1:EyASYVU6PY+032RrTh5ahtSOMgoDRIux9V1JLKtG5xM=
 k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1J8+AsQnQCKsi8A=
 k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 modernc.org/cc/v4 v4.21.4 h1:3Be/Rdo1fpr8GrQ7IVw9OHtplU4gWbb+wNgeoBMmGLQ=
@@ -2124,8 +2126,8 @@ modernc.org/strutil v1.2.0 h1:agBi9dp1I+eOnxXeiZawM8F4LawKv4NzGWSaLfyeNZA=
 modernc.org/strutil v1.2.0/go.mod h1:/mdcBmfOibveCTBxUl5B5l6W+TTH1FXPLHZE6bTosX0=
 modernc.org/token v1.1.0 h1:Xl7Ap9dKaEs5kLoOQeQmPWevfnk/DM5qcLcYlA8ys6Y=
 modernc.org/token v1.1.0/go.mod h1:UGzOrNV1mAFSEB63lOFHIpNRUVMvYTc6yu1SMY/XTDM=
-mvdan.cc/sh/v3 v3.8.0 h1:ZxuJipLZwr/HLbASonmXtcvvC9HXY9d2lXZHnKGjFc8=
-mvdan.cc/sh/v3 v3.8.0/go.mod h1:w04623xkgBVo7/IUK89E0g8hBykgEpN0vgOj3RJr6MY=
+mvdan.cc/sh/v3 v3.10.0 h1:v9z7N1DLZ7owyLM/SXZQkBSXcwr2IGMm2LY2pmhVXj4=
+mvdan.cc/sh/v3 v3.10.0/go.mod h1:z/mSSVyLFGZzqb3ZIKojjyqIx/xbmz/UHdCSv9HmqXY=
 oras.land/oras-go v1.2.5 h1:XpYuAwAb0DfQsunIyMfeET92emK8km3W4yEzZvUbsTo=
 oras.land/oras-go v1.2.5/go.mod h1:PuAwRShRZCsZb7g8Ar3jKKQR/2A/qN+pkYxIOd/FAoo=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
--- a/integration/client_server_test.go
+++ b/integration/client_server_test.go
@@ -323,6 +323,17 @@ func TestClientServerWithFormat(t *testing.T) {
 			},
 			golden: "testdata/alpine-310.gitlab.golden",
 		},
+		{
+			name: "scan package-lock.json with gitlab template (Unknown os and image)",
+			args: csArgs{
+				Command:         "fs",
+				Format:          "template",
+				TemplatePath:    "@../contrib/gitlab.tpl",
+				Target:          "testdata/fixtures/repo/npm/",
+				ListAllPackages: true,
+			},
+			golden: "testdata/npm.gitlab.golden",
+		},
 		{
 			name: "alpine 3.10 with gitlab-codequality template",
 			args: csArgs{
--- a/integration/integration_test.go
+++ b/integration/integration_test.go
@@ -41,7 +41,7 @@ import (

 var update = flag.Bool("update", false, "update golden files")

-const SPDXSchema = "https://raw.githubusercontent.com/spdx/spdx-spec/development/v%s/schemas/spdx-schema.json"
+const SPDXSchema = "https://raw.githubusercontent.com/spdx/spdx-spec/support/v%s/schemas/spdx-schema.json"

 func initDB(t *testing.T) string {
 	fixtureDir := filepath.Join("testdata", "fixtures", "db")
--- a/integration/registry_test.go
+++ b/integration/registry_test.go
@@ -117,6 +117,7 @@ type registryOption struct {
 	Username      string
 	Password      string
 	RegistryToken bool
+	AuthLogin     bool
 }

 func TestRegistry(t *testing.T) {
@@ -164,7 +165,6 @@ func TestRegistry(t *testing.T) {
 			imageFile: "testdata/fixtures/images/alpine-310.tar.gz",
 			os:        "alpine 3.10.2",
 			option: registryOption{
-				AuthURL:  authURL,
 				Username: authUsername,
 				Password: authPassword,
 			},
@@ -183,13 +183,24 @@ func TestRegistry(t *testing.T) {
 			},
 			golden: "testdata/alpine-310.json.golden",
 		},
+		{
+			name:      "authenticate with 'trivy registry login'",
+			imageName: "alpine:3.10",
+			imageFile: "testdata/fixtures/images/alpine-310.tar.gz",
+			os:        "alpine 3.10.2",
+			option: registryOption{
+				Username:  authUsername,
+				Password:  authPassword,
+				AuthLogin: true,
+			},
+			golden: "testdata/alpine-310.json.golden",
+		},
 		{
 			name:      "amazonlinux 2",
 			imageName: "amazonlinux:2",
 			imageFile: "testdata/fixtures/images/amazon-2.tar.gz",
 			os:        "amazon 2 (Karoo)",
 			option: registryOption{
-				AuthURL:  authURL,
 				Username: authUsername,
 				Password: authPassword,
 			},
@@ -201,7 +212,6 @@ func TestRegistry(t *testing.T) {
 			imageFile: "testdata/fixtures/images/debian-buster.tar.gz",
 			os:        "debian 10.1",
 			option: registryOption{
-				AuthURL:  authURL,
 				Username: authUsername,
 				Password: authPassword,
 			},
@@ -226,6 +236,7 @@ func TestRegistry(t *testing.T) {
 			require.NoError(t, err)

 			osArgs, err := scan(t, imageRef, baseDir, tt.option)
+			require.NoError(t, err)

 			// Run Trivy
 			runTest(t, osArgs, tt.golden, "", types.FormatJSON, runOptions{
@@ -262,7 +273,7 @@ func scan(t *testing.T, imageRef name.Reference, baseDir string, opt registryOpt
 		"json",
 		"--image-src",
 		"remote",
-		"--skip-update",
+		"--skip-db-update",
 		imageRef.Name(),
 	}

@@ -273,14 +284,30 @@ func setupEnv(t *testing.T, imageRef name.Reference, baseDir string, opt registr
 	t.Setenv("TRIVY_INSECURE", "true")

 	if opt.Username != "" && opt.Password != "" {
-		if opt.RegistryToken {
+		switch {
+		case opt.RegistryToken:
 			// Get a registry token in advance
 			token, err := requestRegistryToken(imageRef, baseDir, opt)
 			if err != nil {
 				return err
 			}
 			t.Setenv("TRIVY_REGISTRY_TOKEN", token)
-		} else {
+		case opt.AuthLogin:
+			t.Setenv("DOCKER_CONFIG", t.TempDir())
+			err := execute([]string{
+				"registry",
+				"login",
+				"--username",
+				opt.Username,
+				"--password",
+				opt.Password,
+				"--insecure",
+				imageRef.Context().RegistryStr(),
+			})
+			if err != nil {
+				return err
+			}
+		default:
 			t.Setenv("TRIVY_USERNAME", opt.Username)
 			t.Setenv("TRIVY_PASSWORD", opt.Password)
 		}
@@ -307,7 +334,7 @@ func requestRegistryToken(imageRef name.Reference, baseDir string, opt registryO
 	}

 	// Get a registry token
-	req, err := http.NewRequest("GET", fmt.Sprintf("%s/auth", opt.AuthURL), nil)
+	req, err := http.NewRequest(http.MethodGet, fmt.Sprintf("%s/auth", opt.AuthURL), nil)
 	if err != nil {
 		return "", err
 	}
--- a/integration/repo_test.go
+++ b/integration/repo_test.go
@@ -300,24 +300,6 @@ func TestRepository(t *testing.T) {
 			},
 			golden: "testdata/dockerfile_file_pattern.json.golden",
 		},
-		{
-			name: "dockerfile with rule exception",
-			args: args{
-				scanner:     types.MisconfigScanner,
-				policyPaths: []string{"testdata/fixtures/repo/rule-exception/policy"},
-				input:       "testdata/fixtures/repo/rule-exception",
-			},
-			golden: "testdata/dockerfile-rule-exception.json.golden",
-		},
-		{
-			name: "dockerfile with namespace exception",
-			args: args{
-				scanner:     types.MisconfigScanner,
-				policyPaths: []string{"testdata/fixtures/repo/namespace-exception/policy"},
-				input:       "testdata/fixtures/repo/namespace-exception",
-			},
-			golden: "testdata/dockerfile-namespace-exception.json.golden",
-		},
 		{
 			name: "dockerfile with custom policies",
 			args: args{
--- a/integration/testdata/alpine-310.gitlab.golden
+++ b/integration/testdata/alpine-310.gitlab.golden
@@ -37,7 +37,7 @@
          },
          "version": "1.1.1c-r0"
        },
-        "operating_system": "Unknown",
+        "operating_system": "alpine 3.10.2",
        "image": "testdata/fixtures/images/alpine-310.tar.gz"
      },
      "identifiers": [
@@ -104,7 +104,7 @@
          },
          "version": "1.1.1c-r0"
        },
-        "operating_system": "Unknown",
+        "operating_system": "alpine 3.10.2",
        "image": "testdata/fixtures/images/alpine-310.tar.gz"
      },
      "identifiers": [
@@ -191,7 +191,7 @@
          },
          "version": "1.1.1c-r0"
        },
-        "operating_system": "Unknown",
+        "operating_system": "alpine 3.10.2",
        "image": "testdata/fixtures/images/alpine-310.tar.gz"
      },
      "identifiers": [
@@ -258,7 +258,7 @@
          },
          "version": "1.1.1c-r0"
        },
-        "operating_system": "Unknown",
+        "operating_system": "alpine 3.10.2",
        "image": "testdata/fixtures/images/alpine-310.tar.gz"
      },
      "identifiers": [
--- a/integration/testdata/conda-cyclonedx.json.golden
+++ b/integration/testdata/conda-cyclonedx.json.golden
@@ -34,6 +34,12 @@
      "type": "library",
      "name": "openssl",
      "version": "1.1.1q",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "237db0da53131e4548cb1181337fa0f420299e1f"
+        }
+      ],
      "licenses": [
        {
          "license": {
@@ -58,6 +64,12 @@
      "type": "library",
      "name": "pip",
      "version": "22.2.2",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "a6a2db7668f1ad541d704369fc66c96a4415aa24"
+        }
+      ],
      "licenses": [
        {
          "license": {
--- a/integration/testdata/conda-spdx.json.golden
+++ b/integration/testdata/conda-spdx.json.golden
@@ -31,10 +31,15 @@
          "referenceLocator": "pkg:conda/openssl@1.1.1q"
        }
      ],
-      "attributionTexts": [
-        "PkgType: conda-pkg"
-      ],
-      "primaryPackagePurpose": "LIBRARY"
+      "primaryPackagePurpose": "LIBRARY",
+      "annotations": [
+        {
+          "annotator": "Tool: trivy-dev",
+          "annotationDate": "2021-08-25T12:20:30Z",
+          "annotationType": "OTHER",
+          "comment": "PkgType: conda-pkg"
+        }
+      ]
    },
    {
      "name": "pip",
@@ -55,20 +60,30 @@
          "referenceLocator": "pkg:conda/pip@22.2.2"
        }
      ],
-      "attributionTexts": [
-        "PkgType: conda-pkg"
-      ],
-      "primaryPackagePurpose": "LIBRARY"
+      "primaryPackagePurpose": "LIBRARY",
+      "annotations": [
+        {
+          "annotator": "Tool: trivy-dev",
+          "annotationDate": "2021-08-25T12:20:30Z",
+          "annotationType": "OTHER",
+          "comment": "PkgType: conda-pkg"
+        }
+      ]
    },
    {
      "name": "testdata/fixtures/repo/conda",
      "SPDXID": "SPDXRef-Filesystem-2e2426fd0f2580ef",
      "downloadLocation": "NONE",
      "filesAnalyzed": false,
-      "attributionTexts": [
-        "SchemaVersion: 2"
-      ],
-      "primaryPackagePurpose": "SOURCE"
+      "primaryPackagePurpose": "SOURCE",
+      "annotations": [
+        {
+          "annotator": "Tool: trivy-dev",
+          "annotationDate": "2021-08-25T12:20:30Z",
+          "annotationType": "OTHER",
+          "comment": "SchemaVersion: 2"
+        }
+      ]
    }
  ],
  "files": [
--- a/integration/testdata/dockerfile-custom-policies.json.golden
+++ b/integration/testdata/dockerfile-custom-policies.json.golden
@@ -21,9 +21,8 @@
      "Class": "config",
      "Type": "dockerfile",
      "MisconfSummary": {
-        "Successes": 27,
-        "Failures": 2,
-        "Exceptions": 0
+        "Successes": 28,
+        "Failures": 2
      },
      "Misconfigurations": [
        {
--- a/integration/testdata/dockerfile-namespace-exception.json.golden
+++ b/integration/testdata/dockerfile-namespace-exception.json.golden
@@ -1,30 +0,0 @@
-{
-  "SchemaVersion": 2,
-  "CreatedAt": "2021-08-25T12:20:30.000000005Z",
-  "ArtifactName": "testdata/fixtures/repo/namespace-exception",
-  "ArtifactType": "repository",
-  "Metadata": {
-    "ImageConfig": {
-      "architecture": "",
-      "created": "0001-01-01T00:00:00Z",
-      "os": "",
-      "rootfs": {
-        "type": "",
-        "diff_ids": null
-      },
-      "config": {}
-    }
-  },
-  "Results": [
-    {
-      "Target": "Dockerfile",
-      "Class": "config",
-      "Type": "dockerfile",
-      "MisconfSummary": {
-        "Successes": 0,
-        "Failures": 0,
-        "Exceptions": 27
-      }
-    }
-  ]
-}
--- a/integration/testdata/dockerfile-rule-exception.json.golden
+++ b/integration/testdata/dockerfile-rule-exception.json.golden
@@ -1,58 +0,0 @@
-{
-  "SchemaVersion": 2,
-  "CreatedAt": "2021-08-25T12:20:30.000000005Z",
-  "ArtifactName": "testdata/fixtures/repo/rule-exception",
-  "ArtifactType": "repository",
-  "Metadata": {
-    "ImageConfig": {
-      "architecture": "",
-      "created": "0001-01-01T00:00:00Z",
-      "os": "",
-      "rootfs": {
-        "type": "",
-        "diff_ids": null
-      },
-      "config": {}
-    }
-  },
-  "Results": [
-    {
-      "Target": "Dockerfile",
-      "Class": "config",
-      "Type": "dockerfile",
-      "MisconfSummary": {
-        "Successes": 26,
-        "Failures": 1,
-        "Exceptions": 0
-      },
-      "Misconfigurations": [
-        {
-          "Type": "Dockerfile Security Check",
-          "ID": "DS002",
-          "AVDID": "AVD-DS-0002",
-          "Title": "Image user should not be 'root'",
-          "Description": "Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.",
-          "Message": "Specify at least 1 USER command in Dockerfile with non-root user as argument",
-          "Namespace": "builtin.dockerfile.DS002",
-          "Query": "data.builtin.dockerfile.DS002.deny",
-          "Resolution": "Add 'USER \u003cnon root user name\u003e' line to the Dockerfile",
-          "Severity": "HIGH",
-          "PrimaryURL": "https://avd.aquasec.com/misconfig/ds002",
-          "References": [
-            "https://docs.docker.com/develop/develop-images/dockerfile_best-practices/",
-            "https://avd.aquasec.com/misconfig/ds002"
-          ],
-          "Status": "FAIL",
-          "Layer": {},
-          "CauseMetadata": {
-            "Provider": "Dockerfile",
-            "Service": "general",
-            "Code": {
-              "Lines": null
-            }
-          }
-        }
-      ]
-    }
-  ]
-}
--- a/integration/testdata/dockerfile.json.golden
+++ b/integration/testdata/dockerfile.json.golden
@@ -21,9 +21,8 @@
      "Class": "config",
      "Type": "dockerfile",
      "MisconfSummary": {
-        "Successes": 26,
-        "Failures": 1,
-        "Exceptions": 0
+        "Successes": 27,
+        "Failures": 1
      },
      "Misconfigurations": [
        {
--- a/integration/testdata/dockerfile_file_pattern.json.golden
+++ b/integration/testdata/dockerfile_file_pattern.json.golden
@@ -21,9 +21,8 @@
      "Class": "config",
      "Type": "dockerfile",
      "MisconfSummary": {
-        "Successes": 26,
-        "Failures": 1,
-        "Exceptions": 0
+        "Successes": 27,
+        "Failures": 1
      },
      "Misconfigurations": [
        {
--- a/integration/testdata/fixtures/repo/namespace-exception/Dockerfile
+++ b/integration/testdata/fixtures/repo/namespace-exception/Dockerfile
@@ -1,2 +0,0 @@
-FROM alpine:3.13
-LABEL user.root="allow"
--- a/integration/testdata/fixtures/repo/namespace-exception/policy/exception.rego
+++ b/integration/testdata/fixtures/repo/namespace-exception/policy/exception.rego
@@ -1,8 +0,0 @@
-package namespace.exceptions
-
-import data.namespaces
-
-exception[ns] {
-	ns := data.namespaces[_]
-	startswith(ns, "builtin")
-}
--- a/integration/testdata/fixtures/repo/rule-exception/Dockerfile
+++ b/integration/testdata/fixtures/repo/rule-exception/Dockerfile
@@ -1,4 +0,0 @@
-FROM alpine:3.13
-LABEL user.root="allow"
-
-HEALTHCHECK NONE
--- a/integration/testdata/fixtures/repo/rule-exception/policy/exception.rego
+++ b/integration/testdata/fixtures/repo/rule-exception/policy/exception.rego
@@ -1,15 +0,0 @@
-package builtin.dockerfile.DS002
-
-exception[rules] {
-	instruction := input.stages[_][_]
-	instruction.Cmd == "label"
-
-	key := instruction.Value[i]
-	i % 2 == 0
-	key == "user.root"
-
-	value := instruction.Value[plus(i, 1)]
-	value == "\"allow\""
-
-	rules = [""]
-}
--- a/integration/testdata/fixtures/vex/file/openvex.json
+++ b/integration/testdata/fixtures/vex/file/openvex.json
@@ -11,7 +11,7 @@
        {
          "@id": "pkg:golang/github.com/testdata/testdata",
          "subcomponents": [
-            { "@id": "pkg:golang/github.com/open-policy-agent/opa@0.35.0" }
+            { "@id": "pkg:golang/github.com/open-policy-agent/opa@v0.35.0" }
          ]
        }
      ],
--- a/integration/testdata/fluentd-multiple-lockfiles.cdx.json.golden
+++ b/integration/testdata/fluentd-multiple-lockfiles.cdx.json.golden
@@ -6169,6 +6169,12 @@
      "type": "library",
      "name": "activesupport",
      "version": "6.0.2.1",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "a2cd09dcbaf8ca1951fb8e3f2ebdfe6728ab44f7"
+        }
+      ],
      "licenses": [
        {
          "license": {
@@ -6201,6 +6207,12 @@
      "type": "library",
      "name": "addressable",
      "version": "2.7.0",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "b4596fdeffcb1c89b24623b6f775a6b054a8323f"
+        }
+      ],
      "licenses": [
        {
          "license": {
@@ -6233,6 +6245,12 @@
      "type": "library",
      "name": "concurrent-ruby",
      "version": "1.1.6",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "c96749b0390ad63300b13dca6fd83e5508facf18"
+        }
+      ],
      "licenses": [
        {
          "license": {
@@ -6265,6 +6283,12 @@
      "type": "library",
      "name": "cool.io",
      "version": "1.6.0",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "706a2490b54301e8ae8f2ca8f9f56b279b96ac7b"
+        }
+      ],
      "purl": "pkg:gem/cool.io@1.6.0",
      "properties": [
        {
@@ -6290,6 +6314,12 @@
      "type": "library",
      "name": "dig_rb",
      "version": "1.0.1",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "04a4a555fe3a7e253098e870cf8a6c8746828829"
+        }
+      ],
      "licenses": [
        {
          "license": {
@@ -6322,6 +6352,12 @@
      "type": "library",
      "name": "domain_name",
      "version": "0.5.20190701",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "e45a352deedbf1d48c2563caa583d0864d6ac62b"
+        }
+      ],
      "licenses": [
        {
          "license": {
@@ -6364,6 +6400,12 @@
      "type": "library",
      "name": "elasticsearch-api",
      "version": "7.5.0",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "aac794d1d845525dc57d73d8bd5bda4b7f593ea4"
+        }
+      ],
      "licenses": [
        {
          "license": {
@@ -6396,6 +6438,12 @@
      "type": "library",
      "name": "elasticsearch-transport",
      "version": "7.5.0",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "29ab0a306cfc109b82ac19c37f288956a4d6d1d9"
+        }
+      ],
      "licenses": [
        {
          "license": {
@@ -6428,6 +6476,12 @@
      "type": "library",
      "name": "elasticsearch",
      "version": "7.5.0",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "f3996e145e83f80d27ed48f8d2dca84f02c696c3"
+        }
+      ],
      "licenses": [
        {
          "license": {
@@ -6460,6 +6514,12 @@
      "type": "library",
      "name": "excon",
      "version": "0.72.0",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "8b5c81a189d2748ae488dff8a7b4876493b86f76"
+        }
+      ],
      "licenses": [
        {
          "license": {
@@ -6492,6 +6552,12 @@
      "type": "library",
      "name": "faraday",
      "version": "0.17.3",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "b8c741fbdc2d729a59e2e855037421040673ca45"
+        }
+      ],
      "licenses": [
        {
          "license": {
@@ -6524,6 +6590,12 @@
      "type": "library",
      "name": "ffi-compiler",
      "version": "1.0.1",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "b9ffee214ef79e695c14c8703566f7c13be4c2ba"
+        }
+      ],
      "licenses": [
        {
          "license": {
@@ -6556,6 +6628,12 @@
      "type": "library",
      "name": "ffi",
      "version": "1.12.2",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "e6345da46b7a923b2248bc76d074362e7491376b"
+        }
+      ],
      "licenses": [
        {
          "license": {
@@ -6588,6 +6666,12 @@
      "type": "library",
      "name": "fluent-plugin-concat",
      "version": "2.4.0",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "b6a0da88821e50d052cb244b57562f00abe79888"
+        }
+      ],
      "licenses": [
        {
          "license": {
@@ -6620,6 +6704,12 @@
      "type": "library",
      "name": "fluent-plugin-detect-exceptions",
      "version": "0.0.13",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "d1a7b50f7723ead908453f463e24424735be0a56"
+        }
+      ],
      "licenses": [
        {
          "license": {
@@ -6652,6 +6742,12 @@
      "type": "library",
      "name": "fluent-plugin-elasticsearch",
      "version": "3.8.0",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "d60372f3af2757abd0a4ff68484e9328b2cbe386"
+        }
+      ],
      "licenses": [
        {
          "license": {
@@ -6684,6 +6780,12 @@
      "type": "library",
      "name": "fluent-plugin-kubernetes_metadata_filter",
      "version": "2.4.1",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "eeb3ce046c69c9c83ed1d4bc949058ef6a124f96"
+        }
+      ],
      "licenses": [
        {
          "license": {
@@ -6716,6 +6818,12 @@
      "type": "library",
      "name": "fluent-plugin-multi-format-parser",
      "version": "1.0.0",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "9aa245fc07627474621e29f04507a377dfae09d3"
+        }
+      ],
      "licenses": [
        {
          "license": {
@@ -6748,6 +6856,12 @@
      "type": "library",
      "name": "fluent-plugin-prometheus",
      "version": "1.7.0",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "597a311791f0d05968c558e8015c8bed864137e2"
+        }
+      ],
      "licenses": [
        {
          "license": {
@@ -6780,6 +6894,12 @@
      "type": "library",
      "name": "fluent-plugin-systemd",
      "version": "1.0.2",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "115901208913bc5031597a20fae33c50c6de6500"
+        }
+      ],
      "licenses": [
        {
          "license": {
@@ -6812,6 +6932,12 @@
      "type": "library",
      "name": "fluentd",
      "version": "1.8.0",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "5f31ca316e345410e5a5b70b5fafed8a51fd5092"
+        }
+      ],
      "licenses": [
        {
          "license": {
@@ -6844,6 +6970,12 @@
      "type": "library",
      "name": "http-accept",
      "version": "1.7.0",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "21dedf2ba79a24f86528c2dfc32d17dd9324d9fd"
+        }
+      ],
      "purl": "pkg:gem/http-accept@1.7.0",
      "properties": [
        {
@@ -6869,6 +7001,12 @@
      "type": "library",
      "name": "http-cookie",
      "version": "1.0.3",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "e6f5b8e237e694b3729797cca134525822769964"
+        }
+      ],
      "licenses": [
        {
          "license": {
@@ -6901,6 +7039,12 @@
      "type": "library",
      "name": "http-form_data",
      "version": "2.2.0",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "53c844c1f954a9c43b78b8e57f18c0ec965beb1f"
+        }
+      ],
      "licenses": [
        {
          "license": {
@@ -6933,6 +7077,12 @@
      "type": "library",
      "name": "http-parser",
      "version": "1.2.1",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "7c6889d98755a1fe8859d850892412a0e001ba9a"
+        }
+      ],
      "licenses": [
        {
          "license": {
@@ -6965,6 +7115,12 @@
      "type": "library",
      "name": "http",
      "version": "4.3.0",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "79032e0328aa1d3ee184a38c50cd93d5bce8998b"
+        }
+      ],
      "licenses": [
        {
          "license": {
@@ -6997,6 +7153,12 @@
      "type": "library",
      "name": "http_parser.rb",
      "version": "0.6.0",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "0ed80e936eaf7151f540186333c3df436afd46c6"
+        }
+      ],
      "licenses": [
        {
          "license": {
@@ -7029,6 +7191,12 @@
      "type": "library",
      "name": "i18n",
      "version": "1.8.2",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "d13bccc2521cef33fc4303888b24f327a7369877"
+        }
+      ],
      "licenses": [
        {
          "license": {
@@ -7061,6 +7229,12 @@
      "type": "library",
      "name": "kubeclient",
      "version": "4.6.0",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "31916cb42ac6b30c68a5422414946d0328be94d4"
+        }
+      ],
      "licenses": [
        {
          "license": {
@@ -7093,6 +7267,12 @@
      "type": "library",
      "name": "lru_redux",
      "version": "1.1.0",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "c8c5874f406a8fefc655fee48b75dfa276a5b8fa"
+        }
+      ],
      "licenses": [
        {
          "license": {
@@ -7125,6 +7305,12 @@
      "type": "library",
      "name": "mime-types-data",
      "version": "3.2019.1009",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "8a80ce9bf4961df0184d25699612d29293a05aee"
+        }
+      ],
      "licenses": [
        {
          "license": {
@@ -7157,6 +7343,12 @@
      "type": "library",
      "name": "mime-types",
      "version": "3.3.1",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "b70aa1555acff548ee282c76ddd562e831483187"
+        }
+      ],
      "licenses": [
        {
          "license": {
@@ -7189,6 +7381,12 @@
      "type": "library",
      "name": "minitest",
      "version": "5.14.0",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "8fcf25c201eacdf1a0e4db78efcb37ad590f33c0"
+        }
+      ],
      "licenses": [
        {
          "license": {
@@ -7221,6 +7419,12 @@
      "type": "library",
      "name": "msgpack",
      "version": "1.3.3",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "bda4ff6f3cd395534ba441ccacc4640f9dc43942"
+        }
+      ],
      "licenses": [
        {
          "license": {
@@ -7253,6 +7457,12 @@
      "type": "library",
      "name": "multi_json",
      "version": "1.14.1",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "fead333877a2db2e2aaca87d8cd1f270952cd42e"
+        }
+      ],
      "licenses": [
        {
          "license": {
@@ -7285,6 +7495,12 @@
      "type": "library",
      "name": "multipart-post",
      "version": "2.1.1",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "927edb51d5b23a49a417fe1503f196896c0e8034"
+        }
+      ],
      "licenses": [
        {
          "license": {
@@ -7317,6 +7533,12 @@
      "type": "library",
      "name": "netrc",
      "version": "0.11.0",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "98d7bbb894429413feb5c0a3b766a7945f65e3ba"
+        }
+      ],
      "licenses": [
        {
          "license": {
@@ -7349,6 +7571,12 @@
      "type": "library",
      "name": "oj",
      "version": "3.10.0",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "b348b933b9c2f6a6e952f6a15c7cbd9f1186815f"
+        }
+      ],
      "licenses": [
        {
          "license": {
@@ -7381,6 +7609,12 @@
      "type": "library",
      "name": "prometheus-client",
      "version": "0.9.0",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "f829d25ee6b39cdda518f7b6f85be6563d7b5990"
+        }
+      ],
      "licenses": [
        {
          "license": {
@@ -7413,6 +7647,12 @@
      "type": "library",
      "name": "public_suffix",
      "version": "4.0.3",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "ac88907845a8bec2a0df25cf2e3ef61121e47252"
+        }
+      ],
      "licenses": [
        {
          "license": {
@@ -7445,6 +7685,12 @@
      "type": "library",
      "name": "quantile",
      "version": "0.2.1",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "07a0817cd9df688930b2d8481a647a7ec321b870"
+        }
+      ],
      "licenses": [
        {
          "license": {
@@ -7477,6 +7723,12 @@
      "type": "library",
      "name": "rake",
      "version": "13.0.1",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "d01a832a472daf914670adda88b44b419a4d2daf"
+        }
+      ],
      "licenses": [
        {
          "license": {
@@ -7509,6 +7761,12 @@
      "type": "library",
      "name": "recursive-open-struct",
      "version": "1.1.0",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "5a4a02765d82d6786a832384b890f0a2497c2e14"
+        }
+      ],
      "licenses": [
        {
          "license": {
@@ -7541,6 +7799,12 @@
      "type": "library",
      "name": "rest-client",
      "version": "2.1.0",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "a7e5943a216b16e0867693f20d5d1604cd015486"
+        }
+      ],
      "licenses": [
        {
          "license": {
@@ -7573,6 +7837,12 @@
      "type": "library",
      "name": "serverengine",
      "version": "2.2.1",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "16e5806b2d513f6b075355c602aed0f960584267"
+        }
+      ],
      "licenses": [
        {
          "license": {
@@ -7605,6 +7875,12 @@
      "type": "library",
      "name": "sigdump",
      "version": "0.2.4",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "1bae5c6042dc82a4bec6aacb42f75ba71f7cb634"
+        }
+      ],
      "licenses": [
        {
          "license": {
@@ -7637,6 +7913,12 @@
      "type": "library",
      "name": "strptime",
      "version": "0.2.3",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "17150d9e40754ea1a732796f224b9be78e77b86a"
+        }
+      ],
      "licenses": [
        {
          "license": {
@@ -7669,6 +7951,12 @@
      "type": "library",
      "name": "systemd-journal",
      "version": "1.3.3",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "4f310622fe58e95897147736c96d3d42174a3363"
+        }
+      ],
      "licenses": [
        {
          "license": {
@@ -7701,6 +7989,12 @@
      "type": "library",
      "name": "thread_safe",
      "version": "0.3.6",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "546993ac33864e279ae73e918d6da5d4ca083098"
+        }
+      ],
      "licenses": [
        {
          "license": {
@@ -7733,6 +8027,12 @@
      "type": "library",
      "name": "tzinfo-data",
      "version": "1.2019.3",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "26832d11382943b02433f3ad1df7653b4cfdf3a2"
+        }
+      ],
      "licenses": [
        {
          "license": {
@@ -7765,6 +8065,12 @@
      "type": "library",
      "name": "tzinfo",
      "version": "1.2.6",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "5b7db490d431d97366729086683e736d2b5fee99"
+        }
+      ],
      "licenses": [
        {
          "license": {
@@ -7797,6 +8103,12 @@
      "type": "library",
      "name": "unf",
      "version": "0.1.4",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "85ff87b60a6d16ffddf4db5f5f91c0ef76bacd3d"
+        }
+      ],
      "licenses": [
        {
          "license": {
@@ -7829,6 +8141,12 @@
      "type": "library",
      "name": "unf_ext",
      "version": "0.0.7.6",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "1b5141ee855f16e832534c2e73d81fec0601ebd3"
+        }
+      ],
      "licenses": [
        {
          "license": {
@@ -7861,6 +8179,12 @@
      "type": "library",
      "name": "yajl-ruby",
      "version": "1.4.1",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "670f3cd2fc601c9b7fde02b1d8c60e90491a7221"
+        }
+      ],
      "licenses": [
        {
          "license": {
@@ -7893,6 +8217,12 @@
      "type": "library",
      "name": "zeitwerk",
      "version": "2.3.0",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "803894c06d28932016866a26fc2b22c4db942094"
+        }
+      ],
      "licenses": [
        {
          "license": {
--- a/integration/testdata/gomod-skip.json.golden
+++ b/integration/testdata/gomod-skip.json.golden
@@ -26,10 +26,10 @@
          "PkgID": "github.com/docker/distribution@v2.7.1+incompatible",
          "PkgName": "github.com/docker/distribution",
          "PkgIdentifier": {
-            "PURL": "pkg:golang/github.com/docker/distribution@2.7.1%2Bincompatible",
-            "UID": "de19cd663ca047a8"
+            "PURL": "pkg:golang/github.com/docker/distribution@v2.7.1%2Bincompatible",
+            "UID": "9d949a7b01249e68"
          },
-          "InstalledVersion": "2.7.1+incompatible",
+          "InstalledVersion": "v2.7.1+incompatible",
          "FixedVersion": "v2.8.0",
          "Status": "fixed",
          "Layer": {},
@@ -53,10 +53,10 @@
          "PkgID": "github.com/open-policy-agent/opa@v0.35.0",
          "PkgName": "github.com/open-policy-agent/opa",
          "PkgIdentifier": {
-            "PURL": "pkg:golang/github.com/open-policy-agent/opa@0.35.0",
-            "UID": "6b685002e082ffc5"
+            "PURL": "pkg:golang/github.com/open-policy-agent/opa@v0.35.0",
+            "UID": "e89e2b0d8977e2a"
          },
-          "InstalledVersion": "0.35.0",
+          "InstalledVersion": "v0.35.0",
          "FixedVersion": "0.37.0",
          "Status": "fixed",
          "Layer": {},
@@ -100,10 +100,10 @@
          "PkgID": "golang.org/x/text@v0.3.6",
          "PkgName": "golang.org/x/text",
          "PkgIdentifier": {
-            "PURL": "pkg:golang/golang.org/x/text@0.3.6",
-            "UID": "825dc613c0f39d45"
+            "PURL": "pkg:golang/golang.org/x/text@v0.3.6",
+            "UID": "3050088ce9eb2ce4"
          },
-          "InstalledVersion": "0.3.6",
+          "InstalledVersion": "v0.3.6",
          "FixedVersion": "0.3.7",
          "Status": "fixed",
          "Layer": {},
@@ -133,10 +133,10 @@
          "PkgID": "github.com/docker/distribution@v2.7.1+incompatible",
          "PkgName": "github.com/docker/distribution",
          "PkgIdentifier": {
-            "PURL": "pkg:golang/github.com/docker/distribution@2.7.1%2Bincompatible",
-            "UID": "94376dc37054a7e8"
+            "PURL": "pkg:golang/github.com/docker/distribution@v2.7.1%2Bincompatible",
+            "UID": "2f7f0fa81860b8f1"
          },
-          "InstalledVersion": "2.7.1+incompatible",
+          "InstalledVersion": "v2.7.1+incompatible",
          "FixedVersion": "v2.8.0",
          "Status": "fixed",
          "Layer": {},
--- a/integration/testdata/gomod-vex.json.golden
+++ b/integration/testdata/gomod-vex.json.golden
@@ -26,10 +26,10 @@
          "PkgID": "github.com/docker/distribution@v2.7.1+incompatible",
          "PkgName": "github.com/docker/distribution",
          "PkgIdentifier": {
-            "PURL": "pkg:golang/github.com/docker/distribution@2.7.1%2Bincompatible",
-            "UID": "de19cd663ca047a8"
+            "PURL": "pkg:golang/github.com/docker/distribution@v2.7.1%2Bincompatible",
+            "UID": "9d949a7b01249e68"
          },
-          "InstalledVersion": "2.7.1+incompatible",
+          "InstalledVersion": "v2.7.1+incompatible",
          "FixedVersion": "v2.8.0",
          "Status": "fixed",
          "Layer": {},
@@ -53,10 +53,10 @@
          "PkgID": "golang.org/x/text@v0.3.6",
          "PkgName": "golang.org/x/text",
          "PkgIdentifier": {
-            "PURL": "pkg:golang/golang.org/x/text@0.3.6",
-            "UID": "825dc613c0f39d45"
+            "PURL": "pkg:golang/golang.org/x/text@v0.3.6",
+            "UID": "3050088ce9eb2ce4"
          },
-          "InstalledVersion": "0.3.6",
+          "InstalledVersion": "v0.3.6",
          "FixedVersion": "0.3.7",
          "Status": "fixed",
          "Layer": {},
@@ -86,10 +86,10 @@
          "PkgID": "github.com/docker/distribution@v2.7.1+incompatible",
          "PkgName": "github.com/docker/distribution",
          "PkgIdentifier": {
-            "PURL": "pkg:golang/github.com/docker/distribution@2.7.1%2Bincompatible",
-            "UID": "94376dc37054a7e8"
+            "PURL": "pkg:golang/github.com/docker/distribution@v2.7.1%2Bincompatible",
+            "UID": "2f7f0fa81860b8f1"
          },
-          "InstalledVersion": "2.7.1+incompatible",
+          "InstalledVersion": "v2.7.1+incompatible",
          "FixedVersion": "v2.8.0",
          "Status": "fixed",
          "Layer": {},
@@ -120,10 +120,10 @@
          "PkgID": "github.com/docker/distribution@v2.7.1+incompatible",
          "PkgName": "github.com/docker/distribution",
          "PkgIdentifier": {
-            "PURL": "pkg:golang/github.com/docker/distribution@2.7.1%2Bincompatible",
-            "UID": "94306cdcf85fb50a"
+            "PURL": "pkg:golang/github.com/docker/distribution@v2.7.1%2Bincompatible",
+            "UID": "3ad40723ed2fce22"
          },
-          "InstalledVersion": "2.7.1+incompatible",
+          "InstalledVersion": "v2.7.1+incompatible",
          "FixedVersion": "v2.8.0",
          "Status": "fixed",
          "Layer": {},
--- a/integration/testdata/gomod.json.golden
+++ b/integration/testdata/gomod.json.golden
@@ -26,10 +26,10 @@
          "PkgID": "github.com/docker/distribution@v2.7.1+incompatible",
          "PkgName": "github.com/docker/distribution",
          "PkgIdentifier": {
-            "PURL": "pkg:golang/github.com/docker/distribution@2.7.1%2Bincompatible",
-            "UID": "de19cd663ca047a8"
+            "PURL": "pkg:golang/github.com/docker/distribution@v2.7.1%2Bincompatible",
+            "UID": "9d949a7b01249e68"
          },
-          "InstalledVersion": "2.7.1+incompatible",
+          "InstalledVersion": "v2.7.1+incompatible",
          "FixedVersion": "v2.8.0",
          "Status": "fixed",
          "Layer": {},
@@ -53,10 +53,10 @@
          "PkgID": "github.com/open-policy-agent/opa@v0.35.0",
          "PkgName": "github.com/open-policy-agent/opa",
          "PkgIdentifier": {
-            "PURL": "pkg:golang/github.com/open-policy-agent/opa@0.35.0",
-            "UID": "6b685002e082ffc5"
+            "PURL": "pkg:golang/github.com/open-policy-agent/opa@v0.35.0",
+            "UID": "e89e2b0d8977e2a"
          },
-          "InstalledVersion": "0.35.0",
+          "InstalledVersion": "v0.35.0",
          "FixedVersion": "0.37.0",
          "Status": "fixed",
          "Layer": {},
@@ -100,10 +100,10 @@
          "PkgID": "golang.org/x/text@v0.3.6",
          "PkgName": "golang.org/x/text",
          "PkgIdentifier": {
-            "PURL": "pkg:golang/golang.org/x/text@0.3.6",
-            "UID": "825dc613c0f39d45"
+            "PURL": "pkg:golang/golang.org/x/text@v0.3.6",
+            "UID": "3050088ce9eb2ce4"
          },
-          "InstalledVersion": "0.3.6",
+          "InstalledVersion": "v0.3.6",
          "FixedVersion": "0.3.7",
          "Status": "fixed",
          "Layer": {},
@@ -133,10 +133,10 @@
          "PkgID": "github.com/docker/distribution@v2.7.1+incompatible",
          "PkgName": "github.com/docker/distribution",
          "PkgIdentifier": {
-            "PURL": "pkg:golang/github.com/docker/distribution@2.7.1%2Bincompatible",
-            "UID": "94376dc37054a7e8"
+            "PURL": "pkg:golang/github.com/docker/distribution@v2.7.1%2Bincompatible",
+            "UID": "2f7f0fa81860b8f1"
          },
-          "InstalledVersion": "2.7.1+incompatible",
+          "InstalledVersion": "v2.7.1+incompatible",
          "FixedVersion": "v2.8.0",
          "Status": "fixed",
          "Layer": {},
@@ -167,10 +167,10 @@
          "PkgID": "github.com/docker/distribution@v2.7.1+incompatible",
          "PkgName": "github.com/docker/distribution",
          "PkgIdentifier": {
-            "PURL": "pkg:golang/github.com/docker/distribution@2.7.1%2Bincompatible",
-            "UID": "94306cdcf85fb50a"
+            "PURL": "pkg:golang/github.com/docker/distribution@v2.7.1%2Bincompatible",
+            "UID": "3ad40723ed2fce22"
          },
-          "InstalledVersion": "2.7.1+incompatible",
+          "InstalledVersion": "v2.7.1+incompatible",
          "FixedVersion": "v2.8.0",
          "Status": "fixed",
          "Layer": {},
--- a/integration/testdata/helm.json.golden
+++ b/integration/testdata/helm.json.golden
@@ -21,9 +21,8 @@
      "Class": "config",
      "Type": "helm",
      "MisconfSummary": {
-        "Successes": 80,
-        "Failures": 14,
-        "Exceptions": 0
+        "Successes": 79,
+        "Failures": 14
      },
      "Misconfigurations": [
        {
@@ -890,10 +889,11 @@
          "Namespace": "builtin.kubernetes.KSV117",
          "Query": "data.builtin.kubernetes.KSV117.deny",
          "Resolution": "Do not map the container ports to privileged host ports when starting a container.",
-          "Severity": "HIGH",
+          "Severity": "MEDIUM",
          "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv117",
          "References": [
            "https://kubernetes.io/docs/concepts/security/pod-security-standards/",
+            "https://www.stigviewer.com/stig/kubernetes/2022-12-02/finding/V-242414",
            "https://avd.aquasec.com/misconfig/ksv117"
          ],
          "Status": "FAIL",
--- a/integration/testdata/helm_testchart.json.golden
+++ b/integration/testdata/helm_testchart.json.golden
@@ -21,9 +21,8 @@
      "Class": "config",
      "Type": "helm",
      "MisconfSummary": {
-        "Successes": 90,
-        "Failures": 4,
-        "Exceptions": 0
+        "Successes": 89,
+        "Failures": 4
      },
      "Misconfigurations": [
        {
@@ -318,10 +317,11 @@
          "Namespace": "builtin.kubernetes.KSV117",
          "Query": "data.builtin.kubernetes.KSV117.deny",
          "Resolution": "Do not map the container ports to privileged host ports when starting a container.",
-          "Severity": "HIGH",
+          "Severity": "MEDIUM",
          "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv117",
          "References": [
            "https://kubernetes.io/docs/concepts/security/pod-security-standards/",
+            "https://www.stigviewer.com/stig/kubernetes/2022-12-02/finding/V-242414",
            "https://avd.aquasec.com/misconfig/ksv117"
          ],
          "Status": "FAIL",
@@ -341,9 +341,8 @@
      "Class": "config",
      "Type": "helm",
      "MisconfSummary": {
-        "Successes": 61,
-        "Failures": 0,
-        "Exceptions": 0
+        "Successes": 60,
+        "Failures": 0
      }
    },
    {
@@ -351,9 +350,8 @@
      "Class": "config",
      "Type": "helm",
      "MisconfSummary": {
-        "Successes": 60,
-        "Failures": 0,
-        "Exceptions": 0
+        "Successes": 59,
+        "Failures": 0
      }
    }
  ]
--- a/integration/testdata/helm_testchart.overridden.json.golden
+++ b/integration/testdata/helm_testchart.overridden.json.golden
@@ -21,9 +21,8 @@
      "Class": "config",
      "Type": "helm",
      "MisconfSummary": {
-        "Successes": 88,
-        "Failures": 6,
-        "Exceptions": 0
+        "Successes": 87,
+        "Failures": 6
      },
      "Misconfigurations": [
        {
@@ -545,10 +544,11 @@
          "Namespace": "builtin.kubernetes.KSV117",
          "Query": "data.builtin.kubernetes.KSV117.deny",
          "Resolution": "Do not map the container ports to privileged host ports when starting a container.",
-          "Severity": "HIGH",
+          "Severity": "MEDIUM",
          "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv117",
          "References": [
            "https://kubernetes.io/docs/concepts/security/pod-security-standards/",
+            "https://www.stigviewer.com/stig/kubernetes/2022-12-02/finding/V-242414",
            "https://avd.aquasec.com/misconfig/ksv117"
          ],
          "Status": "FAIL",
@@ -568,9 +568,8 @@
      "Class": "config",
      "Type": "helm",
      "MisconfSummary": {
-        "Successes": 61,
-        "Failures": 0,
-        "Exceptions": 0
+        "Successes": 60,
+        "Failures": 0
      }
    },
    {
@@ -578,9 +577,8 @@
      "Class": "config",
      "Type": "helm",
      "MisconfSummary": {
-        "Successes": 60,
-        "Failures": 0,
-        "Exceptions": 0
+        "Successes": 59,
+        "Failures": 0
      }
    }
  ]
--- a/integration/testdata/julia-spdx.json.golden
+++ b/integration/testdata/julia-spdx.json.golden
@@ -17,11 +17,21 @@
      "SPDXID": "SPDXRef-Application-18fc3597717a3e56",
      "downloadLocation": "NONE",
      "filesAnalyzed": false,
-      "attributionTexts": [
-        "Class: lang-pkgs",
-        "Type: julia"
-      ],
-      "primaryPackagePurpose": "APPLICATION"
+      "primaryPackagePurpose": "APPLICATION",
+      "annotations": [
+        {
+          "annotator": "Tool: trivy-dev",
+          "annotationDate": "2021-08-25T12:20:30Z",
+          "annotationType": "OTHER",
+          "comment": "Class: lang-pkgs"
+        },
+        {
+          "annotator": "Tool: trivy-dev",
+          "annotationDate": "2021-08-25T12:20:30Z",
+          "annotationType": "OTHER",
+          "comment": "Type: julia"
+        }
+      ]
    },
    {
      "name": "A",
@@ -40,11 +50,21 @@
          "referenceLocator": "pkg:julia/A@1.9.0?uuid=ead4f63c-334e-11e9-00e6-e7f0a5f21b60"
        }
      ],
-      "attributionTexts": [
-        "PkgID: ead4f63c-334e-11e9-00e6-e7f0a5f21b60",
-        "PkgType: julia"
-      ],
-      "primaryPackagePurpose": "LIBRARY"
+      "primaryPackagePurpose": "LIBRARY",
+      "annotations": [
+        {
+          "annotator": "Tool: trivy-dev",
+          "annotationDate": "2021-08-25T12:20:30Z",
+          "annotationType": "OTHER",
+          "comment": "PkgID: ead4f63c-334e-11e9-00e6-e7f0a5f21b60"
+        },
+        {
+          "annotator": "Tool: trivy-dev",
+          "annotationDate": "2021-08-25T12:20:30Z",
+          "annotationType": "OTHER",
+          "comment": "PkgType: julia"
+        }
+      ]
    },
    {
      "name": "B",
@@ -63,11 +83,21 @@
          "referenceLocator": "pkg:julia/B@1.9.0?uuid=f41f7b98-334e-11e9-1257-49272045fb24"
        }
      ],
-      "attributionTexts": [
-        "PkgID: f41f7b98-334e-11e9-1257-49272045fb24",
-        "PkgType: julia"
-      ],
-      "primaryPackagePurpose": "LIBRARY"
+      "primaryPackagePurpose": "LIBRARY",
+      "annotations": [
+        {
+          "annotator": "Tool: trivy-dev",
+          "annotationDate": "2021-08-25T12:20:30Z",
+          "annotationType": "OTHER",
+          "comment": "PkgID: f41f7b98-334e-11e9-1257-49272045fb24"
+        },
+        {
+          "annotator": "Tool: trivy-dev",
+          "annotationDate": "2021-08-25T12:20:30Z",
+          "annotationType": "OTHER",
+          "comment": "PkgType: julia"
+        }
+      ]
    },
    {
      "name": "B",
@@ -86,21 +116,36 @@
          "referenceLocator": "pkg:julia/B@1.9.0?uuid=edca9bc6-334e-11e9-3554-9595dbb4349c"
        }
      ],
-      "attributionTexts": [
-        "PkgID: edca9bc6-334e-11e9-3554-9595dbb4349c",
-        "PkgType: julia"
-      ],
-      "primaryPackagePurpose": "LIBRARY"
+      "primaryPackagePurpose": "LIBRARY",
+      "annotations": [
+        {
+          "annotator": "Tool: trivy-dev",
+          "annotationDate": "2021-08-25T12:20:30Z",
+          "annotationType": "OTHER",
+          "comment": "PkgID: edca9bc6-334e-11e9-3554-9595dbb4349c"
+        },
+        {
+          "annotator": "Tool: trivy-dev",
+          "annotationDate": "2021-08-25T12:20:30Z",
+          "annotationType": "OTHER",
+          "comment": "PkgType: julia"
+        }
+      ]
    },
    {
      "name": "testdata/fixtures/repo/julia",
      "SPDXID": "SPDXRef-Filesystem-1be792dd0077c431",
      "downloadLocation": "NONE",
      "filesAnalyzed": false,
-      "attributionTexts": [
-        "SchemaVersion: 2"
-      ],
-      "primaryPackagePurpose": "SOURCE"
+      "primaryPackagePurpose": "SOURCE",
+      "annotations": [
+        {
+          "annotator": "Tool: trivy-dev",
+          "annotationDate": "2021-08-25T12:20:30Z",
+          "annotationType": "OTHER",
+          "comment": "SchemaVersion: 2"
+        }
+      ]
    }
  ],
  "relationships": [
--- a/integration/testdata/npm.gitlab.golden
+++ b/integration/testdata/npm.gitlab.golden
@@ -0,0 +1,214 @@
+{
+  "version": "15.0.7",
+  "scan": {
+    "analyzer": {
+      "id": "trivy",
+      "name": "Trivy",
+      "vendor": {
+        "name": "Aqua Security"
+      },
+      "version": "dev"
+    },
+    "end_time": "2021-08-25T12:20:30",
+    "scanner": {
+      "id": "trivy",
+      "name": "Trivy",
+      "url": "https://github.com/aquasecurity/trivy/",
+      "vendor": {
+        "name": "Aqua Security"
+      },
+      "version": "dev"
+    },
+    "start_time": "2021-08-25T12:20:30",
+    "status": "success",
+    "type": "container_scanning"
+  },
+  "vulnerabilities": [
+    {
+      "id": "CVE-2019-11358",
+      "name": "jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection",
+      "description": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.",
+      "severity": "Medium",
+      "solution": "Upgrade jquery to 3.4.0",
+      "location": {
+        "dependency": {
+          "package": {
+            "name": "jquery"
+          },
+          "version": "3.3.9"
+        },
+        "operating_system": "Unknown",
+        "image": "Unknown"
+      },
+      "identifiers": [
+        {
+          "type": "cve",
+          "name": "CVE-2019-11358",
+          "value": "CVE-2019-11358",
+          "url": "https://avd.aquasec.com/nvd/cve-2019-11358"
+        }
+      ],
+      "links": [{
+          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html"
+        },{
+          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html"
+        },{
+          "url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"
+        },{
+          "url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html"
+        },{
+          "url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"
+        },{
+          "url": "http://seclists.org/fulldisclosure/2019/May/10"
+        },{
+          "url": "http://seclists.org/fulldisclosure/2019/May/11"
+        },{
+          "url": "http://seclists.org/fulldisclosure/2019/May/13"
+        },{
+          "url": "http://www.openwall.com/lists/oss-security/2019/06/03/2"
+        },{
+          "url": "http://www.securityfocus.com/bid/108023"
+        },{
+          "url": "https://access.redhat.com/errata/RHBA-2019:1570"
+        },{
+          "url": "https://access.redhat.com/errata/RHSA-2019:1456"
+        },{
+          "url": "https://access.redhat.com/errata/RHSA-2019:2587"
+        },{
+          "url": "https://access.redhat.com/errata/RHSA-2019:3023"
+        },{
+          "url": "https://access.redhat.com/errata/RHSA-2019:3024"
+        },{
+          "url": "https://access.redhat.com/security/cve/CVE-2019-11358"
+        },{
+          "url": "https://backdropcms.org/security/backdrop-sa-core-2019-009"
+        },{
+          "url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"
+        },{
+          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358"
+        },{
+          "url": "https://github.com/DanielRuf/snyk-js-jquery-174006?files=1"
+        },{
+          "url": "https://github.com/advisories/GHSA-6c3j-c64m-qhgq"
+        },{
+          "url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b"
+        },{
+          "url": "https://github.com/jquery/jquery/pull/4333"
+        },{
+          "url": "https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#434"
+        },{
+          "url": "https://hackerone.com/reports/454365"
+        },{
+          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
+        },{
+          "url": "https://linux.oracle.com/cve/CVE-2019-11358.html"
+        },{
+          "url": "https://linux.oracle.com/errata/ELSA-2020-4847.html"
+        },{
+          "url": "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc@%3Ccommits.airflow.apache.org%3E"
+        },{
+          "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
+        },{
+          "url": "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844@%3Ccommits.airflow.apache.org%3E"
+        },{
+          "url": "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f@%3Ccommits.airflow.apache.org%3E"
+        },{
+          "url": "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7@%3Ccommits.airflow.apache.org%3E"
+        },{
+          "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
+        },{
+          "url": "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205@%3Ccommits.airflow.apache.org%3E"
+        },{
+          "url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E"
+        },{
+          "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E"
+        },{
+          "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
+        },{
+          "url": "https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9@%3Cissues.flink.apache.org%3E"
+        },{
+          "url": "https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa@%3Cissues.flink.apache.org%3E"
+        },{
+          "url": "https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766@%3Cdev.syncope.apache.org%3E"
+        },{
+          "url": "https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08@%3Cissues.flink.apache.org%3E"
+        },{
+          "url": "https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355@%3Cdev.flink.apache.org%3E"
+        },{
+          "url": "https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734@%3Cdev.storm.apache.org%3E"
+        },{
+          "url": "https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73@%3Cissues.flink.apache.org%3E"
+        },{
+          "url": "https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d@%3Cissues.flink.apache.org%3E"
+        },{
+          "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E"
+        },{
+          "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html"
+        },{
+          "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html"
+        },{
+          "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html"
+        },{
+          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/"
+        },{
+          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/"
+        },{
+          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/"
+        },{
+          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/"
+        },{
+          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/"
+        },{
+          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/"
+        },{
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358"
+        },{
+          "url": "https://seclists.org/bugtraq/2019/Apr/32"
+        },{
+          "url": "https://seclists.org/bugtraq/2019/Jun/12"
+        },{
+          "url": "https://seclists.org/bugtraq/2019/May/18"
+        },{
+          "url": "https://security.netapp.com/advisory/ntap-20190919-0001/"
+        },{
+          "url": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006"
+        },{
+          "url": "https://www.debian.org/security/2019/dsa-4434"
+        },{
+          "url": "https://www.debian.org/security/2019/dsa-4460"
+        },{
+          "url": "https://www.drupal.org/sa-core-2019-006"
+        },{
+          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
+        },{
+          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
+        },{
+          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
+        },{
+          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
+        },{
+          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
+        },{
+          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
+        },{
+          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
+        },{
+          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
+        },{
+          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
+        },{
+          "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
+        },{
+          "url": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/"
+        },{
+          "url": "https://www.synology.com/security/advisory/Synology_SA_19_19"
+        },{
+          "url": "https://www.tenable.com/security/tns-2019-08"
+        },{
+          "url": "https://www.tenable.com/security/tns-2020-02"
+        }
+      ]
+    }
+  ],
+  "remediations": []
+}
--- a/integration/testimages.ini
+++ b/integration/testimages.ini
@@ -0,0 +1,3 @@
+# Configuration file for both shell scripts and Go programs
+TEST_IMAGES=ghcr.io/knqyf263/trivy-test-images
+TEST_VM_IMAGES=ghcr.io/knqyf263/trivy-test-vm-images
--- a/internal/testutil/image.go
+++ b/internal/testutil/image.go
@@ -0,0 +1,67 @@
+package testutil
+
+import (
+	"bufio"
+	"fmt"
+	"os"
+	"path/filepath"
+	"runtime"
+	"strings"
+)
+
+var (
+	testImages   string
+	testVMImages string
+)
+
+func init() {
+	_, b, _, _ := runtime.Caller(0)
+	currentDir := filepath.Dir(b)
+	f, err := os.Open(filepath.Join(currentDir, "..", "..", "integration", "testimages.ini"))
+	if err != nil {
+		panic(err)
+	}
+	defer f.Close()
+
+	scanner := bufio.NewScanner(f)
+	for scanner.Scan() {
+		if strings.HasPrefix(scanner.Text(), "#") {
+			continue
+		}
+		parts := strings.SplitN(scanner.Text(), "=", 2)
+		if len(parts) == 2 {
+			key := strings.TrimSpace(parts[0])
+			value := strings.TrimSpace(parts[1])
+			switch key {
+			case "TEST_IMAGES":
+				testImages = value
+			case "TEST_VM_IMAGES":
+				testVMImages = value
+			}
+		}
+	}
+	if err = scanner.Err(); err != nil {
+		panic(err)
+	}
+}
+
+func ImageName(subpath, tag, digest string) string {
+	return imageName(testImages, subpath, tag, digest)
+}
+
+func VMImageName(subpath, tag, digest string) string {
+	return imageName(testVMImages, subpath, tag, digest)
+}
+
+func imageName(img, subpath, tag, digest string) string {
+	if subpath != "" {
+		img = fmt.Sprintf("%s/%s", img, subpath)
+	}
+	if tag != "" {
+		img = fmt.Sprintf("%s:%s", img, tag)
+	}
+	if digest != "" {
+		img = fmt.Sprintf("%s@%s", img, digest)
+	}
+	return img
+}
--- a/magefiles/fixture.go
+++ b/magefiles/fixture.go
@@ -10,13 +10,13 @@ import (
 	"github.com/google/go-containerregistry/pkg/crane"
 	v1 "github.com/google/go-containerregistry/pkg/v1"
 	"github.com/magefile/mage/sh"
+
+	"github.com/aquasecurity/trivy/internal/testutil"
 )

 func fixtureContainerImages() error {
-	const (
-		testImages = "ghcr.io/aquasecurity/trivy-test-images"
-		dir        = "integration/testdata/fixtures/images/"
-	)
+	var testImages = testutil.ImageName("", "", "")
+	const dir = "integration/testdata/fixtures/images/"
 	if err := os.MkdirAll(dir, 0750); err != nil {
 		return err
 	}
@@ -48,8 +48,8 @@ func fixtureContainerImages() error {
 }

 func fixtureVMImages() error {
+	var testVMImages = testutil.VMImageName("", "", "")
 	const (
-		testVMImages    = "ghcr.io/aquasecurity/trivy-test-vm-images"
 		titleAnnotation = "org.opencontainers.image.title"
 		dir             = "integration/testdata/fixtures/vm-images/"
 	)
--- a/magefiles/helm.go
+++ b/magefiles/helm.go
@@ -0,0 +1,117 @@
+//go:build mage_helm
+
+package main
+
+import (
+	"fmt"
+	"log"
+	"os"
+
+	"github.com/aquasecurity/go-version/pkg/semver"
+
+	"github.com/magefile/mage/sh"
+	"golang.org/x/xerrors"
+	"gopkg.in/yaml.v3"
+)
+
+const chartFile = "./helm/trivy/Chart.yaml"
+
+func main() {
+	trivyVersion, err := version()
+	if err != nil {
+		log.Fatalf("could not determine Trivy version: %v", err)
+	}
+
+	newHelmVersion, err := bumpHelmChart(chartFile, trivyVersion)
+	if err != nil {
+		log.Fatalf("could not bump Trivy version to %q: %v", trivyVersion, err)
+	}
+
+	log.Printf("Current helm version will bump up %q with Trivy %q", newHelmVersion, trivyVersion)
+
+	newBranch := fmt.Sprintf("ci/helm-chart/bump-trivy-to-%s", trivyVersion)
+	title := fmt.Sprintf("ci(helm): bump Trivy version to %s for Trivy Helm Chart %s", trivyVersion, newHelmVersion)
+	description := fmt.Sprintf("This PR bumps Trivy up to the %s version for the Trivy Helm chart %s.",
+		trivyVersion, newHelmVersion)
+
+	cmds := [][]string{
+		[]string{"git", "switch", "-c", newBranch},
+		[]string{"git", "add", chartFile},
+		[]string{"git", "commit", "-m", title},
+		[]string{"git", "push", "origin", newBranch},
+		[]string{"gh", "pr", "create", "--base", "main", "--head", newBranch, "--title", title, "--body", description, "--repo", "$GITHUB_REPOSITORY"},
+	}
+
+	if err := runShCommands(cmds); err != nil {
+		log.Fatal(err)
+	}
+	log.Print("Successfully created PR with a new helm version")
+}
+
+type Chart struct {
+	Version    string `yaml:"version"`
+	AppVersion string `yaml:"appVersion"`
+}
+
+// bumpHelmChart bumps up helm and trivy versions inside a file (Chart.yaml)
+// it returns a new helm version and error
+func bumpHelmChart(filename, trivyVersion string) (string, error) {
+	input, err := os.ReadFile(filename)
+	if err != nil {
+		return "", xerrors.Errorf("could not read file %q: %w", filename, err)
+	}
+	currentHelmChart := &Chart{}
+	if err := yaml.Unmarshal(input, currentHelmChart); err != nil {
+		return "", xerrors.Errorf("could not unmarshal helm chart %q: %w", filename, err)
+	}
+
+	newHelmVersion, err := buildNewHelmVersion(currentHelmChart.Version, currentHelmChart.AppVersion, trivyVersion)
+	if err != nil {
+		return "", xerrors.Errorf("could not build new helm version: %v", err)
+	}
+	cmds := [][]string{
+		[]string{"sed", "-i", "-e", fmt.Sprintf("s/appVersion: %s/appVersion: %s/g", currentHelmChart.AppVersion, trivyVersion), filename},
+		[]string{"sed", "-i", "-e", fmt.Sprintf("s/version: %s/version: %s/g", currentHelmChart.Version, newHelmVersion), filename},
+	}
+
+	if err := runShCommands(cmds); err != nil {
+		return "", xerrors.Errorf("could not update Helm Chart %q: %w", newHelmVersion, err)
+	}
+	return newHelmVersion, nil
+}
+
+func runShCommands(cmds [][]string) error {
+	for _, cmd := range cmds {
+		if err := sh.Run(cmd[0], cmd[1:]...); err != nil {
+			return xerrors.Errorf("failed to run %v: %w", cmd, err)
+		}
+	}
+	return nil
+}
+
+func buildNewHelmVersion(currentHelm, currentTrivy, newTrivy string) (string, error) {
+	currentHelmVersion, err := semver.Parse(currentHelm)
+	if err != nil {
+		return "", xerrors.Errorf("could not parse current helm version: %w", err)
+	}
+
+	currentTrivyVersion, err := semver.Parse(currentTrivy)
+	if err != nil {
+		return "", xerrors.Errorf("could not parse current trivy version: %w", err)
+	}
+
+	newTrivyVersion, err := semver.Parse(newTrivy)
+	if err != nil {
+		return "", xerrors.Errorf("could not parse new trivy version: %w", err)
+	}
+
+	if newTrivyVersion.Major().Compare(currentTrivyVersion.Major()) > 0 {
+		return currentHelmVersion.IncMajor().String(), nil
+	}
+
+	if newTrivyVersion.Minor().Compare(currentTrivyVersion.Minor()) > 0 {
+		return currentHelmVersion.IncMinor().String(), nil
+	}
+
+	return currentHelmVersion.IncPatch().String(), nil
+}
--- a/magefiles/helm_test.go
+++ b/magefiles/helm_test.go
@@ -0,0 +1,92 @@
+//go:build mage_helm
+
+package main
+
+import (
+	"os"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestNewVersion(t *testing.T) {
+	tests := []struct {
+		name                string
+		currentHelmVersion  string
+		currentTrivyVersion string
+		newTrivyVersion     string
+		newHelmVersion      string
+	}{
+		{
+			"created the first patch",
+			"0.1.0",
+			"0.55.0",
+			"0.55.1",
+			"0.1.1",
+		},
+		{
+			"created the second patch",
+			"0.1.1",
+			"0.55.1",
+			"0.55.2",
+			"0.1.2",
+		},
+		{
+			"created the second patch but helm chart was changed",
+			"0.1.2",
+			"0.55.1",
+			"0.55.2",
+			"0.1.3",
+		},
+		{
+			"created a new minor version",
+			"0.1.1",
+			"0.55.1",
+			"0.56.0",
+			"0.2.0",
+		},
+		{
+			"created a new major version",
+			"0.1.1",
+			"0.55.1",
+			"1.0.0",
+			"1.0.0",
+		},
+	}
+
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			newHelmVersion, err := buildNewHelmVersion(test.currentHelmVersion, test.currentTrivyVersion, test.newTrivyVersion)
+			assert.NoError(t, err)
+			assert.Equal(t, test.newHelmVersion, newHelmVersion)
+		})
+	}
+}
+
+func TestBumpHelmChart_Success(t *testing.T) {
+	tempFile, err := os.CreateTemp(t.TempDir(), "Chart-*.yaml")
+	assert.NoError(t, err)
+
+	content := `
+apiVersion: v2
+name: trivy
+version: 0.8.0
+appVersion: 0.55.0
+description: Trivy helm chart
+keywords:
+  - scanner
+  - trivy
+  - vulnerability
+`
+	err = os.WriteFile(tempFile.Name(), []byte(content), 0644)
+	assert.NoError(t, err)
+
+	newVersion, err := bumpHelmChart(tempFile.Name(), "0.55.1")
+	assert.NoError(t, err)
+	assert.Equal(t, "0.8.1", newVersion)
+
+	updatedContent, err := os.ReadFile(tempFile.Name())
+	assert.NoError(t, err)
+	assert.Contains(t, string(updatedContent), "appVersion: 0.55.1")
+	assert.Contains(t, string(updatedContent), "version: 0.8.1")
+}
--- a/magefiles/magefile.go
+++ b/magefiles/magefile.go
@@ -489,3 +489,10 @@ func (CloudActions) Generate() error {
 func VEX(_ context.Context, dir string) error {
 	return sh.RunWith(ENV, "go", "run", "-tags=mage_vex", "./magefiles/vex.go", "--dir", dir)
 }
+
+type Helm mg.Namespace
+
+// UpdateVersion updates a version for Trivy Helm Chart and creates a PR
+func (Helm) UpdateVersion() error {
+	return sh.RunWith(ENV, "go", "run", "-tags=mage_helm", "./magefiles")
+}
--- a/misc/lint/rules.go
+++ b/misc/lint/rules.go
@@ -20,3 +20,13 @@ func initializeMaps(m dsl.Matcher) {
 		Suggest(`make(map[$key]$value)`).
 		Report(`replace '$$' with 'make(map[$key]$value)`)
 }
+
+// While errors.Join from standard library can combine multiple errors,
+// we use hashicorp/go-multierror for more user-friendly error outputs.
+func errorsJoin(m dsl.Matcher) {
+	m.Match(`errors.Join($x...)`).
+		Report("use github.com/hashicorp/go-multierror.Append instead of errors.Join.")
+
+	m.Match(`errors.Join($*args)`).
+		Report("use github.com/hashicorp/go-multierror.Append instead of errors.Join.")
+}
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -56,7 +56,6 @@ nav:
              - Overview: docs/scanner/misconfiguration/index.md
              - Policy:
                  - Built-in Checks: docs/scanner/misconfiguration/check/builtin.md
-                  - Exceptions: docs/scanner/misconfiguration/check/exceptions.md
              - Custom Checks:
                  - Overview: docs/scanner/misconfiguration/custom/index.md
                  - Data: docs/scanner/misconfiguration/custom/data.md
@@ -178,6 +177,10 @@ nav:
                      - Plugin Update: docs/references/configuration/cli/trivy_plugin_update.md
                      - Plugin Upgrade: docs/references/configuration/cli/trivy_plugin_upgrade.md
                      - Plugin Search: docs/references/configuration/cli/trivy_plugin_search.md
+                  - Registry:
+                        - Registry: docs/references/configuration/cli/trivy_registry.md
+                        - Registry Login: docs/references/configuration/cli/trivy_registry_login.md
+                        - Registry Logout: docs/references/configuration/cli/trivy_registry_logout.md
                  - Repository: docs/references/configuration/cli/trivy_repository.md
                  - Rootfs: docs/references/configuration/cli/trivy_rootfs.md
                  - SBOM: docs/references/configuration/cli/trivy_sbom.md
--- a/pkg/attestation/attestation_test.go
+++ b/pkg/attestation/attestation_test.go
@@ -27,7 +27,7 @@ func TestStatement_UnmarshalJSON(t *testing.T) {
 					PredicateType: "cosign.sigstore.dev/attestation/v1",
 					Subject: []in_toto.Subject{
 						{
-							Name: "ghcr.io/aquasecurity/trivy-test-images",
+							Name: "ghcr.io/aquasecurity/trivy-test-images", // Defined in the attestations.json file
 							Digest: slsa.DigestSet{
 								"sha256": "72c42ed48c3a2db31b7dafe17d275b634664a708d901ec9fd57b1529280f01fb",
 							},
--- a/pkg/cache/mock_artifact_cache.go
+++ b/pkg/cache/mock_artifact_cache.go
@@ -229,9 +229,6 @@ func (_m *MockArtifactCache) PutBlob(blobID string, blobInfo types.BlobInfo) err
 		for j := range blobInfo.Misconfigurations[i].Warnings {
 			blobInfo.Misconfigurations[i].Warnings[j].Code = types.Code{}
 		}
-		for j := range blobInfo.Misconfigurations[i].Exceptions {
-			blobInfo.Misconfigurations[i].Exceptions[j].Code = types.Code{}
-		}
 	}

 	ret := _m.Called(blobID, blobInfo)
--- a/pkg/commands/app.go
+++ b/pkg/commands/app.go
@@ -15,6 +15,7 @@ import (

 	"github.com/aquasecurity/trivy/pkg/cache"
 	"github.com/aquasecurity/trivy/pkg/commands/artifact"
+	"github.com/aquasecurity/trivy/pkg/commands/auth"
 	"github.com/aquasecurity/trivy/pkg/commands/clean"
 	"github.com/aquasecurity/trivy/pkg/commands/convert"
 	"github.com/aquasecurity/trivy/pkg/commands/server"
@@ -99,6 +100,7 @@ func NewApp() *cobra.Command {
 		NewVersionCommand(globalFlags),
 		NewVMCommand(globalFlags),
 		NewCleanCommand(globalFlags),
+		NewRegistryCommand(globalFlags),
 		NewVEXCommand(globalFlags),
 	)

@@ -1144,6 +1146,7 @@ func NewSBOMCommand(globalFlags *flag.GlobalFlagGroup) *cobra.Command {
 		DBFlagGroup:            flag.NewDBFlagGroup(),
 		PackageFlagGroup:       flag.NewPackageFlagGroup(),
 		RemoteFlagGroup:        flag.NewClientFlags(),       // for client/server mode
+		RegistryFlagGroup:      flag.NewRegistryFlagGroup(), // for DBs in private registries
 		ReportFlagGroup:        reportFlagGroup,
 		ScanFlagGroup:          scanFlagGroup,
 		VulnerabilityFlagGroup: flag.NewVulnerabilityFlagGroup(),
@@ -1232,6 +1235,62 @@ func NewCleanCommand(globalFlags *flag.GlobalFlagGroup) *cobra.Command {
 	return cmd
 }

+func NewRegistryCommand(globalFlags *flag.GlobalFlagGroup) *cobra.Command {
+	cmd := &cobra.Command{
+		Use:           "registry [flags]",
+		GroupID:       groupUtility,
+		Short:         "Manage registry authentication",
+		SilenceErrors: true,
+		SilenceUsage:  true,
+	}
+
+	loginFlags := &flag.Flags{
+		GlobalFlagGroup:   globalFlags,
+		RegistryFlagGroup: flag.NewRegistryFlagGroup(),
+	}
+	loginFlags.RegistryFlagGroup.RegistryToken = nil // disable '--registry-token'
+	loginCmd := &cobra.Command{
+		Use:           "login SERVER",
+		Short:         "Log in to a registry",
+		SilenceErrors: true,
+		SilenceUsage:  true,
+		Example: `  # Log in to reg.example.com
+  cat ~/my_password.txt | trivy registry login --username foo --password-stdin reg.example.com`,
+		Args: cobra.ExactArgs(1),
+		PreRunE: func(cmd *cobra.Command, args []string) error {
+			if err := loginFlags.Bind(cmd); err != nil {
+				return xerrors.Errorf("flag bind error: %w", err)
+			}
+			return nil
+		},
+		RunE: func(cmd *cobra.Command, args []string) error {
+			loginOpts, err := loginFlags.ToOptions(args)
+			if err != nil {
+				return xerrors.Errorf("flag error: %w", err)
+			}
+			return auth.Login(cmd.Context(), args[0], loginOpts)
+		},
+	}
+	logoutCmd := &cobra.Command{
+		Use:           "logout SERVER",
+		Short:         "Log out of a registry",
+		SilenceErrors: true,
+		SilenceUsage:  true,
+		Example: `  # Log out of reg.example.com
+  trivy registry logout reg.example.com`,
+		Args: cobra.ExactArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return auth.Logout(cmd.Context(), args[0])
+		},
+	}
+	loginFlags.AddFlags(loginCmd)
+	cmd.AddCommand(loginCmd, logoutCmd)
+
+	cmd.SetFlagErrorFunc(flagErrorFunc)
+
+	return cmd
+}
+
 func NewVEXCommand(globalFlags *flag.GlobalFlagGroup) *cobra.Command {
 	vexFlags := &flag.Flags{
 		GlobalFlagGroup: globalFlags,
--- a/pkg/commands/artifact/run.go
+++ b/pkg/commands/artifact/run.go
@@ -538,9 +538,9 @@ func (r *runner) initScannerConfig(ctx context.Context, opts flag.Options) (Scan
 		}
 	}

-	// SPDX needs to calculate digests for package files
+	// SPDX and CycloneDX need to calculate digests for package files
 	var fileChecksum bool
-	if opts.Format == types.FormatSPDXJSON || opts.Format == types.FormatSPDX {
+	if opts.Format == types.FormatSPDXJSON || opts.Format == types.FormatSPDX || opts.Format == types.FormatCycloneDX {
 		fileChecksum = true
 	}

--- a/pkg/commands/auth/run.go
+++ b/pkg/commands/auth/run.go
@@ -0,0 +1,109 @@
+package auth
+
+import (
+	"context"
+	"net/http"
+	"os"
+
+	"github.com/docker/cli/cli/config"
+	"github.com/docker/cli/cli/config/types"
+	"github.com/google/go-containerregistry/pkg/authn"
+	"github.com/google/go-containerregistry/pkg/name"
+	"github.com/google/go-containerregistry/pkg/v1/remote"
+	"github.com/google/go-containerregistry/pkg/v1/remote/transport"
+	"golang.org/x/xerrors"
+
+	"github.com/aquasecurity/trivy/pkg/flag"
+	"github.com/aquasecurity/trivy/pkg/log"
+)
+
+func Login(ctx context.Context, registry string, opts flag.Options) error {
+	if len(opts.Credentials) == 0 {
+		return xerrors.New("username and password required")
+	} else if len(opts.Credentials) > 1 {
+		return xerrors.New("multiple credentials are not allowed")
+	}
+
+	reg, err := parseRegistry(registry, opts)
+	if err != nil {
+		return xerrors.Errorf("failed to parse registry: %w", err)
+	}
+	serverAddress := reg.Name()
+
+	// Validate the credential
+	_, err = transport.NewWithContext(ctx, reg, &authn.Basic{
+		Username: opts.Credentials[0].Username,
+		Password: opts.Credentials[0].Password,
+	}, httpTransport(opts), []string{reg.Scope(transport.PullScope)})
+	if err != nil {
+		return xerrors.Errorf("failed to authenticate: %w", err)
+	}
+
+	cf, err := config.Load(os.Getenv("DOCKER_CONFIG"))
+	if err != nil {
+		return xerrors.Errorf("failed to load docker config: %w", err)
+	}
+	creds := cf.GetCredentialsStore(serverAddress)
+	if serverAddress == name.DefaultRegistry {
+		serverAddress = authn.DefaultAuthKey
+	}
+	if err := creds.Store(types.AuthConfig{
+		ServerAddress: serverAddress,
+		Username:      opts.Credentials[0].Username,
+		Password:      opts.Credentials[0].Password,
+	}); err != nil {
+		return xerrors.Errorf("failed to store credentials: %w", err)
+	}
+
+	if err := cf.Save(); err != nil {
+		return xerrors.Errorf("failed to save docker config: %w", err)
+	}
+	log.Info("Login succeeded", log.FilePath(cf.Filename), log.String("username", opts.Credentials[0].Username))
+	return nil
+}
+
+func Logout(_ context.Context, registry string) error {
+	reg, err := parseRegistry(registry, flag.Options{})
+	if err != nil {
+		return xerrors.Errorf("failed to parse registry: %w", err)
+	}
+	serverAddress := reg.Name()
+
+	cf, err := config.Load(os.Getenv("DOCKER_CONFIG"))
+	if err != nil {
+		return xerrors.Errorf("failed to load docker config: %w", err)
+	}
+	creds := cf.GetCredentialsStore(serverAddress)
+	if serverAddress == name.DefaultRegistry {
+		serverAddress = authn.DefaultAuthKey
+	}
+	if err := creds.Erase(serverAddress); err != nil {
+		return xerrors.Errorf("failed to delete credentials: %w", err)
+	}
+
+	if err := cf.Save(); err != nil {
+		return xerrors.Errorf("failed to save docker config: %w", err)
+	}
+	log.Info("Logged out", log.FilePath(cf.Filename))
+	return nil
+}
+
+func parseRegistry(registry string, opts flag.Options) (name.Registry, error) {
+	var nameOpts []name.Option
+	if opts.Insecure {
+		nameOpts = append(nameOpts, name.Insecure)
+	}
+	reg, err := name.NewRegistry(registry, nameOpts...)
+	if err != nil {
+		return name.Registry{}, xerrors.Errorf("failed to parse registry: %w", err)
+	}
+	return reg, nil
+}
+
+func httpTransport(opts flag.Options) *http.Transport {
+	tr := remote.DefaultTransport.(*http.Transport).Clone()
+	if opts.Insecure {
+		tr.TLSClientConfig.InsecureSkipVerify = true
+	}
+	return tr
+}
--- a/pkg/commands/auth/run_test.go
+++ b/pkg/commands/auth/run_test.go
@@ -0,0 +1,142 @@
+package auth_test
+
+import (
+	"context"
+	"os"
+	"path/filepath"
+	"strings"
+	"testing"
+
+	"github.com/samber/lo"
+	"github.com/stretchr/testify/require"
+
+	testauth "github.com/aquasecurity/testdocker/auth"
+	"github.com/aquasecurity/testdocker/registry"
+	"github.com/aquasecurity/trivy/pkg/commands/auth"
+	"github.com/aquasecurity/trivy/pkg/fanal/types"
+	"github.com/aquasecurity/trivy/pkg/flag"
+)
+
+func TestLogin(t *testing.T) {
+	type args struct {
+		registry string
+		opts     flag.Options
+	}
+	tests := []struct {
+		name    string
+		args    args
+		wantErr string
+	}{
+		{
+			name: "single credential",
+			args: args{
+				opts: flag.Options{
+					RegistryOptions: flag.RegistryOptions{
+						Credentials: []types.Credential{
+							{
+								Username: "user",
+								Password: "pass",
+							},
+						},
+					},
+				},
+			},
+		},
+		{
+			name: "multiple credentials",
+			args: args{
+				opts: flag.Options{
+					RegistryOptions: flag.RegistryOptions{
+						Credentials: []types.Credential{
+							{
+								Username: "user1",
+								Password: "pass1",
+							},
+							{
+								Username: "user2",
+								Password: "pass2",
+							},
+						},
+					},
+				},
+			},
+			wantErr: "multiple credentials are not allowed",
+		},
+		{
+			name: "no credentials",
+			args: args{
+				registry: "auth.test",
+				opts:     flag.Options{},
+			},
+			wantErr: "username and password required",
+		},
+		{
+			name: "invalid registry",
+			args: args{
+				registry: "aaa://invalid.test",
+				opts: flag.Options{
+					RegistryOptions: flag.RegistryOptions{
+						Credentials: []types.Credential{
+							{
+								Username: "user",
+								Password: "pass",
+							},
+						},
+					},
+				},
+			},
+			wantErr: "registries must be valid RFC 3986 URI authorities",
+		},
+	}
+
+	tr := registry.NewDockerRegistry(registry.Option{
+		Auth: testauth.Auth{
+			User:     "user",
+			Password: "pass",
+		},
+	})
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			// Set the DOCKER_CONFIG environment variable to a temporary directory
+			// so that the test does not interfere with the user's configuration.
+			t.Setenv("DOCKER_CONFIG", filepath.Join(t.TempDir(), "config.json"))
+
+			reg := lo.Ternary(tt.args.registry == "", strings.TrimPrefix(tr.URL, "http://"), tt.args.registry)
+			err := auth.Login(context.Background(), reg, tt.args.opts)
+			if tt.wantErr != "" {
+				require.ErrorContains(t, err, tt.wantErr)
+				return
+			}
+			require.NoError(t, err)
+		})
+	}
+}
+
+func TestLogout(t *testing.T) {
+	// Set the DOCKER_CONFIG environment variable to a temporary directory
+	// so that the test does not interfere with the user's configuration.
+	tmpDir := t.TempDir()
+	t.Setenv("DOCKER_CONFIG", tmpDir)
+
+	t.Run("success", func(t *testing.T) {
+		configFile := filepath.Join(tmpDir, "config.json")
+		err := os.WriteFile(configFile, []byte(`{"auths": {"auth.test": {"auth": "dXNlcjpwYXNz"}}}`), 0600)
+		require.NoError(t, err)
+
+		err = auth.Logout(context.Background(), "auth.test")
+		require.NoError(t, err)
+		b, err := os.ReadFile(configFile)
+		require.NoError(t, err)
+		require.JSONEq(t, `{"auths": {}}`, string(b))
+	})
+	t.Run("not found", func(t *testing.T) {
+		err := auth.Logout(context.Background(), "notfound.test")
+		require.NoError(t, err) // Return an error if "credsStore" is "osxkeychain".
+	})
+
+	t.Run("invalid registry", func(t *testing.T) {
+		err := auth.Logout(context.Background(), "aaa://invalid.test")
+		require.ErrorContains(t, err, "registries must be valid RFC 3986 URI authorities")
+	})
+}
--- a/pkg/commands/clean/run.go
+++ b/pkg/commands/clean/run.go
@@ -2,7 +2,6 @@ package clean

 import (
 	"context"
-	"os"

 	"golang.org/x/xerrors"

@@ -25,7 +24,11 @@ func Run(ctx context.Context, opts flag.Options) error {
 	}

 	if opts.CleanAll {
-		return cleanAll(ctx, opts)
+		opts.CleanScanCache = true
+		opts.CleanVulnerabilityDB = true
+		opts.CleanJavaDB = true
+		opts.CleanChecksBundle = true
+		opts.CleanVEXRepositories = true
 	}

 	if opts.CleanScanCache {
@@ -60,14 +63,6 @@ func Run(ctx context.Context, opts flag.Options) error {
 	return nil
 }

-func cleanAll(ctx context.Context, opts flag.Options) error {
-	log.InfoContext(ctx, "Removing all caches...")
-	if err := os.RemoveAll(opts.CacheDir); err != nil {
-		return xerrors.Errorf("failed to remove the directory (%s) : %w", opts.CacheDir, err)
-	}
-	return nil
-}
-
 func cleanScanCache(ctx context.Context, opts flag.Options) error {
 	log.InfoContext(ctx, "Removing scan cache...")
 	c, cleanup, err := cache.New(opts.CacheOpts())
--- a/pkg/commands/clean/run_test.go
+++ b/pkg/commands/clean/run_test.go
@@ -28,7 +28,12 @@ func TestRun(t *testing.T) {
 			},
 			wantErr: false,
 			checkFunc: func(t *testing.T, dir string) {
-				assert.NoDirExists(t, dir)
+				assert.NoDirExists(t, filepath.Join(dir, "fanal"))
+				assert.NoDirExists(t, filepath.Join(dir, "db"))
+				assert.NoDirExists(t, filepath.Join(dir, "java-db"))
+				assert.NoDirExists(t, filepath.Join(dir, "policy"))
+				assert.NoDirExists(t, filepath.Join(dir, "vex"))
+				assert.DirExists(t, dir)
 			},
 		},
 		{
@@ -42,6 +47,7 @@ func TestRun(t *testing.T) {
 				assert.DirExists(t, filepath.Join(dir, "db"))
 				assert.DirExists(t, filepath.Join(dir, "java-db"))
 				assert.DirExists(t, filepath.Join(dir, "policy"))
+				assert.DirExists(t, filepath.Join(dir, "vex"))
 			},
 		},
 		{
@@ -55,6 +61,7 @@ func TestRun(t *testing.T) {
 				assert.DirExists(t, filepath.Join(dir, "fanal"))
 				assert.DirExists(t, filepath.Join(dir, "java-db"))
 				assert.DirExists(t, filepath.Join(dir, "policy"))
+				assert.DirExists(t, filepath.Join(dir, "vex"))
 			},
 		},
 		{
@@ -68,6 +75,7 @@ func TestRun(t *testing.T) {
 				assert.DirExists(t, filepath.Join(dir, "fanal"))
 				assert.DirExists(t, filepath.Join(dir, "db"))
 				assert.DirExists(t, filepath.Join(dir, "policy"))
+				assert.DirExists(t, filepath.Join(dir, "vex"))
 			},
 		},
 		{
@@ -81,6 +89,21 @@ func TestRun(t *testing.T) {
 				assert.DirExists(t, filepath.Join(dir, "fanal"))
 				assert.DirExists(t, filepath.Join(dir, "db"))
 				assert.DirExists(t, filepath.Join(dir, "java-db"))
+				assert.DirExists(t, filepath.Join(dir, "vex"))
+			},
+		},
+		{
+			name: "clean vex repositories",
+			cleanOpts: flag.CleanOptions{
+				CleanVEXRepositories: true,
+			},
+			wantErr: false,
+			checkFunc: func(t *testing.T, dir string) {
+				assert.DirExists(t, filepath.Join(dir, "policy"))
+				assert.DirExists(t, filepath.Join(dir, "fanal"))
+				assert.DirExists(t, filepath.Join(dir, "db"))
+				assert.DirExists(t, filepath.Join(dir, "java-db"))
+				assert.NoDirExists(t, filepath.Join(dir, "vex"))
 			},
 		},
 		{
@@ -127,6 +150,7 @@ func createTestFiles(t *testing.T, dir string) {
 		"db",
 		"java-db",
 		"policy",
+		"vex",
 	}
 	for _, subdir := range subdirs {
 		err := os.MkdirAll(filepath.Join(dir, subdir), 0755)
--- a/pkg/compliance/report/report_test.go
+++ b/pkg/compliance/report/report_test.go
@@ -38,7 +38,6 @@ func TestBuildComplianceReport(t *testing.T) {
 							MisconfSummary: &types.MisconfSummary{
 								Successes: 1,
 								Failures:  0,
-								Exceptions: 0,
 							},
 							Misconfigurations: []types.DetectedMisconfiguration{
 								{
@@ -160,7 +159,6 @@ func TestBuildComplianceReport(t *testing.T) {
 								MisconfSummary: &types.MisconfSummary{
 									Successes: 1,
 									Failures:  0,
-									Exceptions: 0,
 								},
 								Misconfigurations: []types.DetectedMisconfiguration{
 									{
--- a/pkg/compliance/report/testdata/table_all.txt
+++ b/pkg/compliance/report/testdata/table_all.txt
@@ -1,7 +1,7 @@

 Deployment/metrics-server (kubernetes)
 ======================================
-Tests: 1 (SUCCESSES: 1, FAILURES: 0, EXCEPTIONS: 0)
+Tests: 1 (SUCCESSES: 1, FAILURES: 0)
 Failures: 0 ()

 MEDIUM: Container 'metrics-server' of Deployment 'metrics-server' should set 'securityContext.allowPrivilegeEscalation' to false
@@ -27,7 +27,7 @@ See https://avd.aquasec.com/misconfig/ksv001

 Deployment/metrics-server (kubernetes)
 ======================================
-Tests: 1 (SUCCESSES: 1, FAILURES: 0, EXCEPTIONS: 0)
+Tests: 1 (SUCCESSES: 1, FAILURES: 0)
 Failures: 0 ()

 LOW: Container 'metrics-server' of Deployment 'metrics-server' should add 'ALL' to 'securityContext.capabilities.drop'
--- a/pkg/compliance/spec/mapper.go
+++ b/pkg/compliance/spec/mapper.go
@@ -49,8 +49,6 @@ func misconfigSummary(misconfig types.DetectedMisconfiguration) *types.MisconfSu
 		rms.Successes = 1
 	case types.MisconfStatusFailure:
 		rms.Failures = 1
-	case types.MisconfStatusException:
-		rms.Exceptions = 1
 	}
 	return &rms
 }
--- a/pkg/compliance/spec/mapper_test.go
+++ b/pkg/compliance/spec/mapper_test.go
@@ -63,7 +63,6 @@ func TestMapSpecCheckIDToFilteredResults(t *testing.T) {
 						MisconfSummary: &types.MisconfSummary{
 							Successes: 0,
 							Failures:  1,
-							Exceptions: 0,
 						},
 						Misconfigurations: []types.DetectedMisconfiguration{
 							{
@@ -81,7 +80,6 @@ func TestMapSpecCheckIDToFilteredResults(t *testing.T) {
 						MisconfSummary: &types.MisconfSummary{
 							Successes: 0,
 							Failures:  1,
-							Exceptions: 0,
 						},
 						Misconfigurations: []types.DetectedMisconfiguration{
 							{
--- a/pkg/db/db.go
+++ b/pkg/db/db.go
@@ -29,6 +29,10 @@ var (
 	DefaultGHCRRepository = fmt.Sprintf("%s:%d", "ghcr.io/aquasecurity/trivy-db", db.SchemaVersion)
 	defaultGHCRRepository = lo.Must(name.NewTag(DefaultGHCRRepository))

+	// GCR mirror
+	DefaultGCRRepository = fmt.Sprintf("%s:%d", "mirror.gcr.io/aquasec/trivy-db", db.SchemaVersion)
+	defaultGCRRepository = lo.Must(name.NewTag(DefaultGCRRepository))
+
 	Init  = db.Init
 	Close = db.Close
 	Path  = db.Path
@@ -73,6 +77,7 @@ func Dir(cacheDir string) string {
 func NewClient(dbDir string, quiet bool, opts ...Option) *Client {
 	o := &options{
 		dbRepositories: []name.Reference{
+			defaultGCRRepository,
 			defaultGHCRRepository,
 		},
 	}
--- a/pkg/dependency/id_test.go
+++ b/pkg/dependency/id_test.go
@@ -34,7 +34,7 @@ func TestID(t *testing.T) {
 			args: args{
 				ltype:   types.GoModule,
 				name:    "test",
-				version: "1.0.0",
+				version: "v1.0.0",
 			},
 			want: "test@v1.0.0",
 		},
--- a/pkg/dependency/parser/golang/binary/parse.go
+++ b/pkg/dependency/parser/golang/binary/parse.go
@@ -3,6 +3,7 @@ package binary
 import (
 	"cmp"
 	"debug/buildinfo"
+	"fmt"
 	"runtime/debug"
 	"slices"
 	"sort"
@@ -56,6 +57,8 @@ func (p *Parser) Parse(r xio.ReadSeekerAt) ([]ftypes.Package, []ftypes.Dependenc
 	// Ex: "go1.22.3 X:boringcrypto"
 	stdlibVersion := strings.TrimPrefix(info.GoVersion, "go")
 	stdlibVersion, _, _ = strings.Cut(stdlibVersion, " ")
+	// Add the `v` prefix to be consistent with module and dependency versions.
+	stdlibVersion = fmt.Sprintf("v%s", stdlibVersion)

 	ldflags := p.ldFlags(info.Settings)
 	pkgs := make(ftypes.Packages, 0, len(info.Deps)+2)
--- a/pkg/dependency/parser/golang/binary/parse_test.go
+++ b/pkg/dependency/parser/golang/binary/parse_test.go
@@ -20,7 +20,7 @@ func TestParse(t *testing.T) {
 		},
 		{
 			Name:         "stdlib",
-			Version:      "1.15.2",
+			Version:      "v1.15.2",
 			Relationship: ftypes.RelationshipDirect,
 		},
 		{
@@ -69,7 +69,7 @@ func TestParse(t *testing.T) {
 				},
 				{
 					Name:         "stdlib",
-					Version:      "1.16.4",
+					Version:      "v1.16.4",
 					Relationship: ftypes.RelationshipDirect,
 				},
 				{
@@ -93,7 +93,7 @@ func TestParse(t *testing.T) {
 				},
 				{
 					Name:         "stdlib",
-					Version:      "1.20.6",
+					Version:      "v1.20.6",
 					Relationship: ftypes.RelationshipDirect,
 				},
 			},
@@ -109,7 +109,7 @@ func TestParse(t *testing.T) {
 				},
 				{
 					Name:         "stdlib",
-					Version:      "1.22.1",
+					Version:      "v1.22.1",
 					Relationship: ftypes.RelationshipDirect,
 				},
 			},
@@ -120,7 +120,7 @@ func TestParse(t *testing.T) {
 			want: []ftypes.Package{
 				{
 					Name:         "stdlib",
-					Version:      "1.22.1",
+					Version:      "v1.22.1",
 					Relationship: ftypes.RelationshipDirect,
 				},
 			},
--- a/pkg/dependency/parser/golang/mod/parse.go
+++ b/pkg/dependency/parser/golang/mod/parse.go
@@ -1,6 +1,7 @@
 package mod

 import (
+	"fmt"
 	"io"
 	"regexp"
 	"strconv"
@@ -92,7 +93,9 @@ func (p *Parser) Parse(r xio.ReadSeekerAt) ([]ftypes.Package, []ftypes.Dependenc
 			pkgs["stdlib"] = ftypes.Package{
 				ID:   packageID("stdlib", toolchainVer),
 				Name: "stdlib",
-				Version:      toolchainVer,
+				// Our versioning library doesn't support canonical (goX.Y.Z) format,
+				// So we need to add `v` prefix for consistency (with module and dependency versions).
+				Version:      fmt.Sprintf("v%s", toolchainVer),
 				Relationship: ftypes.RelationshipDirect, // Considered a direct dependency as the main module depends on the standard packages.
 			}
 		}
@@ -100,11 +103,10 @@ func (p *Parser) Parse(r xio.ReadSeekerAt) ([]ftypes.Package, []ftypes.Dependenc

 	// Main module
 	if m := modFileParsed.Module; m != nil {
-		ver := strings.TrimPrefix(m.Mod.Version, "v")
 		pkgs[m.Mod.Path] = ftypes.Package{
-			ID:                 packageID(m.Mod.Path, ver),
+			ID:                 packageID(m.Mod.Path, m.Mod.Version),
 			Name:               m.Mod.Path,
-			Version:            ver,
+			Version:            m.Mod.Version,
 			ExternalReferences: p.GetExternalRefs(m.Mod.Path),
 			Relationship:       ftypes.RelationshipRoot,
 		}
@@ -116,11 +118,10 @@ func (p *Parser) Parse(r xio.ReadSeekerAt) ([]ftypes.Package, []ftypes.Dependenc
 		if skipIndirect && require.Indirect {
 			continue
 		}
-		ver := strings.TrimPrefix(require.Mod.Version, "v")
 		pkgs[require.Mod.Path] = ftypes.Package{
-			ID:                 packageID(require.Mod.Path, ver),
+			ID:                 packageID(require.Mod.Path, require.Mod.Version),
 			Name:               require.Mod.Path,
-			Version:            ver,
+			Version:            require.Mod.Version,
 			Relationship:       lo.Ternary(require.Indirect, ftypes.RelationshipIndirect, ftypes.RelationshipDirect),
 			ExternalReferences: p.GetExternalRefs(require.Mod.Path),
 		}
@@ -136,7 +137,7 @@ func (p *Parser) Parse(r xio.ReadSeekerAt) ([]ftypes.Package, []ftypes.Dependenc
 			}

 			// If the replace directive has a version on the left side, make sure it matches the version that was imported.
-			if rep.Old.Version != "" && old.Version != rep.Old.Version[1:] {
+			if rep.Old.Version != "" && old.Version != rep.Old.Version {
 				continue
 			}

@@ -153,9 +154,9 @@ func (p *Parser) Parse(r xio.ReadSeekerAt) ([]ftypes.Package, []ftypes.Dependenc

 			// Add replaced package to package register.
 			pkgs[rep.New.Path] = ftypes.Package{
-				ID:                 packageID(rep.New.Path, rep.New.Version[1:]),
+				ID:                 packageID(rep.New.Path, rep.New.Version),
 				Name:               rep.New.Path,
-				Version:            rep.New.Version[1:],
+				Version:            rep.New.Version,
 				Relationship:       old.Relationship,
 				ExternalReferences: p.GetExternalRefs(rep.New.Path),
 			}
--- a/pkg/dependency/parser/golang/mod/parse_testcase.go
+++ b/pkg/dependency/parser/golang/mod/parse_testcase.go
@@ -23,13 +23,13 @@ var (
 		{
 			ID:           "stdlib@v1.22.5",
 			Name:         "stdlib",
-			Version:      "1.22.5",
+			Version:      "v1.22.5",
 			Relationship: ftypes.RelationshipDirect,
 		},
 		{
 			ID:           "github.com/aquasecurity/go-version@v0.0.0-20240603093900-cf8a8d29271d",
 			Name:         "github.com/aquasecurity/go-version",
-			Version:      "0.0.0-20240603093900-cf8a8d29271d",
+			Version:      "v0.0.0-20240603093900-cf8a8d29271d",
 			Relationship: ftypes.RelationshipDirect,
 			ExternalReferences: []ftypes.ExternalRef{
 				{
@@ -41,7 +41,7 @@ var (
 		{
 			ID:           "github.com/davecgh/go-spew@v1.1.2-0.20180830191138-d8f796af33cc",
 			Name:         "github.com/davecgh/go-spew",
-			Version:      "1.1.2-0.20180830191138-d8f796af33cc",
+			Version:      "v1.1.2-0.20180830191138-d8f796af33cc",
 			Relationship: ftypes.RelationshipIndirect,
 			ExternalReferences: []ftypes.ExternalRef{
 				{
@@ -53,7 +53,7 @@ var (
 		{
 			ID:           "github.com/pmezard/go-difflib@v1.0.1-0.20181226105442-5d4384ee4fb2",
 			Name:         "github.com/pmezard/go-difflib",
-			Version:      "1.0.1-0.20181226105442-5d4384ee4fb2",
+			Version:      "v1.0.1-0.20181226105442-5d4384ee4fb2",
 			Relationship: ftypes.RelationshipIndirect,
 			ExternalReferences: []ftypes.ExternalRef{
 				{
@@ -65,7 +65,7 @@ var (
 		{
 			ID:           "github.com/stretchr/testify@v1.9.0",
 			Name:         "github.com/stretchr/testify",
-			Version:      "1.9.0",
+			Version:      "v1.9.0",
 			Relationship: ftypes.RelationshipIndirect,
 			ExternalReferences: []ftypes.ExternalRef{
 				{
@@ -77,7 +77,7 @@ var (
 		{
 			ID:           "golang.org/x/xerrors@v0.0.0-20231012003039-104605ab7028",
 			Name:         "golang.org/x/xerrors",
-			Version:      "0.0.0-20231012003039-104605ab7028",
+			Version:      "v0.0.0-20231012003039-104605ab7028",
 			Relationship: ftypes.RelationshipIndirect,
 		},
 	}
@@ -102,7 +102,7 @@ var (
 		{
 			ID:           "github.com/aquasecurity/go-dep-parser@v0.0.0-20220406074731-71021a481237",
 			Name:         "github.com/aquasecurity/go-dep-parser",
-			Version:      "0.0.0-20220406074731-71021a481237",
+			Version:      "v0.0.0-20220406074731-71021a481237",
 			Relationship: ftypes.RelationshipDirect,
 			ExternalReferences: []ftypes.ExternalRef{
 				{
@@ -114,7 +114,7 @@ var (
 		{
 			ID:           "golang.org/x/xerrors@v0.0.0-20200804184101-5ec99f83aff1",
 			Name:         "golang.org/x/xerrors",
-			Version:      "0.0.0-20200804184101-5ec99f83aff1",
+			Version:      "v0.0.0-20200804184101-5ec99f83aff1",
 			Relationship: ftypes.RelationshipIndirect,
 		},
 	}
@@ -135,7 +135,7 @@ var (
 		{
 			ID:           "github.com/aquasecurity/go-dep-parser@v0.0.0-20211110174639-8257534ffed3",
 			Name:         "github.com/aquasecurity/go-dep-parser",
-			Version:      "0.0.0-20211110174639-8257534ffed3",
+			Version:      "v0.0.0-20211110174639-8257534ffed3",
 			Relationship: ftypes.RelationshipDirect,
 			ExternalReferences: []ftypes.ExternalRef{
 				{
@@ -147,7 +147,7 @@ var (
 		{
 			ID:           "golang.org/x/xerrors@v0.0.0-20200804184101-5ec99f83aff1",
 			Name:         "golang.org/x/xerrors",
-			Version:      "0.0.0-20200804184101-5ec99f83aff1",
+			Version:      "v0.0.0-20200804184101-5ec99f83aff1",
 			Relationship: ftypes.RelationshipIndirect,
 		},
 	}
@@ -168,7 +168,7 @@ var (
 		{
 			ID:           "github.com/aquasecurity/go-dep-parser@v0.0.0-20220406074731-71021a481237",
 			Name:         "github.com/aquasecurity/go-dep-parser",
-			Version:      "0.0.0-20220406074731-71021a481237",
+			Version:      "v0.0.0-20220406074731-71021a481237",
 			Relationship: ftypes.RelationshipDirect,
 			ExternalReferences: []ftypes.ExternalRef{
 				{
@@ -180,7 +180,7 @@ var (
 		{
 			ID:           "golang.org/x/xerrors@v0.0.0-20200804184101-5ec99f83aff1",
 			Name:         "golang.org/x/xerrors",
-			Version:      "0.0.0-20200804184101-5ec99f83aff1",
+			Version:      "v0.0.0-20200804184101-5ec99f83aff1",
 			Relationship: ftypes.RelationshipIndirect,
 		},
 	}
@@ -201,7 +201,7 @@ var (
 		{
 			ID:           "github.com/aquasecurity/go-dep-parser@v0.0.0-20211224170007-df43bca6b6ff",
 			Name:         "github.com/aquasecurity/go-dep-parser",
-			Version:      "0.0.0-20211224170007-df43bca6b6ff",
+			Version:      "v0.0.0-20211224170007-df43bca6b6ff",
 			Relationship: ftypes.RelationshipDirect,
 			ExternalReferences: []ftypes.ExternalRef{
 				{
@@ -213,13 +213,13 @@ var (
 		{
 			ID:           "golang.org/x/xerrors@v0.0.0-20200804184101-5ec99f83aff1",
 			Name:         "golang.org/x/xerrors",
-			Version:      "0.0.0-20200804184101-5ec99f83aff1",
+			Version:      "v0.0.0-20200804184101-5ec99f83aff1",
 			Relationship: ftypes.RelationshipIndirect,
 		},
 		{
 			ID:           "gopkg.in/yaml.v3@v3.0.0-20210107192922-496545a6307b",
 			Name:         "gopkg.in/yaml.v3",
-			Version:      "3.0.0-20210107192922-496545a6307b",
+			Version:      "v3.0.0-20210107192922-496545a6307b",
 			Relationship: ftypes.RelationshipIndirect,
 			ExternalReferences: []ftypes.ExternalRef{
 				{
@@ -246,7 +246,7 @@ var (
 		{
 			ID:           "github.com/aquasecurity/go-dep-parser@v0.0.0-20211224170007-df43bca6b6ff",
 			Name:         "github.com/aquasecurity/go-dep-parser",
-			Version:      "0.0.0-20211224170007-df43bca6b6ff",
+			Version:      "v0.0.0-20211224170007-df43bca6b6ff",
 			Relationship: ftypes.RelationshipDirect,
 			ExternalReferences: []ftypes.ExternalRef{
 				{
@@ -258,7 +258,7 @@ var (
 		{
 			ID:           "gopkg.in/yaml.v3@v3.0.0-20210107192922-496545a6307b",
 			Name:         "gopkg.in/yaml.v3",
-			Version:      "3.0.0-20210107192922-496545a6307b",
+			Version:      "v3.0.0-20210107192922-496545a6307b",
 			Relationship: ftypes.RelationshipIndirect,
 			ExternalReferences: []ftypes.ExternalRef{
 				{
@@ -285,7 +285,7 @@ var (
 		{
 			ID:           "github.com/aquasecurity/go-dep-parser@v0.0.0-20211224170007-df43bca6b6ff",
 			Name:         "github.com/aquasecurity/go-dep-parser",
-			Version:      "0.0.0-20211224170007-df43bca6b6ff",
+			Version:      "v0.0.0-20211224170007-df43bca6b6ff",
 			Relationship: ftypes.RelationshipDirect,
 			ExternalReferences: []ftypes.ExternalRef{
 				{
@@ -297,7 +297,7 @@ var (
 		{
 			ID:           "gopkg.in/yaml.v3@v3.0.0-20210107192922-496545a6307b",
 			Name:         "gopkg.in/yaml.v3",
-			Version:      "3.0.0-20210107192922-496545a6307b",
+			Version:      "v3.0.0-20210107192922-496545a6307b",
 			Relationship: ftypes.RelationshipIndirect,
 			ExternalReferences: []ftypes.ExternalRef{
 				{
@@ -324,7 +324,7 @@ var (
 		{
 			ID:           "github.com/aquasecurity/go-dep-parser@v0.0.0-20211224170007-df43bca6b6ff",
 			Name:         "github.com/aquasecurity/go-dep-parser",
-			Version:      "0.0.0-20211224170007-df43bca6b6ff",
+			Version:      "v0.0.0-20211224170007-df43bca6b6ff",
 			Relationship: ftypes.RelationshipDirect,
 			ExternalReferences: []ftypes.ExternalRef{
 				{
@@ -336,13 +336,13 @@ var (
 		{
 			ID:           "golang.org/x/xerrors@v0.0.0-20200804184101-5ec99f83aff1",
 			Name:         "golang.org/x/xerrors",
-			Version:      "0.0.0-20200804184101-5ec99f83aff1",
+			Version:      "v0.0.0-20200804184101-5ec99f83aff1",
 			Relationship: ftypes.RelationshipIndirect,
 		},
 		{
 			ID:           "gopkg.in/yaml.v3@v3.0.0-20210107192922-496545a6307b",
 			Name:         "gopkg.in/yaml.v3",
-			Version:      "3.0.0-20210107192922-496545a6307b",
+			Version:      "v3.0.0-20210107192922-496545a6307b",
 			Relationship: ftypes.RelationshipIndirect,
 			ExternalReferences: []ftypes.ExternalRef{
 				{
@@ -369,7 +369,7 @@ var (
 		{
 			ID:           "github.com/aquasecurity/go-dep-parser@v0.0.0-20211224170007-df43bca6b6ff",
 			Name:         "github.com/aquasecurity/go-dep-parser",
-			Version:      "0.0.0-20211224170007-df43bca6b6ff",
+			Version:      "v0.0.0-20211224170007-df43bca6b6ff",
 			Relationship: ftypes.RelationshipDirect,
 			ExternalReferences: []ftypes.ExternalRef{
 				{
@@ -396,7 +396,7 @@ var (
 		{
 			ID:           "github.com/aquasecurity/go-dep-parser@v0.0.0-20211224170007-df43bca6b6ff",
 			Name:         "github.com/aquasecurity/go-dep-parser",
-			Version:      "0.0.0-20211224170007-df43bca6b6ff",
+			Version:      "v0.0.0-20211224170007-df43bca6b6ff",
 			Relationship: ftypes.RelationshipDirect,
 			ExternalReferences: []ftypes.ExternalRef{
 				{
--- a/pkg/dependency/parser/golang/sum/parse.go
+++ b/pkg/dependency/parser/golang/sum/parse.go
@@ -32,7 +32,7 @@ func (p *Parser) Parse(r xio.ReadSeekerAt) ([]ftypes.Package, []ftypes.Dependenc

 		// go.sum records and sorts all non-major versions
 		// with the latest version as last entry
-		uniquePkgs[s[0]] = strings.TrimSuffix(strings.TrimPrefix(s[1], "v"), "/go.mod")
+		uniquePkgs[s[0]] = strings.TrimSuffix(s[1], "/go.mod")
 	}
 	if err := scanner.Err(); err != nil {
 		return nil, nil, xerrors.Errorf("scan error: %w", err)
--- a/pkg/dependency/parser/golang/sum/parse_testcase.go
+++ b/pkg/dependency/parser/golang/sum/parse_testcase.go
@@ -11,13 +11,13 @@ var (
 	// go get golang.org/x/xerrors
 	// go list -m all | awk 'NR>1 {sub(/^v/, "", $2); printf("{\""$1"\", \""$2"\", },\n")}'
 	GoModNormal = []ftypes.Package{
-		{Name: "golang.org/x/xerrors", Version: "0.0.0-20200804184101-5ec99f83aff1"},
+		{Name: "golang.org/x/xerrors", Version: "v0.0.0-20200804184101-5ec99f83aff1"},
 	}

 	// https://github.com/uudashr/gopkgs/blob/616744904701ef01d868da4b66aad0e6856c361d/v2/go.sum
 	GoModEmptyLine = []ftypes.Package{
-		{Name: "github.com/karrick/godirwalk", Version: "1.12.0"},
-		{Name: "github.com/pkg/errors", Version: "0.8.1"},
+		{Name: "github.com/karrick/godirwalk", Version: "v1.12.0"},
+		{Name: "github.com/pkg/errors", Version: "v0.8.1"},
 	}

 	// docker run --name gomod --rm -it golang:1.15 bash
@@ -31,19 +31,19 @@ var (
 	// go get github.com/BurntSushi/toml
 	// go list -m all | awk 'NR>1 {sub(/^v/, "", $2); printf("{\""$1"\", \""$2"\", },\n")}'
 	GoModMany = []ftypes.Package{
-		{Name: "github.com/BurntSushi/toml", Version: "0.3.1"},
-		{Name: "github.com/cpuguy83/go-md2man/v2", Version: "2.0.0-20190314233015-f79a8a8ca69d"},
-		{Name: "github.com/davecgh/go-spew", Version: "1.1.0"},
-		{Name: "github.com/pmezard/go-difflib", Version: "1.0.0"},
-		{Name: "github.com/russross/blackfriday/v2", Version: "2.0.1"},
-		{Name: "github.com/shurcooL/sanitized_anchor_name", Version: "1.0.0"},
-		{Name: "github.com/stretchr/objx", Version: "0.1.0"},
-		{Name: "github.com/stretchr/testify", Version: "1.7.0"},
-		{Name: "github.com/urfave/cli", Version: "1.22.5"},
-		{Name: "golang.org/x/xerrors", Version: "0.0.0-20200804184101-5ec99f83aff1"},
-		{Name: "gopkg.in/check.v1", Version: "0.0.0-20161208181325-20d25e280405"},
-		{Name: "gopkg.in/yaml.v2", Version: "2.2.2"},
-		{Name: "gopkg.in/yaml.v3", Version: "3.0.0-20200313102051-9f266ea9e77c"},
+		{Name: "github.com/BurntSushi/toml", Version: "v0.3.1"},
+		{Name: "github.com/cpuguy83/go-md2man/v2", Version: "v2.0.0-20190314233015-f79a8a8ca69d"},
+		{Name: "github.com/davecgh/go-spew", Version: "v1.1.0"},
+		{Name: "github.com/pmezard/go-difflib", Version: "v1.0.0"},
+		{Name: "github.com/russross/blackfriday/v2", Version: "v2.0.1"},
+		{Name: "github.com/shurcooL/sanitized_anchor_name", Version: "v1.0.0"},
+		{Name: "github.com/stretchr/objx", Version: "v0.1.0"},
+		{Name: "github.com/stretchr/testify", Version: "v1.7.0"},
+		{Name: "github.com/urfave/cli", Version: "v1.22.5"},
+		{Name: "golang.org/x/xerrors", Version: "v0.0.0-20200804184101-5ec99f83aff1"},
+		{Name: "gopkg.in/check.v1", Version: "v0.0.0-20161208181325-20d25e280405"},
+		{Name: "gopkg.in/yaml.v2", Version: "v2.2.2"},
+		{Name: "gopkg.in/yaml.v3", Version: "v3.0.0-20200313102051-9f266ea9e77c"},
 	}

 	// docker run --name gomod --rm -it golang:1.15 bash
@@ -54,341 +54,341 @@ var (
 	// go get github.com/aquasecurity/trivy
 	// go list -m all | awk 'NR>1 {sub(/^v/, "", $2); printf("{\""$1"\", \""$2"\", },\n")}'
 	GoModTrivy = []ftypes.Package{
-		{Name: "cloud.google.com/go", Version: "0.65.0"},
-		{Name: "cloud.google.com/go/bigquery", Version: "1.8.0"},
-		{Name: "cloud.google.com/go/datastore", Version: "1.1.0"},
-		{Name: "cloud.google.com/go/pubsub", Version: "1.3.1"},
-		{Name: "cloud.google.com/go/storage", Version: "1.10.0"},
-		{Name: "dmitri.shuralyov.com/gpu/mtl", Version: "0.0.0-20190408044501-666a987793e9"},
-		{Name: "github.com/Azure/azure-sdk-for-go", Version: "38.0.0+incompatible"},
-		{Name: "github.com/Azure/go-ansiterm", Version: "0.0.0-20170929234023-d6e3b3328b78"},
-		{Name: "github.com/Azure/go-autorest/autorest", Version: "0.9.3"},
-		{Name: "github.com/Azure/go-autorest/autorest/adal", Version: "0.8.1"},
-		{Name: "github.com/Azure/go-autorest/autorest/date", Version: "0.2.0"},
-		{Name: "github.com/Azure/go-autorest/autorest/mocks", Version: "0.3.0"},
-		{Name: "github.com/Azure/go-autorest/autorest/to", Version: "0.3.0"},
-		{Name: "github.com/Azure/go-autorest/autorest/validation", Version: "0.1.0"},
-		{Name: "github.com/Azure/go-autorest/logger", Version: "0.1.0"},
-		{Name: "github.com/Azure/go-autorest/tracing", Version: "0.5.0"},
-		{Name: "github.com/BurntSushi/toml", Version: "0.3.1"},
-		{Name: "github.com/BurntSushi/xgb", Version: "0.0.0-20160522181843-27f122750802"},
-		{Name: "github.com/GoogleCloudPlatform/docker-credential-gcr", Version: "1.5.0"},
-		{Name: "github.com/GoogleCloudPlatform/k8s-cloud-provider", Version: "0.0.0-20190822182118-27a4ced34534"},
-		{Name: "github.com/Microsoft/go-winio", Version: "0.4.15-0.20190919025122-fc70bd9a86b5"},
-		{Name: "github.com/Microsoft/hcsshim", Version: "0.8.6"},
-		{Name: "github.com/NYTimes/gziphandler", Version: "0.0.0-20170623195520-56545f4a5d46"},
-		{Name: "github.com/OneOfOne/xxhash", Version: "1.2.7"},
-		{Name: "github.com/PuerkitoBio/purell", Version: "1.1.1"},
-		{Name: "github.com/PuerkitoBio/urlesc", Version: "0.0.0-20170810143723-de5bf2ad4578"},
-		{Name: "github.com/VividCortex/ewma", Version: "1.1.1"},
-		{Name: "github.com/alcortesm/tgz", Version: "0.0.0-20161220082320-9c5fe88206d7"},
-		{Name: "github.com/alecthomas/template", Version: "0.0.0-20160405071501-a0175ee3bccc"},
-		{Name: "github.com/alecthomas/units", Version: "0.0.0-20151022065526-2efee857e7cf"},
-		{Name: "github.com/alicebob/gopher-json", Version: "0.0.0-20200520072559-a9ecdc9d1d3a"},
-		{Name: "github.com/alicebob/miniredis/v2", Version: "2.14.1"},
-		{Name: "github.com/anmitsu/go-shlex", Version: "0.0.0-20161002113705-648efa622239"},
-		{Name: "github.com/aquasecurity/bolt-fixtures", Version: "0.0.0-20200903104109-d34e7f983986"},
-		{Name: "github.com/aquasecurity/fanal", Version: "0.0.0-20210119051230-28c249da7cfd"},
-		{Name: "github.com/aquasecurity/go-dep-parser", Version: "0.0.0-20201028043324-889d4a92b8e0"},
-		{Name: "github.com/aquasecurity/go-gem-version", Version: "0.0.0-20201115065557-8eed6fe000ce"},
-		{Name: "github.com/aquasecurity/go-npm-version", Version: "0.0.0-20201110091526-0b796d180798"},
-		{Name: "github.com/aquasecurity/go-pep440-version", Version: "0.0.0-20210121094942-22b2f8951d46"},
-		{Name: "github.com/aquasecurity/go-version", Version: "0.0.0-20210121072130-637058cfe492"},
-		{Name: "github.com/aquasecurity/testdocker", Version: "0.0.0-20210106133225-0b17fe083674"},
-		{Name: "github.com/aquasecurity/trivy", Version: "0.16.0"},
-		{Name: "github.com/aquasecurity/trivy-db", Version: "0.0.0-20210105160501-c5bf4e153277"},
-		{Name: "github.com/aquasecurity/vuln-list-update", Version: "0.0.0-20191016075347-3d158c2bf9a2"},
-		{Name: "github.com/araddon/dateparse", Version: "0.0.0-20190426192744-0d74ffceef83"},
-		{Name: "github.com/armon/consul-api", Version: "0.0.0-20180202201655-eb2c6b5be1b6"},
-		{Name: "github.com/armon/go-socks5", Version: "0.0.0-20160902184237-e75332964ef5"},
-		{Name: "github.com/aws/aws-sdk-go", Version: "1.27.1"},
-		{Name: "github.com/beorn7/perks", Version: "1.0.0"},
-		{Name: "github.com/bgentry/speakeasy", Version: "0.1.0"},
-		{Name: "github.com/blang/semver", Version: "3.5.0+incompatible"},
-		{Name: "github.com/briandowns/spinner", Version: "1.12.0"},
-		{Name: "github.com/caarlos0/env/v6", Version: "6.0.0"},
-		{Name: "github.com/cenkalti/backoff", Version: "2.2.1+incompatible"},
-		{Name: "github.com/census-instrumentation/opencensus-proto", Version: "0.2.1"},
-		{Name: "github.com/cespare/xxhash/v2", Version: "2.1.1"},
-		{Name: "github.com/cheggaaa/pb/v3", Version: "3.0.3"},
-		{Name: "github.com/chzyer/logex", Version: "1.1.10"},
-		{Name: "github.com/chzyer/readline", Version: "0.0.0-20180603132655-2972be24d48e"},
-		{Name: "github.com/chzyer/test", Version: "0.0.0-20180213035817-a1ea475d72b1"},
-		{Name: "github.com/client9/misspell", Version: "0.3.4"},
-		{Name: "github.com/cncf/udpa/go", Version: "0.0.0-20191209042840-269d4d468f6f"},
-		{Name: "github.com/cockroachdb/datadriven", Version: "0.0.0-20190809214429-80d97fb3cbaa"},
-		{Name: "github.com/containerd/containerd", Version: "1.3.3"},
-		{Name: "github.com/containerd/continuity", Version: "0.0.0-20190426062206-aaeac12a7ffc"},
-		{Name: "github.com/coreos/etcd", Version: "3.3.10+incompatible"},
-		{Name: "github.com/coreos/go-etcd", Version: "2.0.0+incompatible"},
-		{Name: "github.com/coreos/go-oidc", Version: "2.1.0+incompatible"},
-		{Name: "github.com/coreos/go-semver", Version: "0.3.0"},
-		{Name: "github.com/coreos/go-systemd", Version: "0.0.0-20190321100706-95778dfbb74e"},
-		{Name: "github.com/coreos/pkg", Version: "0.0.0-20180108230652-97fdf19511ea"},
-		{Name: "github.com/cpuguy83/go-md2man", Version: "1.0.10"},
-		{Name: "github.com/cpuguy83/go-md2man/v2", Version: "2.0.0"},
-		{Name: "github.com/creack/pty", Version: "1.1.9"},
-		{Name: "github.com/davecgh/go-spew", Version: "1.1.1"},
-		{Name: "github.com/deckarep/golang-set", Version: "1.7.1"},
-		{Name: "github.com/dgrijalva/jwt-go", Version: "3.2.0+incompatible"},
-		{Name: "github.com/dgryski/go-rendezvous", Version: "0.0.0-20200823014737-9f7001d12a5f"},
-		{Name: "github.com/dnaeon/go-vcr", Version: "1.0.1"},
-		{Name: "github.com/docker/cli", Version: "0.0.0-20191017083524-a8ff7f821017"},
-		{Name: "github.com/docker/distribution", Version: "2.7.1+incompatible"},
-		{Name: "github.com/docker/docker", Version: "1.4.2-0.20190924003213-a8608b5b67c7"},
-		{Name: "github.com/docker/docker-credential-helpers", Version: "0.6.3"},
-		{Name: "github.com/docker/go-connections", Version: "0.4.0"},
-		{Name: "github.com/docker/go-units", Version: "0.4.0"},
-		{Name: "github.com/docker/spdystream", Version: "0.0.0-20160310174837-449fdfce4d96"},
-		{Name: "github.com/dustin/go-humanize", Version: "1.0.0"},
-		{Name: "github.com/elazarl/goproxy", Version: "0.0.0-20200809112317-0581fc3aee2d"},
-		{Name: "github.com/elazarl/goproxy/ext", Version: "0.0.0-20200809112317-0581fc3aee2d"},
-		{Name: "github.com/emicklei/go-restful", Version: "2.9.5+incompatible"},
-		{Name: "github.com/emirpasic/gods", Version: "1.12.0"},
-		{Name: "github.com/envoyproxy/go-control-plane", Version: "0.9.4"},
-		{Name: "github.com/envoyproxy/protoc-gen-validate", Version: "0.1.0"},
-		{Name: "github.com/evanphx/json-patch", Version: "4.2.0+incompatible"},
-		{Name: "github.com/fatih/color", Version: "1.10.0"},
-		{Name: "github.com/flynn/go-shlex", Version: "0.0.0-20150515145356-3f9db97f8568"},
-		{Name: "github.com/fsnotify/fsnotify", Version: "1.4.9"},
-		{Name: "github.com/ghodss/yaml", Version: "1.0.0"},
-		{Name: "github.com/gin-contrib/sse", Version: "0.1.0"},
-		{Name: "github.com/gin-gonic/gin", Version: "1.5.0"},
-		{Name: "github.com/gliderlabs/ssh", Version: "0.2.2"},
-		{Name: "github.com/go-git/gcfg", Version: "1.5.0"},
-		{Name: "github.com/go-git/go-billy/v5", Version: "5.0.0"},
-		{Name: "github.com/go-git/go-git-fixtures/v4", Version: "4.0.1"},
-		{Name: "github.com/go-git/go-git/v5", Version: "5.0.0"},
-		{Name: "github.com/go-gl/glfw", Version: "0.0.0-20190409004039-e6da0acd62b1"},
-		{Name: "github.com/go-gl/glfw/v3.3/glfw", Version: "0.0.0-20200222043503-6f7a984d4dc4"},
-		{Name: "github.com/go-kit/kit", Version: "0.8.0"},
-		{Name: "github.com/go-logfmt/logfmt", Version: "0.3.0"},
-		{Name: "github.com/go-logr/logr", Version: "0.1.0"},
-		{Name: "github.com/go-openapi/jsonpointer", Version: "0.19.3"},
-		{Name: "github.com/go-openapi/jsonreference", Version: "0.19.3"},
-		{Name: "github.com/go-openapi/spec", Version: "0.19.3"},
-		{Name: "github.com/go-openapi/swag", Version: "0.19.5"},
-		{Name: "github.com/go-playground/locales", Version: "0.13.0"},
-		{Name: "github.com/go-playground/universal-translator", Version: "0.17.0"},
-		{Name: "github.com/go-redis/redis", Version: "6.15.7+incompatible"},
-		{Name: "github.com/go-redis/redis/v8", Version: "8.4.0"},
-		{Name: "github.com/go-restruct/restruct", Version: "0.0.0-20191227155143-5734170a48a1"},
-		{Name: "github.com/go-sql-driver/mysql", Version: "1.5.0"},
-		{Name: "github.com/go-stack/stack", Version: "1.8.0"},
-		{Name: "github.com/gobwas/glob", Version: "0.2.3"},
-		{Name: "github.com/goccy/go-yaml", Version: "1.8.2"},
-		{Name: "github.com/gogo/protobuf", Version: "1.3.1"},
-		{Name: "github.com/golang/glog", Version: "0.0.0-20160126235308-23def4e6c14b"},
-		{Name: "github.com/golang/groupcache", Version: "0.0.0-20200121045136-8c9f03a8e57e"},
-		{Name: "github.com/golang/mock", Version: "1.4.4"},
-		{Name: "github.com/golang/protobuf", Version: "1.4.2"},
-		{Name: "github.com/google/btree", Version: "1.0.0"},
-		{Name: "github.com/google/go-cmp", Version: "0.5.3"},
-		{Name: "github.com/google/go-containerregistry", Version: "0.0.0-20200331213917-3d03ed9b1ca2"},
-		{Name: "github.com/google/go-github/v28", Version: "28.1.1"},
-		{Name: "github.com/google/go-querystring", Version: "1.0.0"},
-		{Name: "github.com/google/gofuzz", Version: "1.0.0"},
-		{Name: "github.com/google/martian", Version: "2.1.0+incompatible"},
-		{Name: "github.com/google/martian/v3", Version: "3.0.0"},
-		{Name: "github.com/google/pprof", Version: "0.0.0-20200708004538-1a94d8640e99"},
-		{Name: "github.com/google/renameio", Version: "0.1.0"},
-		{Name: "github.com/google/subcommands", Version: "1.0.1"},
-		{Name: "github.com/google/uuid", Version: "1.1.1"},
-		{Name: "github.com/google/wire", Version: "0.3.0"},
-		{Name: "github.com/googleapis/gax-go/v2", Version: "2.0.5"},
-		{Name: "github.com/googleapis/gnostic", Version: "0.2.2"},
-		{Name: "github.com/gophercloud/gophercloud", Version: "0.1.0"},
-		{Name: "github.com/gopherjs/gopherjs", Version: "0.0.0-20200217142428-fce0ec30dd00"},
-		{Name: "github.com/gorilla/context", Version: "1.1.1"},
-		{Name: "github.com/gorilla/mux", Version: "1.7.4"},
-		{Name: "github.com/gorilla/websocket", Version: "1.4.0"},
-		{Name: "github.com/gregjones/httpcache", Version: "0.0.0-20180305231024-9cad4c3443a7"},
-		{Name: "github.com/grpc-ecosystem/go-grpc-middleware", Version: "1.0.1-0.20190118093823-f849b5445de4"},
-		{Name: "github.com/grpc-ecosystem/go-grpc-prometheus", Version: "1.2.0"},
-		{Name: "github.com/grpc-ecosystem/grpc-gateway", Version: "1.9.5"},
-		{Name: "github.com/hashicorp/errwrap", Version: "1.0.0"},
-		{Name: "github.com/hashicorp/go-multierror", Version: "1.1.0"},
-		{Name: "github.com/hashicorp/go-version", Version: "1.2.1"},
-		{Name: "github.com/hashicorp/golang-lru", Version: "0.5.3"},
-		{Name: "github.com/hashicorp/hcl", Version: "1.0.0"},
-		{Name: "github.com/hpcloud/tail", Version: "1.0.0"},
-		{Name: "github.com/ianlancetaylor/demangle", Version: "0.0.0-20181102032728-5e5cf60278f6"},
-		{Name: "github.com/imdario/mergo", Version: "0.3.5"},
-		{Name: "github.com/inconshreveable/mousetrap", Version: "1.0.0"},
-		{Name: "github.com/jbenet/go-context", Version: "0.0.0-20150711004518-d14ea06fba99"},
-		{Name: "github.com/jessevdk/go-flags", Version: "1.4.0"},
-		{Name: "github.com/jmespath/go-jmespath", Version: "0.0.0-20180206201540-c2b33e8439af"},
-		{Name: "github.com/joefitzgerald/rainbow-reporter", Version: "0.1.0"},
-		{Name: "github.com/jonboulle/clockwork", Version: "0.1.0"},
-		{Name: "github.com/json-iterator/go", Version: "1.1.8"},
-		{Name: "github.com/jstemmer/go-junit-report", Version: "0.9.1"},
-		{Name: "github.com/jtolds/gls", Version: "4.20.0+incompatible"},
-		{Name: "github.com/julienschmidt/httprouter", Version: "1.2.0"},
-		{Name: "github.com/kevinburke/ssh_config", Version: "0.0.0-20190725054713-01f96b0aa0cd"},
-		{Name: "github.com/kisielk/errcheck", Version: "1.2.0"},
-		{Name: "github.com/kisielk/gotool", Version: "1.0.0"},
-		{Name: "github.com/knqyf263/go-apk-version", Version: "0.0.0-20200609155635-041fdbb8563f"},
-		{Name: "github.com/knqyf263/go-deb-version", Version: "0.0.0-20190517075300-09fca494f03d"},
-		{Name: "github.com/knqyf263/go-rpm-version", Version: "0.0.0-20170716094938-74609b86c936"},
-		{Name: "github.com/knqyf263/go-rpmdb", Version: "0.0.0-20201215100354-a9e3110d8ee1"},
-		{Name: "github.com/knqyf263/nested", Version: "0.0.1"},
-		{Name: "github.com/konsorten/go-windows-terminal-sequences", Version: "1.0.2"},
-		{Name: "github.com/kr/logfmt", Version: "0.0.0-20140226030751-b84e30acd515"},
-		{Name: "github.com/kr/pretty", Version: "0.1.0"},
-		{Name: "github.com/kr/pty", Version: "1.1.5"},
-		{Name: "github.com/kr/text", Version: "0.2.0"},
-		{Name: "github.com/kylelemons/godebug", Version: "1.1.0"},
-		{Name: "github.com/leodido/go-urn", Version: "1.2.0"},
-		{Name: "github.com/magiconair/properties", Version: "1.8.0"},
-		{Name: "github.com/mailru/easyjson", Version: "0.7.0"},
-		{Name: "github.com/mattn/go-colorable", Version: "0.1.8"},
-		{Name: "github.com/mattn/go-isatty", Version: "0.0.12"},
-		{Name: "github.com/mattn/go-jsonpointer", Version: "0.0.0-20180225143300-37667080efed"},
-		{Name: "github.com/mattn/go-runewidth", Version: "0.0.9"},
-		{Name: "github.com/matttproud/golang_protobuf_extensions", Version: "1.0.1"},
-		{Name: "github.com/maxbrunsfeld/counterfeiter/v6", Version: "6.2.2"},
-		{Name: "github.com/mitchellh/go-homedir", Version: "1.1.0"},
-		{Name: "github.com/mitchellh/mapstructure", Version: "1.1.2"},
-		{Name: "github.com/modern-go/concurrent", Version: "0.0.0-20180306012644-bacd9c7ef1dd"},
-		{Name: "github.com/modern-go/reflect2", Version: "1.0.1"},
-		{Name: "github.com/morikuni/aec", Version: "1.0.0"},
-		{Name: "github.com/munnerz/goautoneg", Version: "0.0.0-20191010083416-a7dc8b61c822"},
-		{Name: "github.com/mwitkow/go-conntrack", Version: "0.0.0-20161129095857-cc309e4a2223"},
-		{Name: "github.com/mxk/go-flowrate", Version: "0.0.0-20140419014527-cca7078d478f"},
-		{Name: "github.com/niemeyer/pretty", Version: "0.0.0-20200227124842-a10e7caefd8e"},
-		{Name: "github.com/nxadm/tail", Version: "1.4.4"},
-		{Name: "github.com/olekukonko/tablewriter", Version: "0.0.2-0.20190607075207-195002e6e56a"},
-		{Name: "github.com/onsi/ginkgo", Version: "1.14.2"},
-		{Name: "github.com/onsi/gomega", Version: "1.10.3"},
-		{Name: "github.com/open-policy-agent/opa", Version: "0.21.1"},
-		{Name: "github.com/opencontainers/go-digest", Version: "1.0.0-rc1"},
-		{Name: "github.com/opencontainers/image-spec", Version: "1.0.2-0.20190823105129-775207bd45b6"},
-		{Name: "github.com/opencontainers/runc", Version: "0.1.1"},
-		{Name: "github.com/parnurzeal/gorequest", Version: "0.2.16"},
-		{Name: "github.com/pelletier/go-toml", Version: "1.2.0"},
-		{Name: "github.com/peterbourgon/diskv", Version: "2.0.1+incompatible"},
-		{Name: "github.com/peterh/liner", Version: "0.0.0-20170211195444-bf27d3ba8e1d"},
-		{Name: "github.com/pkg/errors", Version: "0.9.1"},
-		{Name: "github.com/pmezard/go-difflib", Version: "1.0.0"},
-		{Name: "github.com/pquerna/cachecontrol", Version: "0.0.0-20171018203845-0dec1b30a021"},
-		{Name: "github.com/prometheus/client_golang", Version: "1.0.0"},
-		{Name: "github.com/prometheus/client_model", Version: "0.0.0-20190812154241-14fe0d1b01d4"},
-		{Name: "github.com/prometheus/common", Version: "0.4.1"},
-		{Name: "github.com/prometheus/procfs", Version: "0.0.2"},
-		{Name: "github.com/rcrowley/go-metrics", Version: "0.0.0-20181016184325-3113b8401b8a"},
-		{Name: "github.com/remyoudompheng/bigfft", Version: "0.0.0-20170806203942-52369c62f446"},
-		{Name: "github.com/rogpeppe/fastuuid", Version: "0.0.0-20150106093220-6724a57986af"},
-		{Name: "github.com/rogpeppe/go-charset", Version: "0.0.0-20180617210344-2471d30d28b4"},
-		{Name: "github.com/rogpeppe/go-internal", Version: "1.3.0"},
-		{Name: "github.com/rubiojr/go-vhd", Version: "0.0.0-20160810183302-0bfd3b39853c"},
-		{Name: "github.com/russross/blackfriday", Version: "1.5.2"},
-		{Name: "github.com/russross/blackfriday/v2", Version: "2.0.1"},
-		{Name: "github.com/saracen/walker", Version: "0.0.0-20191201085201-324a081bae7e"},
-		{Name: "github.com/satori/go.uuid", Version: "1.2.0"},
-		{Name: "github.com/sclevine/spec", Version: "1.2.0"},
-		{Name: "github.com/sergi/go-diff", Version: "1.1.0"},
-		{Name: "github.com/shurcooL/sanitized_anchor_name", Version: "1.0.0"},
-		{Name: "github.com/simplereach/timeutils", Version: "1.2.0"},
-		{Name: "github.com/sirupsen/logrus", Version: "1.5.0"},
-		{Name: "github.com/smartystreets/assertions", Version: "1.2.0"},
-		{Name: "github.com/smartystreets/goconvey", Version: "1.6.4"},
-		{Name: "github.com/soheilhy/cmux", Version: "0.1.4"},
-		{Name: "github.com/sosedoff/gitkit", Version: "0.2.0"},
-		{Name: "github.com/spf13/afero", Version: "1.2.2"},
-		{Name: "github.com/spf13/cast", Version: "1.3.0"},
-		{Name: "github.com/spf13/cobra", Version: "0.0.5"},
-		{Name: "github.com/spf13/jwalterweatherman", Version: "1.0.0"},
-		{Name: "github.com/spf13/pflag", Version: "1.0.5"},
-		{Name: "github.com/spf13/viper", Version: "1.3.2"},
-		{Name: "github.com/stretchr/objx", Version: "0.3.0"},
-		{Name: "github.com/stretchr/testify", Version: "1.6.1"},
-		{Name: "github.com/testcontainers/testcontainers-go", Version: "0.3.1"},
-		{Name: "github.com/tmc/grpc-websocket-proxy", Version: "0.0.0-20170815181823-89b8d40f7ca8"},
-		{Name: "github.com/twitchtv/twirp", Version: "5.10.1+incompatible"},
-		{Name: "github.com/ugorji/go", Version: "1.1.7"},
-		{Name: "github.com/ugorji/go/codec", Version: "1.1.7"},
-		{Name: "github.com/urfave/cli", Version: "1.22.5"},
-		{Name: "github.com/urfave/cli/v2", Version: "2.3.0"},
-		{Name: "github.com/vdemeester/k8s-pkg-credentialprovider", Version: "1.17.4"},
-		{Name: "github.com/vmware/govmomi", Version: "0.20.3"},
-		{Name: "github.com/xanzy/ssh-agent", Version: "0.2.1"},
-		{Name: "github.com/xiang90/probing", Version: "0.0.0-20190116061207-43a291ad63a2"},
-		{Name: "github.com/xordataexchange/crypt", Version: "0.0.3-0.20170626215501-b2862e3d0a77"},
-		{Name: "github.com/yashtewari/glob-intersection", Version: "0.0.0-20180916065949-5c77d914dd0b"},
-		{Name: "github.com/yuin/goldmark", Version: "1.1.32"},
-		{Name: "github.com/yuin/gopher-lua", Version: "0.0.0-20191220021717-ab39c6098bdb"},
-		{Name: "go.etcd.io/bbolt", Version: "1.3.5"},
-		{Name: "go.etcd.io/etcd", Version: "0.0.0-20191023171146-3cf2f69b5738"},
-		{Name: "go.opencensus.io", Version: "0.22.4"},
-		{Name: "go.opentelemetry.io/otel", Version: "0.14.0"},
-		{Name: "go.uber.org/atomic", Version: "1.5.1"},
-		{Name: "go.uber.org/multierr", Version: "1.4.0"},
-		{Name: "go.uber.org/tools", Version: "0.0.0-20190618225709-2cfd321de3ee"},
-		{Name: "go.uber.org/zap", Version: "1.13.0"},
-		{Name: "golang.org/x/crypto", Version: "0.0.0-20201002170205-7f63de1d35b0"},
-		{Name: "golang.org/x/exp", Version: "0.0.0-20200224162631-6cc2880d07d6"},
-		{Name: "golang.org/x/image", Version: "0.0.0-20190802002840-cff245a6509b"},
-		{Name: "golang.org/x/lint", Version: "0.0.0-20200302205851-738671d3881b"},
-		{Name: "golang.org/x/mobile", Version: "0.0.0-20190719004257-d2bd2a29d028"},
-		{Name: "golang.org/x/mod", Version: "0.3.0"},
-		{Name: "golang.org/x/net", Version: "0.0.0-20201006153459-a7d1128ccaa0"},
-		{Name: "golang.org/x/oauth2", Version: "0.0.0-20201208152858-08078c50e5b5"},
-		{Name: "golang.org/x/sync", Version: "0.0.0-20200625203802-6e8e738ad208"},
-		{Name: "golang.org/x/sys", Version: "0.0.0-20201006155630-ac719f4daadf"},
-		{Name: "golang.org/x/text", Version: "0.3.3"},
-		{Name: "golang.org/x/time", Version: "0.0.0-20191024005414-555d28b269f0"},
-		{Name: "golang.org/x/tools", Version: "0.0.0-20200825202427-b303f430e36d"},
-		{Name: "golang.org/x/xerrors", Version: "0.0.0-20200804184101-5ec99f83aff1"},
-		{Name: "gonum.org/v1/gonum", Version: "0.0.0-20190331200053-3d26580ed485"},
-		{Name: "gonum.org/v1/netlib", Version: "0.0.0-20190331212654-76723241ea4e"},
-		{Name: "google.golang.org/api", Version: "0.30.0"},
-		{Name: "google.golang.org/appengine", Version: "1.6.6"},
-		{Name: "google.golang.org/genproto", Version: "0.0.0-20200825200019-8632dd797987"},
-		{Name: "google.golang.org/grpc", Version: "1.31.0"},
-		{Name: "google.golang.org/protobuf", Version: "1.25.0"},
-		{Name: "gopkg.in/alecthomas/kingpin.v2", Version: "2.2.6"},
-		{Name: "gopkg.in/check.v1", Version: "1.0.0-20200902074654-038fdea0a05b"},
-		{Name: "gopkg.in/cheggaaa/pb.v1", Version: "1.0.28"},
-		{Name: "gopkg.in/errgo.v2", Version: "2.1.0"},
-		{Name: "gopkg.in/fsnotify.v1", Version: "1.4.7"},
-		{Name: "gopkg.in/gcfg.v1", Version: "1.2.0"},
-		{Name: "gopkg.in/go-playground/assert.v1", Version: "1.2.1"},
-		{Name: "gopkg.in/go-playground/validator.v9", Version: "9.31.0"},
-		{Name: "gopkg.in/inf.v0", Version: "0.9.1"},
-		{Name: "gopkg.in/mgo.v2", Version: "2.0.0-20180705113604-9856a29383ce"},
-		{Name: "gopkg.in/natefinch/lumberjack.v2", Version: "2.0.0"},
-		{Name: "gopkg.in/resty.v1", Version: "1.12.0"},
-		{Name: "gopkg.in/square/go-jose.v2", Version: "2.2.2"},
-		{Name: "gopkg.in/tomb.v1", Version: "1.0.0-20141024135613-dd632973f1e7"},
-		{Name: "gopkg.in/warnings.v0", Version: "0.1.2"},
-		{Name: "gopkg.in/yaml.v2", Version: "2.4.0"},
-		{Name: "gopkg.in/yaml.v3", Version: "3.0.0-20200615113413-eeeca48fe776"},
-		{Name: "gotest.tools", Version: "2.2.0+incompatible"},
-		{Name: "honnef.co/go/tools", Version: "0.0.1-2020.1.4"},
-		{Name: "k8s.io/api", Version: "0.17.4"},
-		{Name: "k8s.io/apimachinery", Version: "0.17.4"},
-		{Name: "k8s.io/apiserver", Version: "0.17.4"},
-		{Name: "k8s.io/client-go", Version: "0.17.4"},
-		{Name: "k8s.io/cloud-provider", Version: "0.17.4"},
-		{Name: "k8s.io/code-generator", Version: "0.17.2"},
-		{Name: "k8s.io/component-base", Version: "0.17.4"},
-		{Name: "k8s.io/csi-translation-lib", Version: "0.17.4"},
-		{Name: "k8s.io/gengo", Version: "0.0.0-20190822140433-26a664648505"},
-		{Name: "k8s.io/klog", Version: "1.0.0"},
-		{Name: "k8s.io/klog/v2", Version: "2.0.0"},
-		{Name: "k8s.io/kube-openapi", Version: "0.0.0-20191107075043-30be4d16710a"},
-		{Name: "k8s.io/legacy-cloud-providers", Version: "0.17.4"},
-		{Name: "k8s.io/utils", Version: "0.0.0-20201110183641-67b214c5f920"},
-		{Name: "modernc.org/cc", Version: "1.0.0"},
-		{Name: "modernc.org/golex", Version: "1.0.0"},
-		{Name: "modernc.org/mathutil", Version: "1.0.0"},
-		{Name: "modernc.org/strutil", Version: "1.0.0"},
-		{Name: "modernc.org/xc", Version: "1.0.0"},
-		{Name: "moul.io/http2curl", Version: "1.0.0"},
-		{Name: "rsc.io/binaryregexp", Version: "0.2.0"},
-		{Name: "rsc.io/quote/v3", Version: "3.1.0"},
-		{Name: "rsc.io/sampler", Version: "1.3.0"},
-		{Name: "sigs.k8s.io/structured-merge-diff", Version: "1.0.1-0.20191108220359-b1b620dd3f06"},
-		{Name: "sigs.k8s.io/yaml", Version: "1.1.0"},
+		{Name: "cloud.google.com/go", Version: "v0.65.0"},
+		{Name: "cloud.google.com/go/bigquery", Version: "v1.8.0"},
+		{Name: "cloud.google.com/go/datastore", Version: "v1.1.0"},
+		{Name: "cloud.google.com/go/pubsub", Version: "v1.3.1"},
+		{Name: "cloud.google.com/go/storage", Version: "v1.10.0"},
+		{Name: "dmitri.shuralyov.com/gpu/mtl", Version: "v0.0.0-20190408044501-666a987793e9"},
+		{Name: "github.com/Azure/azure-sdk-for-go", Version: "v38.0.0+incompatible"},
+		{Name: "github.com/Azure/go-ansiterm", Version: "v0.0.0-20170929234023-d6e3b3328b78"},
+		{Name: "github.com/Azure/go-autorest/autorest", Version: "v0.9.3"},
+		{Name: "github.com/Azure/go-autorest/autorest/adal", Version: "v0.8.1"},
+		{Name: "github.com/Azure/go-autorest/autorest/date", Version: "v0.2.0"},
+		{Name: "github.com/Azure/go-autorest/autorest/mocks", Version: "v0.3.0"},
+		{Name: "github.com/Azure/go-autorest/autorest/to", Version: "v0.3.0"},
+		{Name: "github.com/Azure/go-autorest/autorest/validation", Version: "v0.1.0"},
+		{Name: "github.com/Azure/go-autorest/logger", Version: "v0.1.0"},
+		{Name: "github.com/Azure/go-autorest/tracing", Version: "v0.5.0"},
+		{Name: "github.com/BurntSushi/toml", Version: "v0.3.1"},
+		{Name: "github.com/BurntSushi/xgb", Version: "v0.0.0-20160522181843-27f122750802"},
+		{Name: "github.com/GoogleCloudPlatform/docker-credential-gcr", Version: "v1.5.0"},
+		{Name: "github.com/GoogleCloudPlatform/k8s-cloud-provider", Version: "v0.0.0-20190822182118-27a4ced34534"},
+		{Name: "github.com/Microsoft/go-winio", Version: "v0.4.15-0.20190919025122-fc70bd9a86b5"},
+		{Name: "github.com/Microsoft/hcsshim", Version: "v0.8.6"},
+		{Name: "github.com/NYTimes/gziphandler", Version: "v0.0.0-20170623195520-56545f4a5d46"},
+		{Name: "github.com/OneOfOne/xxhash", Version: "v1.2.7"},
+		{Name: "github.com/PuerkitoBio/purell", Version: "v1.1.1"},
+		{Name: "github.com/PuerkitoBio/urlesc", Version: "v0.0.0-20170810143723-de5bf2ad4578"},
+		{Name: "github.com/VividCortex/ewma", Version: "v1.1.1"},
+		{Name: "github.com/alcortesm/tgz", Version: "v0.0.0-20161220082320-9c5fe88206d7"},
+		{Name: "github.com/alecthomas/template", Version: "v0.0.0-20160405071501-a0175ee3bccc"},
+		{Name: "github.com/alecthomas/units", Version: "v0.0.0-20151022065526-2efee857e7cf"},
+		{Name: "github.com/alicebob/gopher-json", Version: "v0.0.0-20200520072559-a9ecdc9d1d3a"},
+		{Name: "github.com/alicebob/miniredis/v2", Version: "v2.14.1"},
+		{Name: "github.com/anmitsu/go-shlex", Version: "v0.0.0-20161002113705-648efa622239"},
+		{Name: "github.com/aquasecurity/bolt-fixtures", Version: "v0.0.0-20200903104109-d34e7f983986"},
+		{Name: "github.com/aquasecurity/fanal", Version: "v0.0.0-20210119051230-28c249da7cfd"},
+		{Name: "github.com/aquasecurity/go-dep-parser", Version: "v0.0.0-20201028043324-889d4a92b8e0"},
+		{Name: "github.com/aquasecurity/go-gem-version", Version: "v0.0.0-20201115065557-8eed6fe000ce"},
+		{Name: "github.com/aquasecurity/go-npm-version", Version: "v0.0.0-20201110091526-0b796d180798"},
+		{Name: "github.com/aquasecurity/go-pep440-version", Version: "v0.0.0-20210121094942-22b2f8951d46"},
+		{Name: "github.com/aquasecurity/go-version", Version: "v0.0.0-20210121072130-637058cfe492"},
+		{Name: "github.com/aquasecurity/testdocker", Version: "v0.0.0-20210106133225-0b17fe083674"},
+		{Name: "github.com/aquasecurity/trivy", Version: "v0.16.0"},
+		{Name: "github.com/aquasecurity/trivy-db", Version: "v0.0.0-20210105160501-c5bf4e153277"},
+		{Name: "github.com/aquasecurity/vuln-list-update", Version: "v0.0.0-20191016075347-3d158c2bf9a2"},
+		{Name: "github.com/araddon/dateparse", Version: "v0.0.0-20190426192744-0d74ffceef83"},
+		{Name: "github.com/armon/consul-api", Version: "v0.0.0-20180202201655-eb2c6b5be1b6"},
+		{Name: "github.com/armon/go-socks5", Version: "v0.0.0-20160902184237-e75332964ef5"},
+		{Name: "github.com/aws/aws-sdk-go", Version: "v1.27.1"},
+		{Name: "github.com/beorn7/perks", Version: "v1.0.0"},
+		{Name: "github.com/bgentry/speakeasy", Version: "v0.1.0"},
+		{Name: "github.com/blang/semver", Version: "v3.5.0+incompatible"},
+		{Name: "github.com/briandowns/spinner", Version: "v1.12.0"},
+		{Name: "github.com/caarlos0/env/v6", Version: "v6.0.0"},
+		{Name: "github.com/cenkalti/backoff", Version: "v2.2.1+incompatible"},
+		{Name: "github.com/census-instrumentation/opencensus-proto", Version: "v0.2.1"},
+		{Name: "github.com/cespare/xxhash/v2", Version: "v2.1.1"},
+		{Name: "github.com/cheggaaa/pb/v3", Version: "v3.0.3"},
+		{Name: "github.com/chzyer/logex", Version: "v1.1.10"},
+		{Name: "github.com/chzyer/readline", Version: "v0.0.0-20180603132655-2972be24d48e"},
+		{Name: "github.com/chzyer/test", Version: "v0.0.0-20180213035817-a1ea475d72b1"},
+		{Name: "github.com/client9/misspell", Version: "v0.3.4"},
+		{Name: "github.com/cncf/udpa/go", Version: "v0.0.0-20191209042840-269d4d468f6f"},
+		{Name: "github.com/cockroachdb/datadriven", Version: "v0.0.0-20190809214429-80d97fb3cbaa"},
+		{Name: "github.com/containerd/containerd", Version: "v1.3.3"},
+		{Name: "github.com/containerd/continuity", Version: "v0.0.0-20190426062206-aaeac12a7ffc"},
+		{Name: "github.com/coreos/etcd", Version: "v3.3.10+incompatible"},
+		{Name: "github.com/coreos/go-etcd", Version: "v2.0.0+incompatible"},
+		{Name: "github.com/coreos/go-oidc", Version: "v2.1.0+incompatible"},
+		{Name: "github.com/coreos/go-semver", Version: "v0.3.0"},
+		{Name: "github.com/coreos/go-systemd", Version: "v0.0.0-20190321100706-95778dfbb74e"},
+		{Name: "github.com/coreos/pkg", Version: "v0.0.0-20180108230652-97fdf19511ea"},
+		{Name: "github.com/cpuguy83/go-md2man", Version: "v1.0.10"},
+		{Name: "github.com/cpuguy83/go-md2man/v2", Version: "v2.0.0"},
+		{Name: "github.com/creack/pty", Version: "v1.1.9"},
+		{Name: "github.com/davecgh/go-spew", Version: "v1.1.1"},
+		{Name: "github.com/deckarep/golang-set", Version: "v1.7.1"},
+		{Name: "github.com/dgrijalva/jwt-go", Version: "v3.2.0+incompatible"},
+		{Name: "github.com/dgryski/go-rendezvous", Version: "v0.0.0-20200823014737-9f7001d12a5f"},
+		{Name: "github.com/dnaeon/go-vcr", Version: "v1.0.1"},
+		{Name: "github.com/docker/cli", Version: "v0.0.0-20191017083524-a8ff7f821017"},
+		{Name: "github.com/docker/distribution", Version: "v2.7.1+incompatible"},
+		{Name: "github.com/docker/docker", Version: "v1.4.2-0.20190924003213-a8608b5b67c7"},
+		{Name: "github.com/docker/docker-credential-helpers", Version: "v0.6.3"},
+		{Name: "github.com/docker/go-connections", Version: "v0.4.0"},
+		{Name: "github.com/docker/go-units", Version: "v0.4.0"},
+		{Name: "github.com/docker/spdystream", Version: "v0.0.0-20160310174837-449fdfce4d96"},
+		{Name: "github.com/dustin/go-humanize", Version: "v1.0.0"},
+		{Name: "github.com/elazarl/goproxy", Version: "v0.0.0-20200809112317-0581fc3aee2d"},
+		{Name: "github.com/elazarl/goproxy/ext", Version: "v0.0.0-20200809112317-0581fc3aee2d"},
+		{Name: "github.com/emicklei/go-restful", Version: "v2.9.5+incompatible"},
+		{Name: "github.com/emirpasic/gods", Version: "v1.12.0"},
+		{Name: "github.com/envoyproxy/go-control-plane", Version: "v0.9.4"},
+		{Name: "github.com/envoyproxy/protoc-gen-validate", Version: "v0.1.0"},
+		{Name: "github.com/evanphx/json-patch", Version: "v4.2.0+incompatible"},
+		{Name: "github.com/fatih/color", Version: "v1.10.0"},
+		{Name: "github.com/flynn/go-shlex", Version: "v0.0.0-20150515145356-3f9db97f8568"},
+		{Name: "github.com/fsnotify/fsnotify", Version: "v1.4.9"},
+		{Name: "github.com/ghodss/yaml", Version: "v1.0.0"},
+		{Name: "github.com/gin-contrib/sse", Version: "v0.1.0"},
+		{Name: "github.com/gin-gonic/gin", Version: "v1.5.0"},
+		{Name: "github.com/gliderlabs/ssh", Version: "v0.2.2"},
+		{Name: "github.com/go-git/gcfg", Version: "v1.5.0"},
+		{Name: "github.com/go-git/go-billy/v5", Version: "v5.0.0"},
+		{Name: "github.com/go-git/go-git-fixtures/v4", Version: "v4.0.1"},
+		{Name: "github.com/go-git/go-git/v5", Version: "v5.0.0"},
+		{Name: "github.com/go-gl/glfw", Version: "v0.0.0-20190409004039-e6da0acd62b1"},
+		{Name: "github.com/go-gl/glfw/v3.3/glfw", Version: "v0.0.0-20200222043503-6f7a984d4dc4"},
+		{Name: "github.com/go-kit/kit", Version: "v0.8.0"},
+		{Name: "github.com/go-logfmt/logfmt", Version: "v0.3.0"},
+		{Name: "github.com/go-logr/logr", Version: "v0.1.0"},
+		{Name: "github.com/go-openapi/jsonpointer", Version: "v0.19.3"},
+		{Name: "github.com/go-openapi/jsonreference", Version: "v0.19.3"},
+		{Name: "github.com/go-openapi/spec", Version: "v0.19.3"},
+		{Name: "github.com/go-openapi/swag", Version: "v0.19.5"},
+		{Name: "github.com/go-playground/locales", Version: "v0.13.0"},
+		{Name: "github.com/go-playground/universal-translator", Version: "v0.17.0"},
+		{Name: "github.com/go-redis/redis", Version: "v6.15.7+incompatible"},
+		{Name: "github.com/go-redis/redis/v8", Version: "v8.4.0"},
+		{Name: "github.com/go-restruct/restruct", Version: "v0.0.0-20191227155143-5734170a48a1"},
+		{Name: "github.com/go-sql-driver/mysql", Version: "v1.5.0"},
+		{Name: "github.com/go-stack/stack", Version: "v1.8.0"},
+		{Name: "github.com/gobwas/glob", Version: "v0.2.3"},
+		{Name: "github.com/goccy/go-yaml", Version: "v1.8.2"},
+		{Name: "github.com/gogo/protobuf", Version: "v1.3.1"},
+		{Name: "github.com/golang/glog", Version: "v0.0.0-20160126235308-23def4e6c14b"},
+		{Name: "github.com/golang/groupcache", Version: "v0.0.0-20200121045136-8c9f03a8e57e"},
+		{Name: "github.com/golang/mock", Version: "v1.4.4"},
+		{Name: "github.com/golang/protobuf", Version: "v1.4.2"},
+		{Name: "github.com/google/btree", Version: "v1.0.0"},
+		{Name: "github.com/google/go-cmp", Version: "v0.5.3"},
+		{Name: "github.com/google/go-containerregistry", Version: "v0.0.0-20200331213917-3d03ed9b1ca2"},
+		{Name: "github.com/google/go-github/v28", Version: "v28.1.1"},
+		{Name: "github.com/google/go-querystring", Version: "v1.0.0"},
+		{Name: "github.com/google/gofuzz", Version: "v1.0.0"},
+		{Name: "github.com/google/martian", Version: "v2.1.0+incompatible"},
+		{Name: "github.com/google/martian/v3", Version: "v3.0.0"},
+		{Name: "github.com/google/pprof", Version: "v0.0.0-20200708004538-1a94d8640e99"},
+		{Name: "github.com/google/renameio", Version: "v0.1.0"},
+		{Name: "github.com/google/subcommands", Version: "v1.0.1"},
+		{Name: "github.com/google/uuid", Version: "v1.1.1"},
+		{Name: "github.com/google/wire", Version: "v0.3.0"},
+		{Name: "github.com/googleapis/gax-go/v2", Version: "v2.0.5"},
+		{Name: "github.com/googleapis/gnostic", Version: "v0.2.2"},
+		{Name: "github.com/gophercloud/gophercloud", Version: "v0.1.0"},
+		{Name: "github.com/gopherjs/gopherjs", Version: "v0.0.0-20200217142428-fce0ec30dd00"},
+		{Name: "github.com/gorilla/context", Version: "v1.1.1"},
+		{Name: "github.com/gorilla/mux", Version: "v1.7.4"},
+		{Name: "github.com/gorilla/websocket", Version: "v1.4.0"},
+		{Name: "github.com/gregjones/httpcache", Version: "v0.0.0-20180305231024-9cad4c3443a7"},
+		{Name: "github.com/grpc-ecosystem/go-grpc-middleware", Version: "v1.0.1-0.20190118093823-f849b5445de4"},
+		{Name: "github.com/grpc-ecosystem/go-grpc-prometheus", Version: "v1.2.0"},
+		{Name: "github.com/grpc-ecosystem/grpc-gateway", Version: "v1.9.5"},
+		{Name: "github.com/hashicorp/errwrap", Version: "v1.0.0"},
+		{Name: "github.com/hashicorp/go-multierror", Version: "v1.1.0"},
+		{Name: "github.com/hashicorp/go-version", Version: "v1.2.1"},
+		{Name: "github.com/hashicorp/golang-lru", Version: "v0.5.3"},
+		{Name: "github.com/hashicorp/hcl", Version: "v1.0.0"},
+		{Name: "github.com/hpcloud/tail", Version: "v1.0.0"},
+		{Name: "github.com/ianlancetaylor/demangle", Version: "v0.0.0-20181102032728-5e5cf60278f6"},
+		{Name: "github.com/imdario/mergo", Version: "v0.3.5"},
+		{Name: "github.com/inconshreveable/mousetrap", Version: "v1.0.0"},
+		{Name: "github.com/jbenet/go-context", Version: "v0.0.0-20150711004518-d14ea06fba99"},
+		{Name: "github.com/jessevdk/go-flags", Version: "v1.4.0"},
+		{Name: "github.com/jmespath/go-jmespath", Version: "v0.0.0-20180206201540-c2b33e8439af"},
+		{Name: "github.com/joefitzgerald/rainbow-reporter", Version: "v0.1.0"},
+		{Name: "github.com/jonboulle/clockwork", Version: "v0.1.0"},
+		{Name: "github.com/json-iterator/go", Version: "v1.1.8"},
+		{Name: "github.com/jstemmer/go-junit-report", Version: "v0.9.1"},
+		{Name: "github.com/jtolds/gls", Version: "v4.20.0+incompatible"},
+		{Name: "github.com/julienschmidt/httprouter", Version: "v1.2.0"},
+		{Name: "github.com/kevinburke/ssh_config", Version: "v0.0.0-20190725054713-01f96b0aa0cd"},
+		{Name: "github.com/kisielk/errcheck", Version: "v1.2.0"},
+		{Name: "github.com/kisielk/gotool", Version: "v1.0.0"},
+		{Name: "github.com/knqyf263/go-apk-version", Version: "v0.0.0-20200609155635-041fdbb8563f"},
+		{Name: "github.com/knqyf263/go-deb-version", Version: "v0.0.0-20190517075300-09fca494f03d"},
+		{Name: "github.com/knqyf263/go-rpm-version", Version: "v0.0.0-20170716094938-74609b86c936"},
+		{Name: "github.com/knqyf263/go-rpmdb", Version: "v0.0.0-20201215100354-a9e3110d8ee1"},
+		{Name: "github.com/knqyf263/nested", Version: "v0.0.1"},
+		{Name: "github.com/konsorten/go-windows-terminal-sequences", Version: "v1.0.2"},
+		{Name: "github.com/kr/logfmt", Version: "v0.0.0-20140226030751-b84e30acd515"},
+		{Name: "github.com/kr/pretty", Version: "v0.1.0"},
+		{Name: "github.com/kr/pty", Version: "v1.1.5"},
+		{Name: "github.com/kr/text", Version: "v0.2.0"},
+		{Name: "github.com/kylelemons/godebug", Version: "v1.1.0"},
+		{Name: "github.com/leodido/go-urn", Version: "v1.2.0"},
+		{Name: "github.com/magiconair/properties", Version: "v1.8.0"},
+		{Name: "github.com/mailru/easyjson", Version: "v0.7.0"},
+		{Name: "github.com/mattn/go-colorable", Version: "v0.1.8"},
+		{Name: "github.com/mattn/go-isatty", Version: "v0.0.12"},
+		{Name: "github.com/mattn/go-jsonpointer", Version: "v0.0.0-20180225143300-37667080efed"},
+		{Name: "github.com/mattn/go-runewidth", Version: "v0.0.9"},
+		{Name: "github.com/matttproud/golang_protobuf_extensions", Version: "v1.0.1"},
+		{Name: "github.com/maxbrunsfeld/counterfeiter/v6", Version: "v6.2.2"},
+		{Name: "github.com/mitchellh/go-homedir", Version: "v1.1.0"},
+		{Name: "github.com/mitchellh/mapstructure", Version: "v1.1.2"},
+		{Name: "github.com/modern-go/concurrent", Version: "v0.0.0-20180306012644-bacd9c7ef1dd"},
+		{Name: "github.com/modern-go/reflect2", Version: "v1.0.1"},
+		{Name: "github.com/morikuni/aec", Version: "v1.0.0"},
+		{Name: "github.com/munnerz/goautoneg", Version: "v0.0.0-20191010083416-a7dc8b61c822"},
+		{Name: "github.com/mwitkow/go-conntrack", Version: "v0.0.0-20161129095857-cc309e4a2223"},
+		{Name: "github.com/mxk/go-flowrate", Version: "v0.0.0-20140419014527-cca7078d478f"},
+		{Name: "github.com/niemeyer/pretty", Version: "v0.0.0-20200227124842-a10e7caefd8e"},
+		{Name: "github.com/nxadm/tail", Version: "v1.4.4"},
+		{Name: "github.com/olekukonko/tablewriter", Version: "v0.0.2-0.20190607075207-195002e6e56a"},
+		{Name: "github.com/onsi/ginkgo", Version: "v1.14.2"},
+		{Name: "github.com/onsi/gomega", Version: "v1.10.3"},
+		{Name: "github.com/open-policy-agent/opa", Version: "v0.21.1"},
+		{Name: "github.com/opencontainers/go-digest", Version: "v1.0.0-rc1"},
+		{Name: "github.com/opencontainers/image-spec", Version: "v1.0.2-0.20190823105129-775207bd45b6"},
+		{Name: "github.com/opencontainers/runc", Version: "v0.1.1"},
+		{Name: "github.com/parnurzeal/gorequest", Version: "v0.2.16"},
+		{Name: "github.com/pelletier/go-toml", Version: "v1.2.0"},
+		{Name: "github.com/peterbourgon/diskv", Version: "v2.0.1+incompatible"},
+		{Name: "github.com/peterh/liner", Version: "v0.0.0-20170211195444-bf27d3ba8e1d"},
+		{Name: "github.com/pkg/errors", Version: "v0.9.1"},
+		{Name: "github.com/pmezard/go-difflib", Version: "v1.0.0"},
+		{Name: "github.com/pquerna/cachecontrol", Version: "v0.0.0-20171018203845-0dec1b30a021"},
+		{Name: "github.com/prometheus/client_golang", Version: "v1.0.0"},
+		{Name: "github.com/prometheus/client_model", Version: "v0.0.0-20190812154241-14fe0d1b01d4"},
+		{Name: "github.com/prometheus/common", Version: "v0.4.1"},
+		{Name: "github.com/prometheus/procfs", Version: "v0.0.2"},
+		{Name: "github.com/rcrowley/go-metrics", Version: "v0.0.0-20181016184325-3113b8401b8a"},
+		{Name: "github.com/remyoudompheng/bigfft", Version: "v0.0.0-20170806203942-52369c62f446"},
+		{Name: "github.com/rogpeppe/fastuuid", Version: "v0.0.0-20150106093220-6724a57986af"},
+		{Name: "github.com/rogpeppe/go-charset", Version: "v0.0.0-20180617210344-2471d30d28b4"},
+		{Name: "github.com/rogpeppe/go-internal", Version: "v1.3.0"},
+		{Name: "github.com/rubiojr/go-vhd", Version: "v0.0.0-20160810183302-0bfd3b39853c"},
+		{Name: "github.com/russross/blackfriday", Version: "v1.5.2"},
+		{Name: "github.com/russross/blackfriday/v2", Version: "v2.0.1"},
+		{Name: "github.com/saracen/walker", Version: "v0.0.0-20191201085201-324a081bae7e"},
+		{Name: "github.com/satori/go.uuid", Version: "v1.2.0"},
+		{Name: "github.com/sclevine/spec", Version: "v1.2.0"},
+		{Name: "github.com/sergi/go-diff", Version: "v1.1.0"},
+		{Name: "github.com/shurcooL/sanitized_anchor_name", Version: "v1.0.0"},
+		{Name: "github.com/simplereach/timeutils", Version: "v1.2.0"},
+		{Name: "github.com/sirupsen/logrus", Version: "v1.5.0"},
+		{Name: "github.com/smartystreets/assertions", Version: "v1.2.0"},
+		{Name: "github.com/smartystreets/goconvey", Version: "v1.6.4"},
+		{Name: "github.com/soheilhy/cmux", Version: "v0.1.4"},
+		{Name: "github.com/sosedoff/gitkit", Version: "v0.2.0"},
+		{Name: "github.com/spf13/afero", Version: "v1.2.2"},
+		{Name: "github.com/spf13/cast", Version: "v1.3.0"},
+		{Name: "github.com/spf13/cobra", Version: "v0.0.5"},
+		{Name: "github.com/spf13/jwalterweatherman", Version: "v1.0.0"},
+		{Name: "github.com/spf13/pflag", Version: "v1.0.5"},
+		{Name: "github.com/spf13/viper", Version: "v1.3.2"},
+		{Name: "github.com/stretchr/objx", Version: "v0.3.0"},
+		{Name: "github.com/stretchr/testify", Version: "v1.6.1"},
+		{Name: "github.com/testcontainers/testcontainers-go", Version: "v0.3.1"},
+		{Name: "github.com/tmc/grpc-websocket-proxy", Version: "v0.0.0-20170815181823-89b8d40f7ca8"},
+		{Name: "github.com/twitchtv/twirp", Version: "v5.10.1+incompatible"},
+		{Name: "github.com/ugorji/go", Version: "v1.1.7"},
+		{Name: "github.com/ugorji/go/codec", Version: "v1.1.7"},
+		{Name: "github.com/urfave/cli", Version: "v1.22.5"},
+		{Name: "github.com/urfave/cli/v2", Version: "v2.3.0"},
+		{Name: "github.com/vdemeester/k8s-pkg-credentialprovider", Version: "v1.17.4"},
+		{Name: "github.com/vmware/govmomi", Version: "v0.20.3"},
+		{Name: "github.com/xanzy/ssh-agent", Version: "v0.2.1"},
+		{Name: "github.com/xiang90/probing", Version: "v0.0.0-20190116061207-43a291ad63a2"},
+		{Name: "github.com/xordataexchange/crypt", Version: "v0.0.3-0.20170626215501-b2862e3d0a77"},
+		{Name: "github.com/yashtewari/glob-intersection", Version: "v0.0.0-20180916065949-5c77d914dd0b"},
+		{Name: "github.com/yuin/goldmark", Version: "v1.1.32"},
+		{Name: "github.com/yuin/gopher-lua", Version: "v0.0.0-20191220021717-ab39c6098bdb"},
+		{Name: "go.etcd.io/bbolt", Version: "v1.3.5"},
+		{Name: "go.etcd.io/etcd", Version: "v0.0.0-20191023171146-3cf2f69b5738"},
+		{Name: "go.opencensus.io", Version: "v0.22.4"},
+		{Name: "go.opentelemetry.io/otel", Version: "v0.14.0"},
+		{Name: "go.uber.org/atomic", Version: "v1.5.1"},
+		{Name: "go.uber.org/multierr", Version: "v1.4.0"},
+		{Name: "go.uber.org/tools", Version: "v0.0.0-20190618225709-2cfd321de3ee"},
+		{Name: "go.uber.org/zap", Version: "v1.13.0"},
+		{Name: "golang.org/x/crypto", Version: "v0.0.0-20201002170205-7f63de1d35b0"},
+		{Name: "golang.org/x/exp", Version: "v0.0.0-20200224162631-6cc2880d07d6"},
+		{Name: "golang.org/x/image", Version: "v0.0.0-20190802002840-cff245a6509b"},
+		{Name: "golang.org/x/lint", Version: "v0.0.0-20200302205851-738671d3881b"},
+		{Name: "golang.org/x/mobile", Version: "v0.0.0-20190719004257-d2bd2a29d028"},
+		{Name: "golang.org/x/mod", Version: "v0.3.0"},
+		{Name: "golang.org/x/net", Version: "v0.0.0-20201006153459-a7d1128ccaa0"},
+		{Name: "golang.org/x/oauth2", Version: "v0.0.0-20201208152858-08078c50e5b5"},
+		{Name: "golang.org/x/sync", Version: "v0.0.0-20200625203802-6e8e738ad208"},
+		{Name: "golang.org/x/sys", Version: "v0.0.0-20201006155630-ac719f4daadf"},
+		{Name: "golang.org/x/text", Version: "v0.3.3"},
+		{Name: "golang.org/x/time", Version: "v0.0.0-20191024005414-555d28b269f0"},
+		{Name: "golang.org/x/tools", Version: "v0.0.0-20200825202427-b303f430e36d"},
+		{Name: "golang.org/x/xerrors", Version: "v0.0.0-20200804184101-5ec99f83aff1"},
+		{Name: "gonum.org/v1/gonum", Version: "v0.0.0-20190331200053-3d26580ed485"},
+		{Name: "gonum.org/v1/netlib", Version: "v0.0.0-20190331212654-76723241ea4e"},
+		{Name: "google.golang.org/api", Version: "v0.30.0"},
+		{Name: "google.golang.org/appengine", Version: "v1.6.6"},
+		{Name: "google.golang.org/genproto", Version: "v0.0.0-20200825200019-8632dd797987"},
+		{Name: "google.golang.org/grpc", Version: "v1.31.0"},
+		{Name: "google.golang.org/protobuf", Version: "v1.25.0"},
+		{Name: "gopkg.in/alecthomas/kingpin.v2", Version: "v2.2.6"},
+		{Name: "gopkg.in/check.v1", Version: "v1.0.0-20200902074654-038fdea0a05b"},
+		{Name: "gopkg.in/cheggaaa/pb.v1", Version: "v1.0.28"},
+		{Name: "gopkg.in/errgo.v2", Version: "v2.1.0"},
+		{Name: "gopkg.in/fsnotify.v1", Version: "v1.4.7"},
+		{Name: "gopkg.in/gcfg.v1", Version: "v1.2.0"},
+		{Name: "gopkg.in/go-playground/assert.v1", Version: "v1.2.1"},
+		{Name: "gopkg.in/go-playground/validator.v9", Version: "v9.31.0"},
+		{Name: "gopkg.in/inf.v0", Version: "v0.9.1"},
+		{Name: "gopkg.in/mgo.v2", Version: "v2.0.0-20180705113604-9856a29383ce"},
+		{Name: "gopkg.in/natefinch/lumberjack.v2", Version: "v2.0.0"},
+		{Name: "gopkg.in/resty.v1", Version: "v1.12.0"},
+		{Name: "gopkg.in/square/go-jose.v2", Version: "v2.2.2"},
+		{Name: "gopkg.in/tomb.v1", Version: "v1.0.0-20141024135613-dd632973f1e7"},
+		{Name: "gopkg.in/warnings.v0", Version: "v0.1.2"},
+		{Name: "gopkg.in/yaml.v2", Version: "v2.4.0"},
+		{Name: "gopkg.in/yaml.v3", Version: "v3.0.0-20200615113413-eeeca48fe776"},
+		{Name: "gotest.tools", Version: "v2.2.0+incompatible"},
+		{Name: "honnef.co/go/tools", Version: "v0.0.1-2020.1.4"},
+		{Name: "k8s.io/api", Version: "v0.17.4"},
+		{Name: "k8s.io/apimachinery", Version: "v0.17.4"},
+		{Name: "k8s.io/apiserver", Version: "v0.17.4"},
+		{Name: "k8s.io/client-go", Version: "v0.17.4"},
+		{Name: "k8s.io/cloud-provider", Version: "v0.17.4"},
+		{Name: "k8s.io/code-generator", Version: "v0.17.2"},
+		{Name: "k8s.io/component-base", Version: "v0.17.4"},
+		{Name: "k8s.io/csi-translation-lib", Version: "v0.17.4"},
+		{Name: "k8s.io/gengo", Version: "v0.0.0-20190822140433-26a664648505"},
+		{Name: "k8s.io/klog", Version: "v1.0.0"},
+		{Name: "k8s.io/klog/v2", Version: "v2.0.0"},
+		{Name: "k8s.io/kube-openapi", Version: "v0.0.0-20191107075043-30be4d16710a"},
+		{Name: "k8s.io/legacy-cloud-providers", Version: "v0.17.4"},
+		{Name: "k8s.io/utils", Version: "v0.0.0-20201110183641-67b214c5f920"},
+		{Name: "modernc.org/cc", Version: "v1.0.0"},
+		{Name: "modernc.org/golex", Version: "v1.0.0"},
+		{Name: "modernc.org/mathutil", Version: "v1.0.0"},
+		{Name: "modernc.org/strutil", Version: "v1.0.0"},
+		{Name: "modernc.org/xc", Version: "v1.0.0"},
+		{Name: "moul.io/http2curl", Version: "v1.0.0"},
+		{Name: "rsc.io/binaryregexp", Version: "v0.2.0"},
+		{Name: "rsc.io/quote/v3", Version: "v3.1.0"},
+		{Name: "rsc.io/sampler", Version: "v1.3.0"},
+		{Name: "sigs.k8s.io/structured-merge-diff", Version: "v1.0.1-0.20191108220359-b1b620dd3f06"},
+		{Name: "sigs.k8s.io/yaml", Version: "v1.1.0"},
 	}
 )
--- a/pkg/dependency/parser/java/pom/artifact.go
+++ b/pkg/dependency/parser/java/pom/artifact.go
@@ -163,7 +163,7 @@ func evaluateVariable(s string, props map[string]string, seenProps []string) str
 		}
 		s = strings.ReplaceAll(s, m[0], newValue)
 	}
-	return s
+	return strings.TrimSpace(s)
 }

 func printLoopedPropertiesStack(env string, usedProps []string) {
--- a/pkg/dependency/parser/java/pom/parse.go
+++ b/pkg/dependency/parser/java/pom/parse.go
@@ -96,7 +96,7 @@ func NewParser(filePath string, opts ...option) *Parser {
 }

 func (p *Parser) Parse(r xio.ReadSeekerAt) ([]ftypes.Package, []ftypes.Dependency, error) {
-	content, err := parsePom(r)
+	content, err := parsePom(r, true)
 	if err != nil {
 		return nil, nil, xerrors.Errorf("failed to parse POM: %w", err)
 	}
@@ -107,7 +107,7 @@ func (p *Parser) Parse(r xio.ReadSeekerAt) ([]ftypes.Package, []ftypes.Dependenc
 	}

 	// Analyze root POM
-	result, err := p.analyze(root, analysisOptions{lineNumber: true})
+	result, err := p.analyze(root, analysisOptions{})
 	if err != nil {
 		return nil, nil, xerrors.Errorf("analyze error (%s): %w", p.rootPath, err)
 	}
@@ -330,53 +330,27 @@ type analysisResult struct {
 type analysisOptions struct {
 	exclusions    map[string]struct{}
 	depManagement []pomDependency // from the root POM
-	lineNumber    bool            // Save line numbers
 }

 func (p *Parser) analyze(pom *pom, opts analysisOptions) (analysisResult, error) {
-	if pom == nil || pom.content == nil {
+	if pom.nil() {
 		return analysisResult{}, nil
 	}
-
 	// Update remoteRepositories
 	pomReleaseRemoteRepos, pomSnapshotRemoteRepos := pom.repositories(p.servers)
 	p.releaseRemoteRepos = lo.Uniq(append(pomReleaseRemoteRepos, p.releaseRemoteRepos...))
 	p.snapshotRemoteRepos = lo.Uniq(append(pomSnapshotRemoteRepos, p.snapshotRemoteRepos...))

-	// We need to forward dependencyManagements from current and root pom to Parent,
-	// to use them for dependencies in parent.
-	// For better understanding see the following tests:
-	// - `dependency from parent uses version from child pom depManagement`
-	// - `dependency from parent uses version from root pom depManagement`
-	//
-	// depManagements from root pom has higher priority than depManagements from current pom.
-	depManagementForParent := lo.UniqBy(append(opts.depManagement, pom.content.DependencyManagement.Dependencies.Dependency...),
-		func(dep pomDependency) string {
-			return dep.Name()
-		})
-
-	// Parent
-	parent, err := p.parseParent(pom.filePath, pom.content.Parent, depManagementForParent)
-	if err != nil {
-		return analysisResult{}, xerrors.Errorf("parent error: %w", err)
+	// Resolve parent POM
+	if err := p.resolveParent(pom); err != nil {
+		return analysisResult{}, xerrors.Errorf("pom resolve error: %w", err)
 	}

-	// Inherit values/properties from parent
-	pom.inherit(parent)
-
-	// Generate properties
+	// Resolve dependencies
 	props := pom.properties()
-
-	// dependencyManagements have the next priority:
-	// 1. Managed dependencies from this POM
-	// 2. Managed dependencies from parent of this POM
-	depManagement := p.mergeDependencyManagements(pom.content.DependencyManagement.Dependencies.Dependency,
-		parent.dependencyManagement)
-
-	// Merge dependencies. Child dependencies must be preferred than parent dependencies.
-	// Parents don't have to resolve dependencies.
+	depManagement := pom.content.DependencyManagement.Dependencies.Dependency
 	deps := p.parseDependencies(pom.content.Dependencies.Dependency, props, depManagement, opts)
-	deps = p.mergeDependencies(parent.dependencies, deps, opts.exclusions)
+	deps = p.filterDependencies(deps, opts.exclusions)

 	return analysisResult{
 		filePath:             pom.filePath,
@@ -388,6 +362,39 @@ func (p *Parser) analyze(pom *pom, opts analysisOptions) (analysisResult, error)
 	}, nil
 }

+// resolveParent resolves its parent POMs and inherits properties, dependencies, and dependencyManagement.
+func (p *Parser) resolveParent(pom *pom) error {
+	if pom.nil() {
+		return nil
+	}
+
+	// Parse parent POM
+	parent, err := p.parseParent(pom.filePath, pom.content.Parent)
+	if err != nil {
+		return xerrors.Errorf("parent error: %w", err)
+	}
+
+	// Inherit values/properties from parent
+	pom.inherit(parent)
+
+	// Merge properties
+	pom.content.Properties = p.mergeProperties(pom.content.Properties, parent.content.Properties)
+
+	// Merge dependencyManagement with the following priority:
+	// 1. Managed dependencies from this POM
+	// 2. Managed dependencies from parent of this POM
+	pom.content.DependencyManagement.Dependencies.Dependency = p.mergeDependencyManagements(
+		pom.content.DependencyManagement.Dependencies.Dependency,
+		parent.content.DependencyManagement.Dependencies.Dependency)
+
+	// Merge dependencies
+	pom.content.Dependencies.Dependency = p.mergeDependencies(
+		pom.content.Dependencies.Dependency,
+		parent.content.Dependencies.Dependency)
+
+	return nil
+}
+
 func (p *Parser) mergeDependencyManagements(depManagements ...[]pomDependency) []pomDependency {
 	uniq := make(map[string]struct{})
 	var depManagement []pomDependency
@@ -463,22 +470,20 @@ func (p *Parser) resolveDepManagement(props map[string]string, depManagement []p
 	return newDepManagement
 }

-func (p *Parser) mergeDependencies(parent, child []artifact, exclusions map[string]struct{}) []artifact {
-	var deps []artifact
-	unique := make(map[string]struct{})
+func (p *Parser) mergeProperties(child, parent properties) properties {
+	return lo.Assign(parent, child)
+}

-	for _, d := range append(child, parent...) {
-		if excludeDep(exclusions, d) {
-			continue
-		}
-		if _, ok := unique[d.Name()]; ok {
-			continue
-		}
-		unique[d.Name()] = struct{}{}
-		deps = append(deps, d)
-	}
+func (p *Parser) mergeDependencies(child, parent []pomDependency) []pomDependency {
+	return lo.UniqBy(append(child, parent...), func(d pomDependency) string {
+		return d.Name()
+	})
+}

-	return deps
+func (p *Parser) filterDependencies(artifacts []artifact, exclusions map[string]struct{}) []artifact {
+	return lo.Filter(artifacts, func(art artifact, _ int) bool {
+		return !excludeDep(exclusions, art)
+	})
 }

 func excludeDep(exclusions map[string]struct{}, art artifact) bool {
@@ -497,38 +502,29 @@ func excludeDep(exclusions map[string]struct{}, art artifact) bool {
 	return false
 }

-func (p *Parser) parseParent(currentPath string, parent pomParent, rootDepManagement []pomDependency) (analysisResult, error) {
+func (p *Parser) parseParent(currentPath string, parent pomParent) (*pom, error) {
 	// Pass nil properties so that variables in <parent> are not evaluated.
 	target := newArtifact(parent.GroupId, parent.ArtifactId, parent.Version, nil, nil)
 	// if version is property (e.g. ${revision}) - we still need to parse this pom
 	if target.IsEmpty() && !isProperty(parent.Version) {
-		return analysisResult{}, nil
+		return &pom{content: &pomXML{}}, nil
 	}

 	logger := p.logger.With("artifact", target.String())
 	logger.Debug("Start parent")
 	defer logger.Debug("Exit parent")

-	// If the artifact is found in cache, it is returned.
-	if result := p.cache.get(target); result != nil {
-		return *result, nil
-	}
-
 	parentPOM, err := p.retrieveParent(currentPath, parent.RelativePath, target)
 	if err != nil {
 		logger.Debug("Parent POM not found", log.Err(err))
+		return &pom{content: &pomXML{}}, nil
 	}

-	result, err := p.analyze(parentPOM, analysisOptions{
-		depManagement: rootDepManagement,
-	})
-	if err != nil {
-		return analysisResult{}, xerrors.Errorf("analyze error: %w", err)
+	if err = p.resolveParent(parentPOM); err != nil {
+		return nil, xerrors.Errorf("parent pom resolve error: %w", err)
 	}

-	p.cache.put(target, result)
-
-	return result, nil
+	return parentPOM, nil
 }

 func (p *Parser) retrieveParent(currentPath, relativePath string, target artifact) (*pom, error) {
@@ -565,7 +561,7 @@ func (p *Parser) retrieveParent(currentPath, relativePath string, target artifac
 }

 func (p *Parser) tryRelativePath(parentArtifact artifact, currentPath, relativePath string) (*pom, error) {
-	pom, err := p.openRelativePom(currentPath, relativePath)
+	parsedPOM, err := p.openRelativePom(currentPath, relativePath)
 	if err != nil {
 		return nil, err
 	}
@@ -576,19 +572,18 @@ func (p *Parser) tryRelativePath(parentArtifact artifact, currentPath, relativeP
 	// But GroupID can be inherited from parent (`p.analyze` function is required to get the GroupID).
 	// Version can contain a property (`p.analyze` function is required to get the GroupID).
 	// So we can only match ArtifactID's.
-	if pom.artifact().ArtifactID != parentArtifact.ArtifactID {
+	if parsedPOM.artifact().ArtifactID != parentArtifact.ArtifactID {
 		return nil, xerrors.New("'parent.relativePath' points at wrong local POM")
 	}
-	result, err := p.analyze(pom, analysisOptions{})
-	if err != nil {
+	if err := p.resolveParent(parsedPOM); err != nil {
 		return nil, xerrors.Errorf("analyze error: %w", err)
 	}

-	if !parentArtifact.Equal(result.artifact) {
+	if !parentArtifact.Equal(parsedPOM.artifact()) {
 		return nil, xerrors.New("'parent.relativePath' points at wrong local POM")
 	}

-	return pom, nil
+	return parsedPOM, nil
 }

 func (p *Parser) openRelativePom(currentPath, relativePath string) (*pom, error) {
@@ -620,7 +615,7 @@ func (p *Parser) openPom(filePath string) (*pom, error) {
 	}
 	defer f.Close()

-	content, err := parsePom(f)
+	content, err := parsePom(f, false)
 	if err != nil {
 		return nil, xerrors.Errorf("failed to parse the local POM: %w", err)
 	}
@@ -708,7 +703,7 @@ func (p *Parser) remoteRepoRequest(repo string, paths []string) (*http.Request,
 	paths = append([]string{repoURL.Path}, paths...)
 	repoURL.Path = path.Join(paths...)

-	req, err := http.NewRequest("GET", repoURL.String(), http.NoBody)
+	req, err := http.NewRequest(http.MethodGet, repoURL.String(), http.NoBody)
 	if err != nil {
 		return nil, xerrors.Errorf("unable to create HTTP request: %w", err)
 	}
@@ -777,7 +772,7 @@ func (p *Parser) fetchPOMFromRemoteRepository(repo string, paths []string) (*pom
 	}
 	defer resp.Body.Close()

-	content, err := parsePom(resp.Body)
+	content, err := parsePom(resp.Body, false)
 	if err != nil {
 		return nil, xerrors.Errorf("failed to parse the remote POM: %w", err)
 	}
@@ -788,13 +783,19 @@ func (p *Parser) fetchPOMFromRemoteRepository(repo string, paths []string) (*pom
 	}, nil
 }

-func parsePom(r io.Reader) (*pomXML, error) {
+func parsePom(r io.Reader, lineNumber bool) (*pomXML, error) {
 	parsed := &pomXML{}
 	decoder := xml.NewDecoder(r)
 	decoder.CharsetReader = charset.NewReaderLabel
 	if err := decoder.Decode(parsed); err != nil {
 		return nil, xerrors.Errorf("xml decode error: %w", err)
 	}
+	if !lineNumber {
+		for i := range parsed.Dependencies.Dependency {
+			parsed.Dependencies.Dependency[i].StartLine = 0
+			parsed.Dependencies.Dependency[i].EndLine = 0
+		}
+	}
 	return parsed, nil
 }

--- a/pkg/dependency/parser/java/pom/parse_test.go
+++ b/pkg/dependency/parser/java/pom/parse_test.go
@@ -14,6 +14,100 @@ import (
 	ftypes "github.com/aquasecurity/trivy/pkg/fanal/types"
 )

+var (
+	exampleNestedScopeCompile = func(start, end int) ftypes.Package {
+		var location ftypes.Locations
+		if start != 0 && end != 0 {
+			location = append(location, ftypes.Location{
+				StartLine: start,
+				EndLine:   end,
+			})
+		}
+		return ftypes.Package{
+			ID:           "org.example:example-nested-scope-compile:1.0.0",
+			Name:         "org.example:example-nested-scope-compile",
+			Version:      "1.0.0",
+			Relationship: ftypes.RelationshipDirect,
+			Locations:    location,
+		}
+	}
+
+	exampleNestedScopeEmpty = func(start, end int) ftypes.Package {
+		var location ftypes.Locations
+		if start != 0 && end != 0 {
+			location = append(location, ftypes.Location{
+				StartLine: start,
+				EndLine:   end,
+			})
+		}
+		return ftypes.Package{
+			ID:           "org.example:example-nested-scope-empty:1.0.0",
+			Name:         "org.example:example-nested-scope-empty",
+			Version:      "1.0.0",
+			Relationship: ftypes.RelationshipDirect,
+			Locations:    location,
+		}
+	}
+
+	exampleNestedScopeRuntime = func(start, end int) ftypes.Package {
+		var location ftypes.Locations
+		if start != 0 && end != 0 {
+			location = append(location, ftypes.Location{
+				StartLine: start,
+				EndLine:   end,
+			})
+		}
+		return ftypes.Package{
+			ID:           "org.example:example-nested-scope-runtime:1.0.0",
+			Name:         "org.example:example-nested-scope-runtime",
+			Version:      "1.0.0",
+			Relationship: ftypes.RelationshipDirect,
+			Locations:    location,
+		}
+	}
+
+	exampleScopeCompile = ftypes.Package{
+		ID:           "org.example:example-scope-compile:2.0.0",
+		Name:         "org.example:example-scope-compile",
+		Version:      "2.0.0",
+		Relationship: ftypes.RelationshipIndirect,
+	}
+
+	exampleScopeEmpty = ftypes.Package{
+		ID:           "org.example:example-scope-empty:2.0.0",
+		Name:         "org.example:example-scope-empty",
+		Version:      "2.0.0",
+		Relationship: ftypes.RelationshipIndirect,
+	}
+
+	exampleScopeRuntime = ftypes.Package{
+		ID:           "org.example:example-scope-runtime:2.0.0",
+		Name:         "org.example:example-scope-runtime",
+		Version:      "2.0.0",
+		Relationship: ftypes.RelationshipIndirect,
+	}
+	exampleApiCompile = ftypes.Package{
+		ID:           "org.example:example-api-compile:3.0.0",
+		Name:         "org.example:example-api-compile",
+		Version:      "3.0.0",
+		Relationship: ftypes.RelationshipIndirect,
+	}
+
+	exampleApiEmpty = ftypes.Package{
+		ID:           "org.example:example-api-empty:3.0.0",
+		Name:         "org.example:example-api-empty",
+		Version:      "3.0.0",
+		Relationship: ftypes.RelationshipIndirect,
+	}
+
+	exampleApiRuntime = ftypes.Package{
+		ID:           "org.example:example-api-runtime:3.0.0",
+		Name:         "org.example:example-api-runtime",
+		Version:      "3.0.0",
+		Relationship: ftypes.RelationshipIndirect,
+	}
+)
+
 func TestPom_Parse(t *testing.T) {
 	tests := []struct {
 		name      string
@@ -1630,6 +1724,320 @@ func TestPom_Parse(t *testing.T) {
 				},
 			},
 		},
+		// [INFO] com.example:child-depManagement-in-parent:jar:1.0.0
+		// [INFO] +- org.example:example-api2:jar:1.0.2:runtime
+		// [INFO] +- org.example:example-api3:jar:4.0.3:compile
+		// [INFO] \- org.example:example-api:jar:1.0.1:compile
+		{
+			name:      "dependency from parent uses version from child(scanned) pom depManagement",
+			inputFile: filepath.Join("testdata", "use-child-dep-management-in-parent", "pom.xml"),
+			local:     true,
+			want: []ftypes.Package{
+				{
+					ID:           "com.example:child-depManagement-in-parent:1.0.0",
+					Name:         "com.example:child-depManagement-in-parent",
+					Version:      "1.0.0",
+					Relationship: ftypes.RelationshipRoot,
+				},
+				{
+					ID:           "org.example:example-api:1.0.1",
+					Name:         "org.example:example-api",
+					Version:      "1.0.1",
+					Relationship: ftypes.RelationshipDirect,
+				},
+				{
+					ID:           "org.example:example-api2:1.0.2",
+					Name:         "org.example:example-api2",
+					Version:      "1.0.2",
+					Relationship: ftypes.RelationshipDirect,
+				},
+				{
+					ID:           "org.example:example-api3:4.0.3",
+					Name:         "org.example:example-api3",
+					Version:      "4.0.3",
+					Relationship: ftypes.RelationshipDirect,
+				},
+			},
+			wantDeps: []ftypes.Dependency{
+				{
+					ID: "com.example:child-depManagement-in-parent:1.0.0",
+					DependsOn: []string{
+						"org.example:example-api2:1.0.2",
+						"org.example:example-api3:4.0.3",
+						"org.example:example-api:1.0.1",
+					},
+				},
+			},
+		},
+		// [INFO] com.example:inherit-scopes-from-child-deps-and-their-parents:jar:0.0.1
+		// [INFO] +- org.example:example-nested-scope-runtime:jar:1.0.0:runtime
+		// [INFO] |  \- org.example:example-scope-runtime:jar:2.0.0:runtime
+		// [INFO] |     \- org.example:example-api-runtime:jar:3.0.0:runtime
+		// [INFO] +- org.example:example-nested-scope-compile:jar:1.0.0:compile
+		// [INFO] |  \- org.example:example-scope-compile:jar:2.0.0:compile
+		// [INFO] |     \- org.example:example-api-compile:jar:3.0.0:compile
+		// [INFO] \- org.example:example-nested-scope-empty:jar:1.0.0:compile
+		// [INFO]    \- org.example:example-scope-empty:jar:2.0.0:compile
+		// [INFO]       \- org.example:example-api-empty:jar:3.0.0:compile
+		//
+		// `example-nested-*" dependencies and their parents contain `dependencyManagement` with changed scopes
+		{
+			name:      "inherit scopes from child dependencies and their parents",
+			inputFile: filepath.Join("testdata", "inherit-scopes-from-child-deps-and-their-parents", "pom.xml"),
+			local:     true,
+			want: []ftypes.Package{
+				{
+					ID:           "com.example:inherit-scopes-from-child-deps-and-their-parents:0.0.1",
+					Name:         "com.example:inherit-scopes-from-child-deps-and-their-parents",
+					Version:      "0.0.1",
+					Relationship: ftypes.RelationshipRoot,
+				},
+				exampleNestedScopeCompile(16, 21),
+				exampleNestedScopeEmpty(22, 26),
+				exampleNestedScopeRuntime(10, 15),
+				exampleApiCompile,
+				exampleApiEmpty,
+				exampleApiRuntime,
+				exampleScopeCompile,
+				exampleScopeEmpty,
+				exampleScopeRuntime,
+			},
+			wantDeps: []ftypes.Dependency{
+				{
+					ID: "com.example:inherit-scopes-from-child-deps-and-their-parents:0.0.1",
+					DependsOn: []string{
+						"org.example:example-nested-scope-compile:1.0.0",
+						"org.example:example-nested-scope-empty:1.0.0",
+						"org.example:example-nested-scope-runtime:1.0.0",
+					},
+				},
+				{
+					ID: "org.example:example-nested-scope-compile:1.0.0",
+					DependsOn: []string{
+						"org.example:example-scope-compile:2.0.0",
+					},
+				},
+				{
+					ID: "org.example:example-nested-scope-empty:1.0.0",
+					DependsOn: []string{
+						"org.example:example-scope-empty:2.0.0",
+					},
+				},
+				{
+					ID: "org.example:example-nested-scope-runtime:1.0.0",
+					DependsOn: []string{
+						"org.example:example-scope-runtime:2.0.0",
+					},
+				},
+				{
+					ID: "org.example:example-scope-compile:2.0.0",
+					DependsOn: []string{
+						"org.example:example-api-compile:3.0.0",
+					},
+				},
+				{
+					ID: "org.example:example-scope-empty:2.0.0",
+					DependsOn: []string{
+						"org.example:example-api-empty:3.0.0",
+					},
+				},
+				{
+					ID: "org.example:example-scope-runtime:2.0.0",
+					DependsOn: []string{
+						"org.example:example-api-runtime:3.0.0",
+					},
+				},
+			},
+		},
+		// [INFO] com.example:inherit-scopes-in-parents-from-root:jar:0.1.0
+		// [INFO] +- org.example:example-nested-scope-runtime:jar:1.0.0:runtime
+		// [INFO] |  \- org.example:example-scope-runtime:jar:2.0.0:compile
+		// [INFO] |     \- org.example:example-api-runtime:jar:3.0.0:runtime
+		// [INFO] +- org.example:example-nested-scope-compile:jar:1.0.0:compile
+		// [INFO] |  \- org.example:example-scope-compile:jar:2.0.0:runtime
+		// [INFO] |     \- org.example:example-api-compile:jar:3.0.0:test
+		// [INFO] \- org.example:example-nested-scope-empty:jar:1.0.0:compile
+		// [INFO]    \- org.example:example-scope-empty:jar:2.0.0:runtime
+		// [INFO]       \- org.example:example-api-empty:jar:3.0.0:test
+		//
+		// `example-nested-*" dependencies and their parents contain `dependencyManagement` with changed scopes
+		// scopes from `dependencyManagement` of root pom are used
+		{
+			name:      "inherit scopes in children from root pom",
+			inputFile: filepath.Join("testdata", "inherit-scopes-in-children-from-root", "pom.xml"),
+			local:     true,
+			want: []ftypes.Package{
+				{
+					ID:           "com.example:inherit-scopes-in-children-from-root:0.0.1",
+					Name:         "com.example:inherit-scopes-in-children-from-root",
+					Version:      "0.0.1",
+					Relationship: ftypes.RelationshipRoot,
+				},
+				exampleNestedScopeCompile(51, 56),
+				exampleNestedScopeEmpty(57, 61),
+				exampleNestedScopeRuntime(45, 50),
+				exampleApiRuntime,
+				exampleScopeCompile,
+				exampleScopeEmpty,
+				exampleScopeRuntime,
+			},
+			wantDeps: []ftypes.Dependency{
+				{
+					ID: "com.example:inherit-scopes-in-children-from-root:0.0.1",
+					DependsOn: []string{
+						"org.example:example-nested-scope-compile:1.0.0",
+						"org.example:example-nested-scope-empty:1.0.0",
+						"org.example:example-nested-scope-runtime:1.0.0",
+					},
+				},
+				{
+					ID: "org.example:example-nested-scope-compile:1.0.0",
+					DependsOn: []string{
+						"org.example:example-scope-compile:2.0.0",
+					},
+				},
+				{
+					ID: "org.example:example-nested-scope-empty:1.0.0",
+					DependsOn: []string{
+						"org.example:example-scope-empty:2.0.0",
+					},
+				},
+				{
+					ID: "org.example:example-nested-scope-runtime:1.0.0",
+					DependsOn: []string{
+						"org.example:example-scope-runtime:2.0.0",
+					},
+				},
+				{
+					ID: "org.example:example-scope-runtime:2.0.0",
+					DependsOn: []string{
+						"org.example:example-api-runtime:3.0.0",
+					},
+				},
+			},
+		},
+		// [INFO] com.example:inherit-scopes-in-parents-from-root:jar:0.1.0
+		// [INFO] +- org.example:example-nested-scope-runtime:jar:1.0.0:runtime
+		// [INFO] |  \- org.example:example-scope-runtime:jar:2.0.0:compile
+		// [INFO] |     \- org.example:example-api-runtime:jar:3.0.0:runtime
+		// [INFO] +- org.example:example-nested-scope-compile:jar:1.0.0:compile
+		// [INFO] |  \- org.example:example-scope-compile:jar:2.0.0:runtime
+		// [INFO] |     \- org.example:example-api-compile:jar:3.0.0:test
+		// [INFO] \- org.example:example-nested-scope-empty:jar:1.0.0:test
+		// [INFO]    \- org.example:example-scope-empty:jar:2.0.0:test
+		// [INFO]       \- org.example:example-api-empty:jar:3.0.0:test
+		//
+		// `example-nested-*" dependencies and their parents contain `dependencyManagement` with changed scopes
+		// scopes from `dependencyManagement` of root pom are used in parent dependencies
+		{
+			name:      "inherit scopes in parent from root pom",
+			inputFile: filepath.Join("testdata", "inherit-scopes-in-parents-from-root", "pom.xml"),
+			local:     true,
+			want: []ftypes.Package{
+				{
+					ID:           "com.example:inherit-scopes-in-parents-from-root:0.1.0",
+					Name:         "com.example:inherit-scopes-in-parents-from-root",
+					Version:      "0.1.0",
+					Relationship: ftypes.RelationshipRoot,
+				},
+				exampleNestedScopeCompile(0, 0),
+				exampleNestedScopeRuntime(0, 0),
+				exampleApiRuntime,
+				exampleScopeCompile,
+				exampleScopeRuntime,
+			},
+			wantDeps: []ftypes.Dependency{
+				{
+					ID: "com.example:inherit-scopes-in-parents-from-root:0.1.0",
+					DependsOn: []string{
+						"org.example:example-nested-scope-compile:1.0.0",
+						"org.example:example-nested-scope-runtime:1.0.0",
+					},
+				},
+				{
+					ID: "org.example:example-nested-scope-compile:1.0.0",
+					DependsOn: []string{
+						"org.example:example-scope-compile:2.0.0",
+					},
+				},
+				{
+					ID: "org.example:example-nested-scope-runtime:1.0.0",
+					DependsOn: []string{
+						"org.example:example-scope-runtime:2.0.0",
+					},
+				},
+				{
+					ID: "org.example:example-scope-runtime:2.0.0",
+					DependsOn: []string{
+						"org.example:example-api-runtime:3.0.0",
+					},
+				},
+			},
+		},
+		//[INFO] com.example:root-pom-with-spaces:jar:1.0.0
+		//[INFO] \- org.example:example-nested:jar:3.3.3:compile
+		//[INFO]    \- org.example:example-dependency:jar:1.2.4:compile
+		//[INFO]       \- org.example:example-api:jar:2.0.0:compile
+		{
+			name:      "space at the start and/or end of the text nodes",
+			inputFile: filepath.Join("testdata", "with-spaces", "pom.xml"),
+			local:     true,
+			want: []ftypes.Package{
+				{
+					ID:           "com.example:root-pom-with-spaces:1.0.0",
+					Name:         "com.example:root-pom-with-spaces",
+					Version:      "1.0.0",
+					Relationship: ftypes.RelationshipRoot,
+				},
+				{
+					ID:           "org.example:example-nested:3.3.3",
+					Name:         "org.example:example-nested",
+					Version:      "3.3.3",
+					Relationship: ftypes.RelationshipDirect,
+					Locations: ftypes.Locations{
+						{
+							StartLine: 24,
+							EndLine:   28,
+						},
+					},
+				},
+				{
+					ID:           "org.example:example-api:2.0.0",
+					Name:         "org.example:example-api",
+					Version:      "2.0.0",
+					Licenses:     []string{"The Apache Software License, Version 2.0"},
+					Relationship: ftypes.RelationshipIndirect,
+				},
+				// dependency version is taken from `com.example:root-pom-with-spaces` from dependencyManagement
+				// not from `com.example:example-nested` from `com.example:example-nested`
+				{
+					ID:           "org.example:example-dependency:1.2.4",
+					Name:         "org.example:example-dependency",
+					Version:      "1.2.4",
+					Relationship: ftypes.RelationshipIndirect,
+				},
+			},
+			wantDeps: []ftypes.Dependency{
+				{
+					ID: "com.example:root-pom-with-spaces:1.0.0",
+					DependsOn: []string{
+						"org.example:example-nested:3.3.3",
+					},
+				},
+				{
+					ID: "org.example:example-dependency:1.2.4",
+					DependsOn: []string{
+						"org.example:example-api:2.0.0",
+					},
+				},
+				{
+					ID: "org.example:example-nested:3.3.3",
+					DependsOn: []string{
+						"org.example:example-dependency:1.2.4",
+					},
+				},
+			},
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
--- a/pkg/dependency/parser/java/pom/pom.go
+++ b/pkg/dependency/parser/java/pom/pom.go
@@ -23,11 +23,18 @@ type pom struct {
 	content  *pomXML
 }

-func (p *pom) inherit(result analysisResult) {
-	// Merge properties
-	p.content.Properties = utils.MergeMaps(result.properties, p.content.Properties)
+func (p *pom) nil() bool {
+	return p == nil || p.content == nil
+}

-	art := p.artifact().Inherit(result.artifact)
+func (p *pom) inherit(parent *pom) {
+	if parent == nil {
+		return
+	}
+	// Merge properties
+	p.content.Properties = utils.MergeMaps(parent.properties(), p.content.Properties)
+
+	art := p.artifact().Inherit(parent.artifact())

 	p.content.GroupId = art.GroupID
 	p.content.ArtifactId = art.ArtifactID
@@ -40,12 +47,12 @@ func (p *pom) inherit(result analysisResult) {
 	}
 }

-func (p pom) properties() properties {
+func (p *pom) properties() properties {
 	props := p.content.Properties
 	return utils.MergeMaps(props, p.projectProperties())
 }

-func (p pom) projectProperties() map[string]string {
+func (p *pom) projectProperties() map[string]string {
 	val := reflect.ValueOf(p.content).Elem()
 	props := p.listProperties(val)

@@ -73,7 +80,7 @@ func (p pom) projectProperties() map[string]string {
 	return projectProperties
 }

-func (p pom) listProperties(val reflect.Value) map[string]string {
+func (p *pom) listProperties(val reflect.Value) map[string]string {
 	props := make(map[string]string)
 	for i := 0; i < val.NumField(); i++ {
 		f := val.Type().Field(i)
@@ -106,17 +113,17 @@ func (p pom) listProperties(val reflect.Value) map[string]string {
 	return props
 }

-func (p pom) artifact() artifact {
+func (p *pom) artifact() artifact {
 	return newArtifact(p.content.GroupId, p.content.ArtifactId, p.content.Version, p.licenses(), p.content.Properties)
 }

-func (p pom) licenses() []string {
+func (p *pom) licenses() []string {
 	return slices.ZeroToNil(lo.FilterMap(p.content.Licenses.License, func(lic pomLicense, _ int) (string, bool) {
 		return lic.Name, lic.Name != ""
 	}))
 }

-func (p pom) repositories(servers []Server) ([]string, []string) {
+func (p *pom) repositories(servers []Server) ([]string, []string) {
 	logger := log.WithPrefix("pom")
 	var releaseRepos, snapshotRepos []string
 	for _, rep := range p.content.Repositories.Repository {
@@ -242,9 +249,11 @@ func (d pomDependency) Resolve(props map[string]string, depManagement, rootDepMa
 		if managed.Version != "" {
 			dep.Version = evaluateVariable(managed.Version, props, nil)
 		}
+
 		if managed.Scope != "" {
 			dep.Scope = evaluateVariable(managed.Scope, props, nil)
 		}
+
 		if managed.Optional {
 			dep.Optional = managed.Optional
 		}
@@ -287,7 +296,7 @@ func (d pomDependency) ToArtifact(opts analysisOptions) artifact {
 	}

 	var locations ftypes.Locations
-	if opts.lineNumber {
+	if d.StartLine != 0 && d.EndLine != 0 {
 		locations = ftypes.Locations{
 			{
 				StartLine: d.StartLine,
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Aqua Security automated builds	b7947b37ee	release: v0.57.1 [release/v0.57] (#7943 ) Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>	2024-11-18 10:51:29 +00:00
Aqua Security automated builds	cd0d1281bf	feat: Update registry fallbacks [backport: release/v0.57] (#7944 ) Co-authored-by: simar7 <1254783+simar7@users.noreply.github.com> Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>	2024-11-18 10:21:40 +00:00
Aqua Security automated builds	7dd70dcf3e	fix(redhat): don't return error if `root/buildinfo/content_manifests/` contains files that are not `contentSets` files [backport: release/v0.57] (#7939 ) Co-authored-by: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com> Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>	2024-11-18 09:30:47 +00:00
Aqua Security automated builds	3d537b908b	test: change branch in spdx schema link to check in integration tests [backport: release/v0.57] (#7940 ) Co-authored-by: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com>	2024-11-18 08:41:56 +00:00
Aqua Security automated builds	efec32669b	release: v0.57.0 [main] (#7710 )	2024-11-01 04:01:54 +00:00
Teppei Fukuda	7632625be2	chore: lint `errors.Join` (#7845 ) Signed-off-by: knqyf263 <knqyf263@gmail.com>	2024-10-31 12:08:47 +00:00
Teppei Fukuda	5e78b6c12f	feat(db): append errors (#7843 ) Signed-off-by: knqyf263 <knqyf263@gmail.com>	2024-10-31 10:41:02 +00:00
DmitriyLewen	dc44946881	docs(java): add info about supported scopes (#7842 )	2024-10-31 09:41:24 +00:00
Nikita Pivkin	7654b2e27e	docs: add example of creating whitelist of checks (#7821 ) Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>	2024-10-31 09:04:52 +00:00
simar7	194d4abb03	chore(deps): Bump trivy-checks (#7819 )	2024-10-31 06:37:21 +00:00
Rutam Prita Mishra	e872ec006c	fix(go): Do not trim v prefix from versions in Go Mod Analyzer (#7733 ) Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>	2024-10-31 06:03:22 +00:00
afdesk	78827768a6	fix(k8s): skip resources without misconfigs (#7797 )	2024-10-31 01:14:56 +00:00
DmitriyLewen	f2bb9c6227	fix(sbom): use `Annotation` instead of `AttributionTexts` for `SPDX` formats (#7811 )	2024-10-30 10:32:40 +00:00
Nikita Pivkin	b661d680ff	fix(cli): add config name to skip-policy-update alias (#7820 ) Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>	2024-10-30 10:16:02 +00:00
Nikita Pivkin	6fab88dd56	fix(helm): properly handle multiple archived dependencies (#7782 ) Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>	2024-10-29 22:47:26 +00:00
simar7	c70b6fa166	refactor(misconf): Deprecate `EXCEPTIONS` for misconfiguration scanning (#7776 ) Signed-off-by: Simar <simar@linux.com>	2024-10-29 22:29:42 +00:00
smtan-gl	c434775923	fix(k8s)!: support k8s multi container (#7444 ) Co-authored-by: afdesk <work@afdesk.com>	2024-10-29 07:26:28 +00:00
afdesk	7a4f4d8b12	fix(k8s): support kubernetes v1.31 (#7810 )	2024-10-29 07:08:13 +00:00
okamototk	63dd3d65a3	docs: add Windows install instructions (#7800 )	2024-10-28 06:26:13 +00:00
afdesk	a16b830e00	ci(helm): auto public Helm chart after PR merged (#7526 )	2024-10-25 06:07:30 +00:00
dean	ad3c09e006	feat: add end of life date for Ubuntu 24.10 (#7787 )	2024-10-25 06:02:00 +00:00
Aaron Goldenthal	c0d79fa09e	feat(report): update gitlab template to populate operating_system value (#7735 )	2024-10-24 07:24:02 +00:00
simar7	f75c0d1f00	feat(misconf): Show misconfig ID in output (#7762 )	2024-10-23 18:54:29 +00:00
Nikita Pivkin	9514148767	feat(misconf): export unresolvable field of IaC types to Rego (#7765 ) Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>	2024-10-21 20:55:12 +00:00
afdesk	010b213806	refactor(k8s): scan config files as a folder (#7690 )	2024-10-21 18:25:54 +00:00
Pierre Baumard	f6acdf7139	fix(license): fix license normalization for Universal Permissive License (#7766 )	2024-10-21 09:38:35 +00:00
Matthieu MOREL	57e24aa853	fix: enable usestdlibvars linter (#7770 ) Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>	2024-10-21 09:06:50 +00:00
Nikita Pivkin	8d5dbc9fec	fix(misconf): properly expand dynamic blocks (#7612 ) Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io> Co-authored-by: Simar <simar@linux.com>	2024-10-19 00:58:51 +00:00
Johannes Feichtner	c225883649	feat(cyclonedx): add file checksums to `CycloneDX` reports (#7507 ) Co-authored-by: knqyf263 <knqyf263@gmail.com>	2024-10-18 07:10:46 +00:00
Nikita Pivkin	35fd018ae7	fix(misconf): fix for Azure Storage Account network acls adaptation (#7602 ) Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>	2024-10-18 04:45:24 +00:00
Nikita Pivkin	cd44bb48f8	refactor(misconf): simplify k8s scanner (#7717 ) Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>	2024-10-17 21:50:12 +00:00
Samuel Gaist	a7baa93b00	feat(parser): ignore white space in pom.xml files (#7747 ) Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>	2024-10-17 09:35:09 +00:00
Teppei Fukuda	922949a43e	test: use forked images (#7755 ) Signed-off-by: knqyf263 <knqyf263@gmail.com>	2024-10-17 08:12:44 +00:00
DmitriyLewen	778df828ea	fix(java): correctly inherit `version` and `scope` from upper/root `depManagement` and `dependencies` into parents (#7541 ) Signed-off-by: knqyf263 <knqyf263@gmail.com> Co-authored-by: knqyf263 <knqyf263@gmail.com>	2024-10-17 06:54:12 +00:00
Nikita Pivkin	c8c14d3624	fix(misconf): check if property is not nil before conversion (#7578 ) Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>	2024-10-17 03:40:14 +00:00
Nikita Pivkin	9da84f54fa	fix(misconf): change default ACL of digitalocean_spaces_bucket to private (#7577 ) Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>	2024-10-17 03:39:58 +00:00
Nikita Pivkin	2eaa17e071	feat(misconf): ssl_mode support for GCP SQL DB instance (#7564 ) Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>	2024-10-17 02:29:39 +00:00
Teppei Fukuda	bcfc37bb16	test: define constants for test images (#7739 ) Signed-off-by: knqyf263 <knqyf263@gmail.com> Co-authored-by: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com>	2024-10-16 23:41:59 +00:00
Nikita Pivkin	83e5b83acc	docs: add note about disabled DS016 check (#7724 ) Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>	2024-10-16 04:31:20 +00:00
Nikita Pivkin	ad914123c4	feat(misconf): public network support for Azure Storage Account (#7601 ) Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>	2024-10-16 04:15:17 +00:00
Teppei Fukuda	633a7abeea	feat(cli): rename `trivy auth` to `trivy registry` (#7727 ) Signed-off-by: knqyf263 <knqyf263@gmail.com>	2024-10-15 11:24:10 +00:00
Simon Deziel	31aa20ab90	docs: apt-transport-https is a transitional package (#7678 ) Signed-off-by: Simon Deziel <simon@sdeziel.info>	2024-10-14 04:45:56 +00:00
Nikita Pivkin	c78f45b4a7	refactor(misconf): introduce generic scanner (#7515 ) Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>	2024-10-11 04:40:13 +00:00
Teppei Fukuda	672e886aed	fix(cli): `clean --all` deletes only relevant dirs (#7704 ) Signed-off-by: knqyf263 <knqyf263@gmail.com>	2024-10-10 11:02:06 +00:00
Teppei Fukuda	27117f81d5	feat(cli): add `trivy auth` (#7664 ) Signed-off-by: knqyf263 <knqyf263@gmail.com> Co-authored-by: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com>	2024-10-09 10:31:15 +00:00
Teppei Fukuda	1f2e91b02b	fix(sbom): add options for DBs in private registries (#7660 ) Signed-off-by: knqyf263 <knqyf263@gmail.com>	2024-10-09 05:53:27 +00:00
Pierre Baumard	55b5a7e01b	docs(report): fix reporting doc format (#7671 )	2024-10-08 17:01:49 +00:00
Dan Kirkwood	fdf203cd20	fix(repo): `git clone` output to Stderr (#7561 )	2024-10-08 05:04:06 +00:00
Teppei Fukuda	a585e95f33	fix(redhat): include arch in PURL qualifiers (#7654 ) Signed-off-by: knqyf263 <knqyf263@gmail.com>	2024-10-07 12:03:40 +00:00
Pierre Baumard	015bb885ac	fix(report): Fix invalid URI in SARIF report (#7645 ) Co-authored-by: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com>	2024-10-07 11:31:59 +00:00
Pierre Baumard	ab3a3b2e6e	docs(report): Improve SARIF reporting doc (#7655 )	2024-10-07 07:41:01 +00:00
Nikita Pivkin	2c87f0cb79	fix(db): fix javadb downloading error handling (#7642 ) Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>	2024-10-03 12:11:58 +00:00
Samuel Gaist	cb0b3a9279	feat(cli): error out when ignore file cannot be found (#7624 )	2024-10-03 04:56:59 +00:00