trivy was updated to fix the following issues: Update to version 0.54.1: fix(flag): incorrect behavior for deprected flag –clear-cache [backport: release/v0.54] (#7285) fix(java): Return error when trying to find a remote pom to avoid segfault [backport: release/v0.54] (#7283) fix(plugin): do not call GitHub content API for releases and tags [backport: release/v0.54] (#7279) release: v0.54.0 [main] (#7075) docs: update ecosystem page reporting with plopsec.com app (#7262) feat(vex): retrieve VEX attestations from OCI registries (#7249) feat(sbom): add image labels into SPDX and CycloneDX reports (#7257) refactor(flag): return error if both –download-db-only and –download-java-db-only are specified (#7259) fix(nodejs): detect direct dependencies when using latest version for files yarn.lock + package.json (#7110) chore: show VEX notice for OSS maintainers in CI environments (#7246) feat(vuln): add –pkg-relationships (#7237) docs: show VEX cli pages + update config file page for VEX flags (#7244) fix(dotnet): show nuget package dir not found log only when checking nuget packages (#7194) feat(vex): VEX Repository support (#7206) fix(secret): skip regular strings contain secret patterns (#7182) feat: share build-in rules (#7207) fix(report): hide empty table when all secrets/license/misconfigs are ignored (#7171) fix(cli): error on missing config file (#7154) fix(secret): update length of hugging-face-access-token (#7216) feat(sbom): add vulnerability support for SPDX…Read More