Spec URL: https://gotmax23.fedorapeople.org/reviews/trivy/trivy.spec SRPM URL: https://gotmax23.fedorapeople.org/reviews/trivy/trivy-0.50.0-1.fc39.src.rpm Description: Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more. Koji scratch build: https://koji.fedoraproject.org/koji/taskinfo?taskID=115618630
I will take this review.
There don't seem to be any golang packaging guidelines, which surprises me, so I'm doing my best to understand and review properly below. Please excuse me if I make an ignorant comment. The review is so long that bugzilla won't let me paste it all, so I will split it across multiple comments. Package Review ============== Legend: [x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated Issues: ======= - There is an awful lot of bundling going on. Is that typical for the golang ecosystem? - I am attempting to see if the License field in the spec file matches the actual licenses in play. It's a bit of a challenge. There is no comment in the spec file nor any kind of README describing the license breakdown. That would help a lot. See the following questions. - Many files under vendor/modernc.org/libc contain one or both of LGPL-2.1-or-later and GPL-3.0-or-later declarations, but I don't see either license in the License field. Should they appear there? - vendor/github.com/rcrowley/go-metrics/LICENSE is BSD-2-Clause-Views, not BSD-2-Clause, but I don't see that in License. - Some files additionally have lines that read: // SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note I don't know if we are obligated to list notes, or if we only worry about exceptions in Fedora. The files: - vendor/modernc.org/libc/sys/socket/socket_linux_arm.go - vendor/modernc.org/libc/sys/socket/socket_linux_arm64.go - vendor/modernc.org/libc/sys/socket/socket_linux_riscv64.go - What do you make of the license declaration at the top of vendor/golang.org/x/crypto/chacha20/chacha_ppc64le.s? Is that file included in the build on ppc64le? - vendor/github.com/alecthomas/chroma/formatters/svg/font_liberation_mono.go contains an encoding of a font under the OFL-1.1-RFN license, which does not appear in License. - See the complaint below about unowned directories. This is not an error. The directory /usr/share/licenses/trivy/vendor/github.com/kylelemons, for example, is not owned by this package, but contains another directory that is. - See the non-executable-script rpmlint warnings below. Please either remove the shebangs from those files or make them executable. - Notice the invalid-url rpmlint warning for Source0. The URL is missing "https:" at the beginning. Is this a weakness of %gourl? Is something missing from the spec file that would cause that to appear? - Note that unused-direct-shlib-dependency warning for /usr/bin/trivy. It depends, uselessly, on libresolv.so.2. Does that mean /usr/bin/trivy was linked without --as-needed? - Version 0.50.1 has been released, FYI. ===== MUST items ===== C/C++: [x]: Provides: bundled(gnulib) in place as required. Note: Sources not installed [x]: Package does not contain kernel modules. [x]: Package does not contain any libtool archives (.la) [x]: Package contains no static executables. [x]: Rpath absent or only used for internal libs. Generic: [x]: Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. [!]: License field in the package spec file matches the actual license. Note: There is no build directory. Running licensecheck on vanilla upstream sources. Licenses found: "Unknown or generated", "*No copyright* Apache License 2.0", "Apache License 2.0", "BSD 3-Clause License", "MIT License", "*No copyright* MIT License", "BSD 2-Clause License", "Apache License 2.0 and/or MIT License", "BSD 3-Clause License and/or MIT License", "*No copyright* GNU Lesser General Public License", "*No copyright* The Unlicense", "*No copyright* Apache License 2.0 and/or Creative Commons Attribution 4.0", "ISC License", "Apache License 2.0 and/or Creative Commons Attribution 4.0", "BSD 2-Clause License and/or ISC License", "*No copyright* Mozilla Public License 2.0", "Mozilla Public License 2.0", "Apache License 2.0 and/or BSD 3-Clause License", "BSD 2-Clause with views sentence", "*No copyright* Creative Commons Attribution 4.0", "Apple Public Source License 2.0", "*No copyright* Public domain", "*No copyright* Apache License 2.0 and/or Public domain", "GNU Lesser General Public License v2.1 or later", "BSD 2-Clause License and/or BSD 2-clause FreeBSD License and/or BSD 3-Clause License", "BSD 3-Clause License and/or GNU Lesser General Public License v2.1 or later", "*No copyright* BSD 2-Clause License", "BSD 2-Clause License and/or BSD 2-clause FreeBSD License", "BSD 2-clause NetBSD License", "BSD-4-Clause (University of California-Specific) and/or GNU General Public License v3.0 or later", "BSD 3-Clause License and/or Public domain", "GNU General Public License v3.0 or later and/or GNU General Public License, Version 2 and/or GNU Lesser General Public License v2.1 or later", "GNU General Public License v3.0 or later and/or GNU Lesser General Public License v2.1 or later", "GNU General Public License v3.0 or later and/or Public domain", "BSD 2-Clause License and/or BSD 2-clause NetBSD License", "Apple Public Source License 2.0 and/or BSD 3-Clause License", "*No copyright* BSD 3-Clause License", "GNU Lesser General Public License v2.1 or later [generated file]", "BSD 2-Clause License and/or BSD 2-clause NetBSD License and/or BSD 3-Clause License", "MIT License and/or Public domain", "Apache License 2.0 and/or MIT License and/or Public domain", "BSD 2-Clause License and/or BSD 3-Clause License", "OpenSSL License", "Apache License 2.0 [generated file]", "*No copyright* GNU General Public License, Version 2", "GNU General Public License, Version 2", "SIL Open Font License 1.1", "*No copyright* Boost Software License 1.0", "Mozilla Public License 2.0 [generated file]", "*No copyright* Academic Free License v1.1", "*No copyright* Academic Free License v1.2", "*No copyright* Academic Free License v2.0", "*No copyright* Academic Free License v2.1", "*No copyright* Academic Free License v3.0", "*No copyright* GNU Affero General Public License v3.0 or later", "Apple Public Source License 1.0", "Apple Public Source License 1.1", "Apple Public Source License 1.2", "*No copyright* Apple Public Source License 2.0", "*No copyright* BitTorrent Open Source License v1.1", "*No copyright* Common Development and Distribution License", "*No copyright* Common Public Attribution License 1.0", "*No copyright* GNU General Public License v1.0 or later", "*No copyright* GNU General Public License v2.0 or later", "*No copyright* GNU General Public License", "GNU General Public License v2.0 only", "*No copyright* GNU General Public License v3.0 or later", "*No copyright* GNU General Public License, Version 3", "*No copyright* GNU Library General Public License v2 or later", "*No copyright* GNU Library General Public License, Version 2.0", "*No copyright* GNU Lesser General Public License v2.1 or later", "*No copyright* GNU Lesser General Public License, Version 2.1", "GNU General Public License, Version 3 and/or GNU Lesser General Public License, Version 2.1", "GNU Lesser General Public License, Version 2.1", "*No copyright* GNU Lesser General Public License v3.0 or later", "*No copyright* GNU Lesser General Public License, Version 3", "*No copyright* Mozilla Public License 1.0", "*No copyright* Mozilla Public License 1.1", "*No copyright* Open Software License 3.0", "*No copyright* OpenSSL License", "Sun Industry Standards Source License v1.2", "*No copyright* W3C License", "Academic Free License v3.0", "Affero General Public License v1.0", "GNU Affero General Public License v3.0", "Apple MIT License", "Academy of Motion Picture Arts and Sciences BSD", "*No copyright* ANTLR Software Rights Notice", "*No copyright* Apple Public Source License 1.0", "*No copyright* Apple Public Source License 1.1", "*No copyright* Apple Public Source License 1.2", "Apache License 1.0 and/or BSD 4-Clause License", "Apache License 1.1", "*No copyright* Artistic License 1.0", "*No copyright* Artistic License 1.0 (Perl)", "*No copyright* Artistic-1.0-cl8", "*No copyright* BSD 0-Clause License", "*No copyright* BSD 2-Clause License and/or BSD 2-clause FreeBSD License", "*No copyright* BSD 2-Clause License and/or BSD 2-clause NetBSD License", "*No copyright* BSD 2-Clause Plus Patent License", "*No copyright* Apache License 1.0 and/or BSD 3-Clause License", "BSD 3-Clause License and/or Lawrence Berkeley National Labs BSD variant license", "*No copyright* BSD 4-Clause License", "Apache License 1.1 and/or BSD 3-Clause License and/or Vovida Software License v1.0", "*No copyright* BSD-4-Clause (University of California-Specific)", "*No copyright* Beerware License", "*No copyright* NTP License", "*No copyright* Cryptographic Autonomy License 1.0", "*No copyright* Creative Commons Attribution 1.0 Generic", "*No copyright* Creative Commons Attribution 2.0", "*No copyright* Creative Commons Attribution 2.5", "Creative Commons Attribution 4.0", "Creative Commons Attribution-NonCommercial 1.0", "*No copyright* Creative Commons Attribution-NonCommercial 2.0", "*No copyright* Creative Commons Attribution-NonCommercial 2.5", "Creative Commons Attribution- NonCommercial 4.0", "Creative Commons Attribution-NoDerivs- NonCommercial 1.0", "*No copyright* Creative Commons Attribution- NonCommercial-NoDerivs 2.0", "*No copyright* Creative Commons Attribution-NonCommercial-NoDerivs 2.5", "Creative Commons Attribution-NonCommercial-NoDerivatives 4.0", "Creative Commons Attribution-NonCommercial-ShareAlike 1.0", "*No copyright* Creative Commons Attribution-NonCommercial-ShareAlike 2.0", "*No copyright* Creative Commons Attribution-NonCommercial-ShareAlike 2.5", "Creative Commons Attribution-NonCommercial-ShareAlike 4.0", "*No copyright* Creative Commons Attribution-NoDerivs 1.0", "*No copyright* Creative Commons Attribution-NoDerivs 2.0", "*No copyright* Creative Commons Attribution-NoDerivs 2.5", "Creative Commons Attribution-NoDerivatives 4.0", "*No copyright* Creative Commons Attribution-ShareAlike 1.0", "*No copyright* Creative Commons Attribution-ShareAlike 2.0", "*No copyright* Creative Commons Attribution-ShareAlike 2.5", "Creative Commons Attribution-ShareAlike 4.0", "*No copyright* Creative Commons CC0 1.0", "*No copyright* CeCILL Free Software License Agreement v2.1", "*No copyright* MIT No Attribution", "CNRI Python Open Source GPL Compatible License Agreement", "*No copyright* Common Public License 1.0", "DBAD Public License v1.1", "*No copyright* Eclipse Public License 1.0", "*No copyright* Eclipse Public License 2.0", "European Union Public License, Version 1.0", "European Union Public License, Version 1.1", "*No copyright* Apache License 1.1", "Freetype Project License", "*No copyright* FSF All Permissive License", "GNU General Public License, Version 3", "*No copyright* LaTeX Project Public License 1.3c", "Lawrence Berkeley National Labs BSD variant license", "*No copyright* Historical Permission Notice and Disclaimer - sell variant and/or NTP License (legal disclaimer)", "ICU License", "*No copyright* IBM Public License v1.0", "*No copyright* ISC License", "JSON License and/or MIT License", "*No copyright* libpng License", "Khronos License", "GNU Library General Public License, Version 2.0", "GNU Lesser General Public License, Version 3", "LaTeX Project Public License 1.3c", "libpng License", "*No copyright* Standard ML of New Jersey License", "*No copyright* BSD 1-Clause License", "*No copyright* MIT (old)", "Microsoft Public License", "Microsoft Reciprocal License", "*No copyright* University of Illinois/NCSA Open Source License", "Nethack General Public License", "Netscape Public License v1.0", "Netscape Public License v1.1", "*No copyright* SIL Open Font License 1.1", "*No copyright* Open Software License 1.0", "*No copyright* Open Software License 1.1", "*No copyright* Open Software License 2.0", "*No copyright* Open Software License 2.1", "Open Software License 3.0", "*No copyright* Apache License 1.0 and/or OpenSSL License", "OpenSSL License and/or SSLeay", "mit_openvision", "PHP License v3.0", "PHP License v3.01", "NTP License", "*No copyright* PostgreSQL License", "Python Software Foundation License 2.0", "Q Public License 1.0", "*No copyright* Ruby License", "*No copyright* SGI Free Software License B v1.0", "*No copyright* SGI Free Software License B v1.1", "SGI Free Software License B v2.0", "*No copyright* Sun Industry Standards Source License v1.1", "*No copyright* Sun Industry Standards Source License v1.2", "BSD 3-Clause License and/or Sleepycat License", "Universal Permissive License v1.0", "*No copyright* Unicode License Agreement - Data Files and Software (2015)", "Unicode License Agreement - Data Files and Software (2015)", "*No copyright* Unicode License Agreement - Data Files and Software (2016)", "Unicode License Agreement - Data Files and Software (2016)", "Unicode Terms of Use", "*No copyright* W3C Software Notice and License (2002-12-31)", "W3C Software Notice and License (1998-07-20)", "W3C Software and Document Notice and License (2015-05-13)", "Do What The Fuck You Want To Public License, Version 2", "WordNet License", "X11 License", "*No copyright* MIT License and/or X.Net License", "Zope Public License 2.0", "*No copyright* Zope Public License 2.1", "Zend License v2.0", "*No copyright* zlib License", "curl License", "Public domain", "*No copyright* libtiff License", "Unicode strict", "GNU General Public License and/or GNU Library General Public License v2 or later", "zlib/libpng License with Acknowledgement", "Artistic License". 12710 files have unknown license. Detailed output of licensecheck in /home/jamesjer/2272258-trivy/licensecheck.txt I am not confident that the License field is accurate. See the questions above. [x]: License file installed when any subpackage combination is installed. [!]: If the package is under multiple licenses, the licensing breakdown must be documented in the spec. It is not documented. [!]: Package requires other packages for directories it uses. Note: No known owner of /usr/share/licenses/trivy/vendor/github.com/kylelemons, /usr/share/licenses/trivy/vendor/sigs.k8s.io/kustomize/kyaml/internal/forked/github.com/go- yaml, /usr/share/licenses/trivy/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp, /usr/share/licenses/trivy/vendor/github.com/docker/go-units, /usr/share/licenses/trivy/vendor/github.com/moby/spdystream, /usr/share/licenses/trivy/vendor/github.com/hashicorp/hcl/v2, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/sso, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/accessanalyzer, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/rds, /usr/share/licenses/trivy/vendor/github.com/beorn7, /usr/share/licenses/trivy/vendor/github.com/beorn7/perks, /usr/share/licenses/trivy/vendor/github.com/AzureAD, /usr/share/licenses/trivy/vendor/github.com/mxk, /usr/share/licenses/trivy/pkg/iac, /usr/share/licenses/trivy/vendor/go.opentelemetry.io/contrib, /usr/share/licenses/trivy/vendor/github.com/jbenet/go-context, /usr/share/licenses/trivy/vendor/github.com/go-git/go-billy/v5, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk-go-v2/feature, /usr/share/licenses/trivy/vendor/github.com/dlclark, /usr/share/licenses/trivy/vendor/github.com/spdx, /usr/share/licenses/trivy/vendor/github.com/modern-go, /usr/share/licenses/trivy/vendor/github.com/subosito/gotenv, /usr/share/licenses/trivy/vendor/github.com/spf13/afero, /usr/share/licenses/trivy/vendor/github.com/vbatts/tar-split, /usr/share/licenses/trivy/vendor/github.com/cenkalti/backoff, /usr/share/licenses/trivy/vendor/gopkg.in/yaml.v3, /usr/share/licenses/trivy/vendor/github.com/cespare, /usr/share/licenses/trivy/vendor/github.com/golang-jwt/jwt/v5, /usr/share/licenses/trivy/vendor/google.golang.org/grpc, /usr/share/licenses/trivy/vendor/github.com/quasilyte/go-ruleguard, /usr/share/licenses/trivy/vendor/github.com/moby/buildkit, /usr/share/licenses/trivy/vendor/github.com/quasilyte/go- ruleguard/dsl, /usr/share/licenses/trivy/vendor/github.com/subosito, /usr/share/licenses/trivy/vendor/github.com/golang-jwt/jwt, /usr/share/licenses/trivy/vendor/github.com/owenrumney/go-sarif, /usr/share/licenses/trivy/vendor/github.com/tchap, /usr/share/licenses/trivy/vendor/github.com/sergi/go-diff, /usr/share/licenses/trivy/vendor/github.com/aws/smithy-go, /usr/share/licenses/trivy/vendor/google.golang.org, /usr/share/licenses/trivy/vendor/github.com/exponent-io, /usr/share/licenses/trivy/vendor/github.com/go- openapi/runtime/middleware/denco, /usr/share/licenses/trivy/vendor/github.com/shopspring/decimal, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/eks, /usr/share/licenses/trivy/vendor/github.com/Azure/go-autorest/logger, /usr/share/licenses/trivy/vendor/github.com/microsoft, /usr/share/licenses/trivy/vendor/k8s.io/kube- openapi/pkg/internal/third_party/go-json-experiment, /usr/share/licenses/trivy/vendor/github.com/alecthomas/chroma, /usr/share/licenses/trivy/vendor/github.com/remyoudompheng/bigfft, /usr/share/licenses/trivy/vendor/github.com/mitchellh/mapstructure, /usr/share/licenses/trivy/vendor/github.com/docker/distribution, /usr/share/licenses/trivy/vendor/github.com/antchfx/htmlquery, /usr/share/licenses/trivy/vendor/github.com/spf13/cobra, /usr/share/licenses/trivy/vendor/github.com/klauspost/compress/zstd/internal/xxhash, /usr/share/licenses/trivy/vendor/github.com/Azure/azure-sdk-for- go/sdk/azcore, /usr/share/licenses/trivy/vendor/k8s.io/apimachinery, /usr/share/licenses/trivy/vendor/sigs.k8s.io/json, /usr/share/licenses/trivy/vendor/github.com/hashicorp/golang-lru/v2, /usr/share/licenses/trivy/vendor/github.com/imdario/mergo, /usr/share/licenses/trivy/vendor/github.com/cenkalti, /usr/share/licenses/trivy/vendor/github.com/containerd, /usr/share/licenses/trivy/vendor/k8s.io/client- go/third_party/forked/golang, /usr/share/licenses/trivy/vendor/github.com/agnivade/levenshtein, /usr/share/licenses/trivy/vendor/github.com/aquasecurity, /usr/share/licenses/trivy/vendor/github.com/klauspost/compress/zstd, /usr/share/licenses/trivy/vendor/github.com/felixge/httpsnoop, /usr/share/licenses/trivy/vendor/github.com/chai2010/gettext-go, /usr/share/licenses/trivy/vendor/github.com/tchap/go-patricia/v2, /usr/share/licenses/trivy/vendor/github.com/aquasecurity/bolt- fixtures, /usr/share/licenses/trivy/vendor/github.com/xeipuuv, /usr/share/licenses/trivy/vendor/github.com/open-policy-agent, /usr/share/licenses/trivy/vendor/github.com/golang-jwt/jwt/v4, /usr/share/licenses/trivy/vendor/github.com/cpuguy83/go-md2man, /usr/share/licenses/trivy/vendor/github.com/distribution, /usr/share/licenses/trivy/vendor/github.com/emirpasic, /usr/share/licenses/trivy/vendor/github.com/pkg/errors, /usr/share/licenses/trivy/vendor/oras.land, /usr/share/licenses/trivy/vendor/github.com/go-openapi/loads, /usr/share/licenses/trivy/vendor/go.opentelemetry.io, /usr/share/licenses/trivy/vendor/github.com/knqyf263/go-deb-version, /usr/share/licenses/trivy/vendor/github.com/masahiro331/go-disk, /usr/share/licenses/trivy/vendor/github.com/cpuguy83/go-md2man/v2, /usr/share/licenses/trivy/vendor/github.com/openvex, /usr/share/licenses/trivy/vendor/github.com/rivo/uniseg, /usr/share/licenses/trivy/vendor/github.com/open-policy- agent/opa/internal/providers/aws, /usr/share/licenses/trivy/vendor/sigs.k8s.io/yaml/goyaml.v2, /usr/share/licenses/trivy/vendor/github.com/magiconair/properties, /usr/share/licenses/trivy/vendor/github.com/magefile/mage, /usr/share/licenses/trivy/vendor/github.com/aquasecurity/tml, /usr/share/licenses/trivy/vendor/github.com/evanphx, /usr/share/licenses/trivy/vendor/github.com/go-git/go-billy, /usr/share/licenses/trivy/vendor/github.com/davecgh/go-spew, /usr/share/licenses/trivy/vendor/cloud.google.com/go/internal/version, /usr/share/licenses/trivy/vendor/github.com/mitchellh/go-wordwrap, /usr/share/licenses/trivy/vendor/github.com/stretchr/objx, /usr/share/licenses/trivy/vendor/github.com/hashicorp/terraform-json, /usr/share/licenses/trivy/vendor/github.com/apparentlymart/go- textseg/v15, /usr/share/licenses/trivy/vendor/github.com/containerd/fifo, /usr/share/licenses/trivy/vendor/github.com/masahiro331/go-xfs- filesystem, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/internal/sync/singleflight, /usr/share/licenses/trivy/vendor/github.com/sosedoff, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/internal/presigned-url, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk-go/internal, /usr/share/licenses/trivy/vendor/k8s.io/kubectl/pkg/util, /usr/share/licenses/trivy/vendor/github.com/pkg, /usr/share/licenses/trivy/vendor/github.com/rcrowley, /usr/share/licenses/trivy/vendor/modernc.org/strutil, /usr/share/licenses/trivy/vendor/github.com/fsnotify, /usr/share/licenses/trivy/vendor/github.com/google/gnostic-models, /usr/share/licenses/trivy/vendor/github.com/aquasecurity/trivy-db, /usr/share/licenses/trivy/vendor/github.com/spf13/viper, /usr/share/licenses/trivy/vendor/google.golang.org/genproto/googleapis/rpc, /usr/share/licenses/trivy/vendor/k8s.io/cli-runtime, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/feature/ec2, /usr/share/licenses/trivy/vendor/github.com/Azure/go-autorest/tracing, /usr/share/licenses/trivy/vendor/github.com/hashicorp/go-version, /usr/share/licenses/trivy/vendor/github.com/Azure/go- autorest/autorest/date, /usr/share/licenses/trivy/vendor/github.com/bgentry/go-netrc, /usr/share/licenses/trivy/vendor/github.com/kevinburke/ssh_config, /usr/share/licenses/trivy/vendor/github.com/AdaLogics, /usr/share/licenses/trivy/vendor/github.com/lib, /usr/share/licenses/trivy/vendor/github.com/apparentlymart, /usr/share/licenses/trivy/vendor/github.com/asaskevich, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/internal/checksum, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go/internal/sync/singleflight, /usr/share/licenses/trivy/vendor/github.com/go-git/gcfg, /usr/share/licenses/trivy/vendor/k8s.io/component-base, /usr/share/licenses/trivy/vendor/github.com/go-redis, /usr/share/licenses/trivy/vendor/github.com/aws/smithy- go/internal/sync, /usr/share/licenses/trivy/vendor/k8s.io/utils, /usr/share/licenses/trivy/vendor/github.com/alicebob, /usr/share/licenses/trivy/vendor/github.com/cpuguy83, /usr/share/licenses/trivy/vendor/k8s.io/klog, /usr/share/licenses/trivy/vendor/github.com/goccy, /usr/share/licenses/trivy/vendor/github.com/Masterminds/semver/v3, /usr/share/licenses/trivy/vendor/github.com/sirupsen/logrus, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/ssooidc, /usr/share/licenses/trivy/vendor/k8s.io/apimachinery/third_party/forked/golang, /usr/share/licenses/trivy/vendor/github.com/remyoudompheng, /usr/share/licenses/trivy/vendor/golang.org/x/mod, /usr/share/licenses/trivy/vendor/lukechampine.com/uint128, /usr/share/licenses/trivy/vendor/github.com/go- openapi/runtime/middleware, /usr/share/licenses/trivy/vendor/github.com/apparentlymart/go-cidr, /usr/share/licenses/trivy/vendor/github.com/liggitt, /usr/share/licenses/trivy/vendor/github.com/tetratelabs, /usr/share/licenses/trivy/vendor/github.com/hashicorp/go-cleanhttp, /usr/share/licenses/trivy/vendor/golang.org/x/exp, /usr/share/licenses/trivy/pkg/iac/scanners, /usr/share/licenses/trivy/vendor/github.com/open-policy- agent/opa/internal, /usr/share/licenses/trivy/vendor/github.com/hashicorp/terraform-exec, /usr/share/licenses/trivy/vendor/github.com/gorilla/mux, /usr/share/licenses/trivy/vendor/github.com/sosedoff/gitkit, /usr/share/licenses/trivy/vendor/github.com/Masterminds/sprig, /usr/share/licenses/trivy/vendor/github.com/prometheus/client_golang, /usr/share/licenses/trivy/vendor/github.com/moby/sys/signal, /usr/share/licenses/trivy/vendor/sigs.k8s.io/kustomize/kyaml/internal/forked/github.com/go- yaml/yaml, /usr/share/licenses/trivy/vendor/github.com/gosuri/uitable/util/wordwrap, /usr/share/licenses/trivy/vendor/github.com/kylelemons/godebug, /usr/share/licenses/trivy/vendor/k8s.io/kube-openapi/pkg, /usr/share/licenses/trivy/vendor/golang.org/x/term, /usr/share/licenses/trivy/vendor/github.com/googleapis/gax-go/v2, /usr/share/licenses/trivy/vendor/github.com/mitchellh, /usr/share/licenses/trivy/vendor/golang.org/x/xerrors, /usr/share/licenses/trivy/vendor/github.com/dlclark/regexp2, /usr/share/licenses/trivy/vendor/github.com/hashicorp/go- retryablehttp, /usr/share/licenses/trivy/vendor/github.com/klauspost, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/s3, /usr/share/licenses/trivy/vendor/github.com/Microsoft/hcsshim, /usr/share/licenses/trivy/vendor/github.com/mitchellh/copystructure, /usr/share/licenses/trivy/vendor/go.opencensus.io, /usr/share/licenses/trivy/vendor/sigs.k8s.io/yaml, /usr/share/licenses/trivy/vendor/github.com/go-openapi/jsonreference, /usr/share/licenses/trivy/vendor/github.com/exponent-io/jsonpath, /usr/share/licenses/trivy/vendor/github.com/mattn/go-shellwords, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk-go-v2/aws, /usr/share/licenses/trivy/vendor/golang.org/x/crypto, /usr/share/licenses/trivy/vendor/github.com/prometheus/client_model, /usr/share/licenses/trivy/vendor/github.com/gorilla, /usr/share/licenses/trivy/vendor/github.com/ProtonMail/go-crypto, /usr/share/licenses/trivy/vendor/go.opentelemetry.io/contrib/instrumentation/net/http, /usr/share/licenses/trivy/vendor/golang.org/x/sync, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/aws/protocol, /usr/share/licenses/trivy/vendor/github.com/hashicorp/golang-lru, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/kinesis, /usr/share/licenses/trivy/vendor/sigs.k8s.io/kustomize/kyaml/internal, /usr/share/licenses/trivy/vendor/github.com/Masterminds, /usr/share/licenses/trivy/vendor/github.com/aquasecurity/table, /usr/share/licenses/trivy/vendor/github.com/dustin, /usr/share/licenses/trivy/vendor/github.com/mattn/go-colorable, /usr/share/licenses/trivy/vendor/github.com/gogo, /usr/share/licenses/trivy/vendor/github.com/AdamKorcz, /usr/share/licenses/trivy/vendor/github.com/jbenet, /usr/share/licenses/trivy/vendor/github.com/containerd/stargz- snapshotter, /usr/share/licenses/trivy/vendor/github.com/skeema, /usr/share/licenses/trivy/vendor/modernc.org/cc, /usr/share/licenses/trivy/vendor/github.com/golang/protobuf, /usr/share/licenses/trivy/vendor/github.com/prometheus/procfs, /usr/share/licenses/trivy/vendor/github.com/hashicorp/go-multierror, /usr/share/licenses/trivy/vendor/github.com/bitnami/go-version, /usr/share/licenses/trivy/vendor/sigs.k8s.io, /usr/share/licenses/trivy/vendor/github.com/in-toto, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/sqs, /usr/share/licenses/trivy/vendor/github.com/xanzy, /usr/share/licenses/trivy/vendor/github.com/google/shlex, /usr/share/licenses/trivy/vendor/github.com/google/wire, /usr/share/licenses/trivy/vendor/github.com/asaskevich/govalidator, /usr/share/licenses/trivy/vendor/github.com/AdaLogics/go-fuzz-headers, /usr/share/licenses/trivy/vendor/gopkg.in/inf.v0, /usr/share/licenses/trivy/vendor/github.com/masahiro331, /usr/share/licenses/trivy/vendor/github.com/emicklei/go-restful, /usr/share/licenses/trivy/vendor/github.com/santhosh-tekuri, /usr/share/licenses/trivy/vendor/go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go/internal/sync, /usr/share/licenses/trivy/vendor/github.com/containerd/continuity, /usr/share/licenses/trivy/vendor/github.com/Microsoft, /usr/share/licenses/trivy/vendor/github.com/sourcegraph/conc, /usr/share/licenses/trivy/vendor/github.com/open-policy- agent/opa/internal/edittree/bitvector, /usr/share/licenses/trivy/vendor/go.mongodb.org, /usr/share/licenses/trivy/vendor/google.golang.org/appengine, /usr/share/licenses/trivy/vendor/github.com/bitnami, /usr/share/licenses/trivy/vendor/cloud.google.com/go/internal, /usr/share/licenses/trivy/vendor/modernc.org/libc/honnef.co/go, /usr/share/licenses/trivy/vendor/k8s.io/apimachinery/third_party/forked, /usr/share/licenses/trivy/vendor/github.com/spdx/tools-golang, /usr/share/licenses/trivy/vendor/go.etcd.io/bbolt, /usr/share/licenses/trivy/vendor/github.com/hashicorp/go-safetemp, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk-go-v2/service, /usr/share/licenses/trivy/vendor, /usr/share/licenses/trivy/vendor/github.com/containerd/containerd, /usr/share/licenses/trivy/vendor/dario.cat, /usr/share/licenses/trivy/vendor/github.com/mailru/easyjson, /usr/share/licenses/trivy/vendor/github.com/emirpasic/gods, /usr/share/licenses/trivy/vendor/helm.sh/helm, /usr/share/licenses/trivy/vendor/github.com/magefile, /usr/share/licenses/trivy/vendor/go.opentelemetry.io/otel/trace, /usr/share/licenses/trivy/vendor/github.com/Azure/go-ansiterm, /usr/share/licenses/trivy/vendor/k8s.io/api, /usr/share/licenses/trivy/vendor/modernc.org/ccgo, /usr/share/licenses/trivy/vendor/sigs.k8s.io/kustomize/kyaml, /usr/share/licenses/trivy/vendor/github.com/santhosh- tekuri/jsonschema, /usr/share/licenses/trivy/vendor/github.com/Azure/azure-sdk-for-go, /usr/share/licenses/trivy/vendor/k8s.io/utils/internal, /usr/share/licenses/trivy/vendor/github.com/google/btree, /usr/share/licenses/trivy/vendor/github.com/aquasecurity/trivy-aws, /usr/share/licenses/trivy/vendor/k8s.io/utils/internal/third_party/forked/golang, /usr/share/licenses/trivy/vendor/github.com/sirupsen, /usr/share/licenses/trivy/vendor/github.com/sagikazarmark, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/cloudwatch, /usr/share/licenses/trivy/vendor/github.com/go-openapi/errors, /usr/share/licenses/trivy/vendor/github.com/cheggaaa, /usr/share/licenses/trivy/vendor/github.com/bmatcuk/doublestar, /usr/share/licenses/trivy/vendor/github.com/tchap/go-patricia, /usr/share/licenses/trivy/vendor/github.com/google/licenseclassifier/v2, /usr/share/licenses/trivy/vendor/github.com/jmespath, /usr/share/licenses/trivy/vendor/k8s.io/apiextensions-apiserver, /usr/share/licenses/trivy/vendor/github.com/open-policy- agent/opa/internal/providers, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/ecr, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/internal/endpoint-discovery, /usr/share/licenses/trivy/vendor/go.mongodb.org/mongo-driver, /usr/share/licenses/trivy/vendor/github.com/pelletier/go-toml, /usr/share/licenses/trivy/vendor/go.uber.org/multierr, /usr/share/licenses/trivy/vendor/github.com/owenrumney/squealer, /usr/share/licenses/trivy/vendor/github.com/CycloneDX, /usr/share/licenses/trivy/vendor/github.com/Intevation/gval, /usr/share/licenses/trivy/vendor/github.com/davecgh, /usr/share/licenses/trivy/vendor/github.com/kballard/go-shellquote, /usr/share/licenses/trivy/vendor/github.com/fatih/color, /usr/share/licenses/trivy/vendor/github.com/open-policy- agent/opa/internal/gqlparser, /usr/share/licenses/trivy/vendor/github.com/moby/patternmatcher, /usr/share/licenses/trivy/vendor/sigs.k8s.io/kustomize/kyaml/internal/forked/github.com/qri- io/starlib/util, /usr/share/licenses/trivy/vendor/github.com/moby/term, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/mq, /usr/share/licenses/trivy/vendor/github.com/Azure/go- autorest/autorest/adal, /usr/share/licenses/trivy/vendor/github.com/rivo, /usr/share/licenses/trivy/vendor/github.com/zclconf/go-cty-yaml, /usr/share/licenses/trivy/vendor/github.com/dgryski/go-rendezvous, /usr/share/licenses/trivy/vendor/github.com/liamg/memoryfs, /usr/share/licenses/trivy/vendor/github.com/go-errors/errors, /usr/share/licenses/trivy/vendor/github.com/containerd/cgroups, /usr/share/licenses/trivy/vendor/github.com/csaf- poc/csaf_distribution/v3, /usr/share/licenses/trivy/vendor/github.com/mitchellh/hashstructure/v2, /usr/share/licenses/trivy/vendor/github.com/bmatcuk/doublestar/v4, /usr/share/licenses/trivy/vendor/k8s.io/kubectl, /usr/share/licenses/trivy/vendor/github.com/xeipuuv/gojsonpointer, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/internal/v4a, /usr/share/licenses/trivy/vendor/lukechampine.com, /usr/share/licenses/trivy/vendor/k8s.io/kube-openapi, /usr/share/licenses/trivy/vendor/github.com/GoogleCloudPlatform, /usr/share/licenses/trivy/vendor/github.com/microsoft/go-rustaudit, /usr/share/licenses/trivy/vendor/github.com/mattn/go-runewidth, /usr/share/licenses/trivy/vendor/github.com, /usr/share/licenses/trivy/vendor/github.com/Masterminds/sprig/v3, /usr/share/licenses/trivy/vendor/github.com/agnivade, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/secretsmanager, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/elasticache, /usr/share/licenses/trivy/vendor/k8s.io/kube- openapi/pkg/internal/third_party, /usr/share/licenses/trivy/vendor/github.com/ulikunitz, /usr/share/licenses/trivy/vendor/github.com/emicklei/go-restful/v3, /usr/share/licenses/trivy/vendor/cloud.google.com/go, /usr/share/licenses/trivy/vendor/github.com/aquasecurity/loading, /usr/share/licenses/trivy/vendor/github.com/gosuri, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/credentials, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/aws/protocol/eventstream, /usr/share/licenses/trivy/vendor/github.com/go-git, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/iam, /usr/share/licenses/trivy/vendor/modernc.org/opt, /usr/share/licenses/trivy/vendor/sigs.k8s.io/kustomize/kyaml/internal/forked/github.com/qri- io/starlib, /usr/share/licenses/trivy/vendor/go.opentelemetry.io/otel, /usr/share/licenses/trivy/vendor/github.com/gorilla/websocket, /usr/share/licenses/trivy/vendor/github.com/inconshreveable, /usr/share/licenses/trivy/vendor/github.com/morikuni, /usr/share/licenses/trivy/vendor/github.com/alicebob/miniredis/v2, /usr/share/licenses/trivy/vendor/github.com/csaf- poc/csaf_distribution, /usr/share/licenses/trivy/vendor/github.com/Azure/go-autorest, /usr/share/licenses/trivy/vendor/github.com/Masterminds/squirrel, /usr/share/licenses/trivy/vendor/github.com/AdamKorcz/go-118-fuzz- build, /usr/share/licenses/trivy/vendor/github.com/containerd/stargz- snapshotter/estargz, /usr/share/licenses/trivy/vendor/github.com/cheggaaa/pb/v3, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/ebs, /usr/share/licenses/trivy/vendor/github.com/knqyf263/nested, /usr/share/licenses/trivy/vendor/github.com/go-redis/redis, /usr/share/licenses/trivy/vendor/github.com/liamg/iamgo, /usr/share/licenses/trivy/vendor/github.com/open-policy-agent/opa, /usr/share/licenses/trivy/vendor/github.com/aquasecurity/go-npm- version, /usr/share/licenses/trivy/vendor/github.com/sagikazarmark/locafero, /usr/share/licenses/trivy/vendor/github.com/aws, /usr/share/licenses/trivy/vendor/github.com/jmoiron, /usr/share/licenses/trivy/vendor/github.com/moby/sys, /usr/share/licenses/trivy/vendor/github.com/go-gorp/gorp, /usr/share/licenses/trivy/vendor/github.com/liggitt/tabwriter, /usr/share/licenses/trivy/vendor/sigs.k8s.io/kustomize/kyaml/internal/forked/github.com, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/efs, /usr/share/licenses/trivy/vendor/k8s.io/kube- openapi/pkg/validation, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/feature/s3, /usr/share/licenses/trivy/vendor/github.com/klauspost/compress, /usr/share/licenses/trivy/vendor/github.com/csaf- poc/csaf_distribution/v3/LICENSES, /usr/share/licenses/trivy/vendor/k8s.io/kube-openapi/pkg/internal, /usr/share/licenses/trivy/vendor/github.com/sergi, /usr/share/licenses/trivy/vendor/github.com/open-policy- agent/opa/internal/semver, /usr/share/licenses/trivy/vendor/google.golang.org/api/internal/third_party, /usr/share/licenses/trivy/vendor/github.com/cloudflare, /usr/share/licenses/trivy/vendor/google.golang.org/api/internal, /usr/share/licenses/trivy/vendor/github.com/moby/sys/user, /usr/share/licenses/trivy/vendor/github.com/cpuguy83/dockercfg, /usr/share/licenses/trivy/vendor/github.com/russross/blackfriday/v2, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/ecs, /usr/share/licenses/trivy/vendor/sigs.k8s.io/kustomize, /usr/share/licenses/trivy/vendor/github.com/prometheus/common/internal/bitbucket.org/ww/goautoneg, /usr/share/licenses/trivy/vendor/github.com/moby/sys/mountinfo, /usr/share/licenses/trivy/vendor/github.com/vbatts, /usr/share/licenses/trivy/vendor/github.com/cenkalti/backoff/v4, /usr/share/licenses/trivy/vendor/github.com/alicebob/miniredis/v2/geohash, /usr/share/licenses/trivy/vendor/github.com/antchfx, /usr/share/licenses/trivy/vendor/k8s.io/client-go/third_party, /usr/share/licenses/trivy/vendor/modernc.org/sqlite, /usr/share/licenses/trivy/vendor/github.com/go-logr/logr, /usr/share/licenses/trivy/vendor/github.com/golang, /usr/share/licenses/trivy/vendor/dario.cat/mergo, /usr/share/licenses/trivy/vendor/github.com/Intevation, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/lambda, /usr/share/licenses/trivy/vendor/k8s.io, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/cloudfront, /usr/share/licenses/trivy/vendor/github.com/oklog, /usr/share/licenses/trivy/vendor/cloud.google.com/go/compute, /usr/share/licenses/trivy/vendor/github.com/opencontainers, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/elasticsearchservice, /usr/share/licenses/trivy/vendor/github.com/googleapis/enterprise- certificate-proxy, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/kms, /usr/share/licenses/trivy/vendor/golang.org/x, /usr/share/licenses/trivy/vendor/github.com/docker/cli, /usr/share/licenses/trivy/vendor/github.com/alicebob/miniredis/v2/hyperloglog, /usr/share/licenses/trivy/vendor/github.com/mitchellh/go-homedir, /usr/share/licenses/trivy/vendor/github.com/containerd/log, /usr/share/licenses/trivy/vendor/github.com/knqyf263/go-rpmdb, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/internal/configsources, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/internal/ini, /usr/share/licenses/trivy/vendor/github.com/moby, /usr/share/licenses/trivy/vendor/github.com/olekukonko, /usr/share/licenses/trivy/vendor/github.com/evanphx/json-patch, /usr/share/licenses/trivy/vendor/github.com/klauspost/compress/internal, /usr/share/licenses/trivy/vendor/github.com/gobwas, /usr/share/licenses/trivy/vendor/github.com/CycloneDX/cyclonedx-go, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/sns, /usr/share/licenses/trivy/vendor/github.com/aws/smithy-go/internal, /usr/share/licenses/trivy/vendor/github.com/prometheus/common/internal, /usr/share/licenses/trivy/vendor/github.com/lunixbochs/struc, /usr/share/licenses/trivy/vendor/github.com/gosuri/uitable, /usr/share/licenses/trivy/vendor/github.com/mailru, /usr/share/licenses/trivy/vendor/github.com/pelletier, /usr/share/licenses/trivy/vendor/github.com/alicebob/miniredis, /usr/share/licenses/trivy/vendor/github.com/ProtonMail, /usr/share/licenses/trivy/vendor/github.com/samber/lo, /usr/share/licenses/trivy/vendor/github.com/go-redis/redis/v8, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/cloudtrail, /usr/share/licenses/trivy/vendor/github.com/sourcegraph, /usr/share/licenses/trivy/vendor/modernc.org/token, /usr/share/licenses/trivy/vendor/google.golang.org/genproto/googleapis, /usr/share/licenses/trivy/vendor/github.com/go-openapi/spec, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/apigateway, /usr/share/licenses/trivy/pkg, /usr/share/licenses/trivy/vendor/github.com/aws/smithy- go/internal/sync/singleflight, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/codebuild, /usr/share/licenses/trivy/vendor/k8s.io/apimachinery/third_party, /usr/share/licenses/trivy/pkg/iac/scanners/helm, /usr/share/licenses/trivy/vendor/github.com/prometheus/common, /usr/share/licenses/trivy/vendor/github.com/briandowns, /usr/share/licenses/trivy/vendor/github.com/opencontainers/go-digest, /usr/share/licenses/trivy/vendor/github.com/cyphar/filepath- securejoin, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/redshift, /usr/share/licenses/trivy/vendor/github.com/pelletier/go-toml/v2, /usr/share/licenses/trivy/vendor/k8s.io/client-go, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/feature/s3/manager, /usr/share/licenses/trivy/vendor/github.com/docker/docker-credential- helpers, /usr/share/licenses/trivy/vendor/github.com/rcrowley/go- metrics, /usr/share/licenses/trivy/vendor/modernc.org/libc/honnef.co, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/cloudwatchlogs, /usr/share/licenses/trivy/vendor/github.com/lann/ps, /usr/share/licenses/trivy/vendor/github.com/kballard, /usr/share/licenses/trivy/vendor/github.com/munnerz/goautoneg, /usr/share/licenses/trivy/vendor/github.com/pmezard, /usr/share/licenses/trivy/vendor/github.com/russross, /usr/share/licenses/trivy/vendor/k8s.io/kube- openapi/pkg/validation/spec, /usr/share/licenses/trivy/vendor/helm.sh/helm/v3, /usr/share/licenses/trivy/vendor/github.com/shopspring, /usr/share/licenses/trivy/vendor/github.com/anchore, /usr/share/licenses/trivy/vendor/github.com/Masterminds/goutils, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/internal/accept-encoding, /usr/share/licenses/trivy/vendor/k8s.io/kubectl/pkg/util/i18n/translations, /usr/share/licenses/trivy/vendor/github.com/docker/go-metrics, /usr/share/licenses/trivy/vendor/github.com/in-toto/in-toto-golang, /usr/share/licenses/trivy/vendor/k8s.io/client-go/third_party/forked, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/kafka, /usr/share/licenses/trivy/vendor/github.com/Azure/azure-sdk-for- go/sdk, /usr/share/licenses/trivy/vendor/github.com/hashicorp/hc- install, /usr/share/licenses/trivy/vendor/github.com/sigstore/rekor, /usr/share/licenses/trivy/vendor/github.com/morikuni/aec, /usr/share/licenses/trivy/vendor/github.com/Masterminds/semver, /usr/share/licenses/trivy/vendor/gopkg.in/ini.v1, /usr/share/licenses/trivy/vendor/google.golang.org/genproto/googleapis/api, /usr/share/licenses/trivy/vendor/github.com/mitchellh/hashstructure, /usr/share/licenses/trivy/vendor/github.com/GoogleCloudPlatform/docker- credential-gcr, /usr/share/licenses/trivy/vendor/github.com/antchfx/xpath, /usr/share/licenses/trivy/vendor/github.com/gosuri/uitable/util, /usr/share/licenses/trivy/vendor/go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc, /usr/share/licenses/trivy/vendor/github.com/dgryski, /usr/share/licenses/trivy/vendor/github.com/OneOfOne/xxhash, /usr/share/licenses/trivy/vendor/github.com/jmoiron/sqlx, /usr/share/licenses/trivy/vendor/github.com/saracen/walker, /usr/share/licenses/trivy/vendor/github.com/bmatcuk, /usr/share/licenses/trivy/vendor/github.com/testcontainers, /usr/share/licenses/trivy/vendor/github.com/zclconf, /usr/share/licenses/trivy/vendor/github.com/twitchtv/twirp, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/feature/ec2/imds, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/internal, /usr/share/licenses/trivy/vendor/github.com/Azure, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/internal/endpoints/v2, /usr/share/licenses/trivy/vendor/github.com/json-iterator, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/internal, /usr/share/licenses/trivy/vendor/github.com/hashicorp/errwrap, /usr/share/licenses/trivy/vendor/github.com/OneOfOne, /usr/share/licenses/trivy/vendor/github.com/gogo/protobuf, /usr/share/licenses/trivy/vendor/github.com/containerd/typeurl, /usr/share/licenses/trivy/vendor/github.com/kevinburke, /usr/share/licenses/trivy/vendor/google.golang.org/genproto, /usr/share/licenses/trivy/vendor/github.com/saracen, /usr/share/licenses/trivy/vendor/github.com/shibumi/go-pathspec, /usr/share/licenses/trivy/vendor/sigs.k8s.io/kustomize/api, /usr/share/licenses/trivy/vendor/github.com/distribution/reference, /usr/share/licenses/trivy/vendor/github.com/ulikunitz/xz, /usr/share/licenses/trivy/vendor/github.com/sagikazarmark/slog-shim, /usr/share/licenses/trivy/vendor/cloud.google.com, /usr/share/licenses/trivy/vendor/github.com/alicebob/miniredis/v2/metro, /usr/share/licenses/trivy/vendor/github.com/hashicorp/go-uuid, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/emr, /usr/share/licenses/trivy/vendor/go.uber.org, /usr/share/licenses/trivy/vendor/github.com/golang-jwt, /usr/share/licenses/trivy/vendor/github.com/cyphar, /usr/share/licenses/trivy/vendor/go.etcd.io, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/apigatewayv2, /usr/share/licenses/trivy/vendor/github.com/klauspost/compress/internal/snapref, /usr/share/licenses/trivy/vendor/github.com/liamg/jfather, /usr/share/licenses/trivy/vendor/modernc.org/ccgo/v3, /usr/share/licenses/trivy/vendor/sigs.k8s.io/kustomize/kyaml/internal/forked, /usr/share/licenses/trivy/vendor/github.com/golang/groupcache, /usr/share/licenses/trivy/vendor/golang.org/x/oauth2, /usr/share/licenses/trivy/vendor/github.com/stretchr, /usr/share/licenses/trivy/vendor/modernc.org/memory, /usr/share/licenses/trivy/vendor/github.com/russross/blackfriday, /usr/share/licenses/trivy/vendor/github.com/xeipuuv/gojsonreference, /usr/share/licenses/trivy/vendor/github.com/go-openapi/analysis, /usr/share/licenses/trivy/vendor/github.com/go-openapi/jsonpointer, /usr/share/licenses/trivy/vendor/github.com/MakeNowJust/heredoc, /usr/share/licenses/trivy/vendor/github.com/yuin, /usr/share/licenses/trivy/vendor/github.com/prometheus/common/internal/bitbucket.org, /usr/share/licenses/trivy/vendor/sigs.k8s.io/structured-merge-diff/v4, /usr/share/licenses/trivy/vendor/github.com/santhosh- tekuri/jsonschema/v5, /usr/share/licenses/trivy/vendor/github.com/openvex/go-vex, /usr/share/licenses/trivy/vendor/github.com/agext, /usr/share/licenses/trivy/vendor/github.com/emicklei, /usr/share/licenses/trivy/vendor/github.com/google/licenseclassifier, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/dynamodb, /usr/share/licenses/trivy/vendor/github.com/prometheus/common/internal/bitbucket.org/ww, /usr/share/licenses/trivy/vendor/github.com/masahiro331/go- ext4-filesystem, /usr/share/licenses/trivy/vendor/github.com/go- openapi/validate, /usr/share/licenses/trivy/vendor/github.com/hashicorp/go-getter, /usr/share/licenses/trivy/vendor/github.com/secure-systems-lab, /usr/share/licenses/trivy/pkg/iac/scanners/helm/test/mysql/charts, /usr/share/licenses/trivy/vendor/gopkg.in/yaml.v2, /usr/share/licenses/trivy/vendor/github.com/hashicorp/hcl, /usr/share/licenses/trivy/vendor/github.com/go-git/go-git/v5, /usr/share/licenses/trivy/vendor/github.com/josharian/intern, /usr/share/licenses/trivy/vendor/github.com/anchore/go-struct- converter, /usr/share/licenses/trivy/vendor/k8s.io/utils/internal/third_party/forked, /usr/share/licenses/trivy/vendor/modernc.org/mathutil, /usr/share/licenses/trivy/vendor/github.com/xanzy/ssh-agent, /usr/share/licenses/trivy/vendor/github.com/imdario, /usr/share/licenses/trivy/vendor/github.com/skeema/knownhosts, /usr/share/licenses/trivy/vendor/github.com/apparentlymart/go-textseg, /usr/share/licenses/trivy/vendor/google.golang.org/protobuf, /usr/share/licenses/trivy/vendor/github.com/gregjones, /usr/share/licenses/trivy/vendor/github.com/cespare/xxhash/v2, /usr/share/licenses/trivy/vendor/github.com/go-openapi/strfmt, /usr/share/licenses/trivy/vendor/github.com/VividCortex, /usr/share/licenses/trivy/vendor/github.com/mitchellh/reflectwalk, /usr/share/licenses/trivy/vendor/oras.land/oras-go, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/neptune, /usr/share/licenses/trivy/vendor/github.com/aquasecurity/go-gem- version, /usr/share/licenses/trivy/vendor/github.com/shibumi, /usr/share/licenses/trivy/vendor/github.com/cheggaaa/pb, /usr/share/licenses/trivy/vendor/github.com/aquasecurity/trivy-java- db, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/elasticloadbalancingv2, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/workspaces, /usr/share/licenses/trivy/vendor/github.com/xlab, /usr/share/licenses/trivy/vendor/k8s.io/kubectl/pkg/util/i18n, /usr/share/licenses/trivy/vendor/github.com/go-openapi, /usr/share/licenses/trivy/vendor/golang.org/x/text, /usr/share/licenses/trivy/vendor/modernc.org/libc/honnef.co/go/netdb, /usr/share/licenses/trivy/vendor/github.com/peterbourgon/diskv, /usr/share/licenses/trivy/vendor/modernc.org/cc/v3, /usr/share/licenses/trivy/vendor/gopkg.in/cheggaaa, /usr/share/licenses/trivy/vendor/github.com/owenrumney, /usr/share/licenses/trivy/vendor/gopkg.in/cheggaaa/pb.v1, /usr/share/licenses/trivy/vendor/github.com/hashicorp, /usr/share/licenses/trivy/vendor/github.com/huandu, /usr/share/licenses/trivy/vendor/github.com/secure-systems-lab/go- securesystemslib, /usr/share/licenses/trivy/vendor/github.com/mattn, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk-go, /usr/share/licenses/trivy/vendor/github.com/stretchr/testify, /usr/share/licenses/trivy/vendor/github.com/knqyf263, /usr/share/licenses/trivy/vendor/github.com/Azure/azure-sdk-for- go/sdk/internal, /usr/share/licenses/trivy/vendor/github.com/moby/sys/sequential, /usr/share/licenses/trivy/vendor/github.com/prometheus, /usr/share/licenses/trivy/vendor/github.com/bgentry, /usr/share/licenses/trivy/vendor/github.com/xlab/treeprint, /usr/share/licenses/trivy/vendor/github.com/masahiro331/go-mvn- version, /usr/share/licenses/trivy/vendor/cloud.google.com/go/compute/metadata, /usr/share/licenses/trivy/vendor/helm.sh, /usr/share/licenses/trivy/vendor/github.com/inconshreveable/mousetrap, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/internal/s3shared, /usr/share/licenses/trivy/vendor/k8s.io/klog/v2, /usr/share/licenses/trivy/vendor/github.com/docker/docker, /usr/share/licenses/trivy/vendor/github.com/AzureAD/microsoft- authentication-library-for-go, /usr/share/licenses/trivy/vendor/github.com/pjbgf/sha1cd, /usr/share/licenses/trivy/vendor/github.com/open-policy- agent/opa/internal/edittree, /usr/share/licenses/trivy/vendor/golang.org, /usr/share/licenses/trivy/vendor/github.com/Microsoft/go-winio, /usr/share/licenses/trivy/vendor/github.com/spf13/pflag, /usr/share/licenses/trivy/vendor/cloud.google.com/go/storage, /usr/share/licenses/trivy/vendor/github.com/gregjones/httpcache, /usr/share/licenses/trivy/vendor/github.com/googleapis/gax-go, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/internal/sync, /usr/share/licenses/trivy/vendor/github.com/aquasecurity/trivy- kubernetes, /usr/share/licenses/trivy/vendor/github.com/google/go- containerregistry, /usr/share/licenses/trivy/vendor/github.com/aquasecurity/go-version, /usr/share/licenses/trivy/vendor/github.com/opentracing/opentracing- go, /usr/share/licenses/trivy/vendor/github.com/google/gofuzz, /usr/share/licenses/trivy/vendor/github.com/Intevation/jsonpath, /usr/share/licenses/trivy/vendor/github.com/MakeNowJust, /usr/share/licenses/trivy/vendor/github.com/spf13/cast, /usr/share/licenses/trivy/vendor/k8s.io/kube- openapi/pkg/internal/third_party/go-json-experiment/json, /usr/share/licenses/trivy/vendor/sigs.k8s.io/kustomize/kyaml/internal/forked/github.com/qri- io, /usr/share/licenses/trivy/vendor/github.com/mattn/go-isatty, /usr/share/licenses/trivy/vendor/github.com/munnerz, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/internal/endpoints, /usr/share/licenses/trivy/vendor/github.com/peterbourgon, /usr/share/licenses/trivy/vendor/github.com/rubenv/sql- migrate/sqlparse, /usr/share/licenses/trivy/vendor/github.com/package- url/packageurl-go, /usr/share/licenses/trivy/vendor/github.com/yashtewari/glob- intersection, /usr/share/licenses/trivy/vendor/go.opentelemetry.io/otel/sdk, /usr/share/licenses/trivy/vendor/github.com/goccy/go-yaml, /usr/share/licenses/trivy/vendor/github.com/briandowns/spinner, /usr/share/licenses/trivy/vendor/github.com/lann/builder, /usr/share/licenses/trivy/vendor/cloud.google.com/go/iam, /usr/share/licenses/trivy/vendor/github.com/aquasecurity/testdocker, /usr/share/licenses/trivy/vendor/github.com/BurntSushi, /usr/share/licenses/trivy/vendor/github.com/mxk/go-flowrate, /usr/share/licenses/trivy/vendor/github.com/open-policy- agent/opa/internal/gojsonschema, /usr/share/licenses/trivy/vendor/github.com/fatih, /usr/share/licenses/trivy/vendor/github.com/chai2010, /usr/share/licenses/trivy/vendor/github.com/pmezard/go-difflib, /usr/share/licenses/trivy/vendor/github.com/lann, /usr/share/licenses/trivy/pkg/iac/scanners/helm/test, /usr/share/licenses/trivy/vendor/github.com/jmespath/go-jmespath, /usr/share/licenses/trivy/vendor/github.com/google/go-cmp, /usr/share/licenses/trivy/vendor/github.com/opencontainers/image-spec, /usr/share/licenses/trivy/vendor/golang.org/x/tools, /usr/share/licenses/trivy/vendor/github.com/cespare/xxhash, /usr/share/licenses/trivy/vendor/github.com/monochromegane, /usr/share/licenses/trivy/pkg/iac/scanners/helm/test/mysql/charts/common, /usr/share/licenses/trivy/vendor/github.com/google, /usr/share/licenses/trivy/vendor/github.com/moby/locker, /usr/share/licenses/trivy/vendor/github.com/liamg, /usr/share/licenses/trivy/vendor/github.com/google/uuid, /usr/share/licenses/trivy/vendor/github.com/magiconair, /usr/share/licenses/trivy/vendor/github.com/dustin/go-humanize, /usr/share/licenses/trivy/vendor/github.com/knqyf263/go-apk-version, /usr/share/licenses/trivy/vendor/github.com/yashtewari, /usr/share/licenses/trivy/vendor/modernc.org, /usr/share/licenses/trivy/vendor/google.golang.org/api, /usr/share/licenses/trivy/vendor/github.com/pkg/browser, /usr/share/licenses/trivy/vendor/google.golang.org/api/internal/third_party/uritemplates, /usr/share/licenses/trivy/vendor/go.opentelemetry.io/contrib/instrumentation/google.golang.org, /usr/share/licenses/trivy/vendor/go.opentelemetry.io/otel/metric, /usr/share/licenses/trivy/vendor/github.com/zclconf/go-cty, /usr/share/licenses/trivy/vendor/github.com/cloudflare/circl, /usr/share/licenses/trivy/vendor/github.com/olekukonko/tablewriter, /usr/share/licenses/trivy/vendor/modernc.org/libc, /usr/share/licenses/trivy/vendor/github.com/open-policy- agent/opa/internal/jwx, /usr/share/licenses/trivy/vendor/github.com/rubenv, /usr/share/licenses/trivy/vendor/github.com/spf13, /usr/share/licenses/trivy/vendor/github.com/go-errors, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk-go-v2, /usr/share/licenses/trivy/vendor/github.com/aquasecurity/go- pep440-version, /usr/share/licenses/trivy/vendor/github.com/aws/aws- sdk-go-v2/service/athena, /usr/share/licenses/trivy/vendor/github.com/modern-go/reflect2, /usr/share/licenses/trivy/vendor/github.com/docker/go-connections, /usr/share/licenses/trivy/vendor/github.com/go-gorp, /usr/share/licenses/trivy/vendor/github.com/NYTimes/gziphandler, /usr/share/licenses/trivy/pkg/iac/scanners/helm/test/mysql, /usr/share/licenses/trivy/vendor/k8s.io/utils/internal/third_party, /usr/share/licenses/trivy/vendor/sigs.k8s.io/structured-merge-diff, /usr/share/licenses/trivy/vendor/github.com/go-gorp/gorp/v3, /usr/share/licenses/trivy/vendor/github.com/samber, /usr/share/licenses/trivy/vendor/github.com/aquasecurity/trivy- policies, /usr/share/licenses/trivy/vendor/github.com/Azure/azure-sdk- for-go/sdk/azidentity, /usr/share/licenses/trivy/vendor/github.com/xeipuuv/gojsonschema, /usr/share/licenses/trivy/vendor/github.com/json-iterator/go, /usr/share/licenses/trivy/vendor/k8s.io/kubectl/pkg, /usr/share/licenses/trivy/vendor/k8s.io/apiserver, /usr/share/licenses/trivy/vendor/github.com/masahiro331/go-vmdk- parser, /usr/share/licenses/trivy/vendor/github.com/josharian, /usr/share/licenses/trivy/vendor/github.com/owenrumney/go-sarif/v2, /usr/share/licenses/trivy/vendor/github.com/modern-go/concurrent, /usr/share/licenses/trivy/vendor/github.com/opentracing, /usr/share/licenses/trivy/vendor/github.com/testcontainers/testcontainers- go/modules/localstack, /usr/share/licenses/trivy/vendor/github.com/BurntSushi/toml, /usr/share/licenses/trivy/vendor/github.com/alicebob/miniredis/v2/fpconv, /usr/share/licenses/trivy/vendor/github.com/gofrs/uuid, /usr/share/licenses/trivy/vendor/github.com/googleapis, /usr/share/licenses/trivy/vendor/go.starlark.net, /usr/share/licenses/trivy/vendor/gopkg.in, /usr/share/licenses/trivy/vendor/github.com/docker/go-events, /usr/share/licenses/trivy/vendor/github.com/gobwas/glob, /usr/share/licenses/trivy/vendor/github.com/go-ini, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/docdb, /usr/share/licenses/trivy/vendor/github.com/csaf- poc, /usr/share/licenses/trivy/vendor/github.com/docker, /usr/share/licenses/trivy/vendor/github.com/opencontainers/runtime- spec, /usr/share/licenses/trivy/vendor/go.uber.org/zap, /usr/share/licenses/trivy/vendor/github.com/yuin/gopher-lua, /usr/share/licenses/trivy/vendor/github.com/go-openapi/swag, /usr/share/licenses/trivy/vendor/github.com/tetratelabs/wazero, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/ec2, /usr/share/licenses/trivy/vendor/github.com/google/s2a-go, /usr/share/licenses/trivy/vendor/github.com/pjbgf, /usr/share/licenses/trivy/vendor/github.com/monochromegane/go- gitignore, /usr/share/licenses/trivy/vendor/github.com/VividCortex/ewma, /usr/share/licenses/trivy/vendor/github.com/oklog/ulid, /usr/share/licenses/trivy/vendor/github.com/felixge, /usr/share/licenses/trivy/vendor/github.com/Azure/go- autorest/autorest, /usr/share/licenses/trivy/vendor/github.com/lib/pq, /usr/share/licenses/trivy/vendor/github.com/testcontainers/testcontainers- go, /usr/share/licenses/trivy/vendor/github.com/alecthomas, /usr/share/licenses/trivy/vendor/github.com/testcontainers/testcontainers- go/modules, /usr/share/licenses/trivy/vendor/github.com/klauspost/compress/zstd/internal, /usr/share/licenses/trivy/vendor/github.com/gofrs, /usr/share/licenses/trivy/vendor/github.com/twitchtv, /usr/share/licenses/trivy/vendor/go.opentelemetry.io/contrib/instrumentation/net, /usr/share/licenses/trivy/vendor/github.com/go-openapi/runtime, /usr/share/licenses/trivy/vendor/golang.org/x/sys, /usr/share/licenses/trivy/vendor/github.com/go-logr/stdr, /usr/share/licenses/trivy/vendor/github.com/rubenv/sql-migrate, /usr/share/licenses/trivy/vendor/github.com/agext/levenshtein, /usr/share/licenses/trivy/vendor/github.com/opencontainers/selinux, /usr/share/licenses/trivy/vendor/github.com/lunixbochs, /usr/share/licenses/trivy/vendor/github.com/alicebob/gopher-json, /usr/share/licenses/trivy/vendor/golang.org/x/net, /usr/share/licenses/trivy/vendor/github.com/go-logr, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/sts, /usr/share/licenses/trivy/vendor/github.com/go- git/go-git, /usr/share/licenses/trivy/vendor/github.com/NYTimes, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk-go-v2/config, /usr/share/licenses/trivy/vendor/github.com/sigstore, /usr/share/licenses/trivy/vendor/github.com/go-ini/ini, /usr/share/licenses/trivy/vendor/go.opentelemetry.io/contrib/instrumentation, /usr/share/licenses/trivy/vendor/github.com/package-url, /usr/share/licenses/trivy/vendor/github.com/masahiro331/go-ebs-file, /usr/share/licenses/trivy/vendor/github.com/quasilyte, /usr/share/licenses/trivy/vendor/github.com/containerd/typeurl/v2, /usr/share/licenses/trivy/vendor/github.com/knqyf263/go-rpm-version, /usr/share/licenses/trivy/vendor/gopkg.in/warnings.v0, /usr/share/licenses/trivy/vendor/github.com/fsnotify/fsnotify, /usr/share/licenses/trivy/vendor/github.com/mitchellh/go-testing- interface, /usr/share/licenses/trivy/vendor/github.com/containerd/ttrpc, /usr/share/licenses/trivy/vendor/github.com/huandu/xstrings, /usr/share/licenses/trivy/vendor/golang.org/x/time
[!]: Package must own all directories that it creates. Note: Directories without known owners: /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/efs, /usr/share/licenses/trivy/vendor/github.com/liggitt/tabwriter, /usr/share/licenses/trivy/vendor/sigs.k8s.io/kustomize/kyaml/internal/forked/github.com, /usr/share/licenses/trivy/vendor/github.com/kylelemons, /usr/share/licenses/trivy/vendor/k8s.io/kube-openapi/pkg/validation, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/feature/s3, /usr/share/licenses/trivy/vendor/sigs.k8s.io/kustomize/kyaml/internal/forked/github.com/go- yaml, /usr/share/licenses/trivy/vendor/github.com/klauspost/compress, /usr/share/licenses/trivy/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp, /usr/share/licenses/trivy/vendor/github.com/csaf- poc/csaf_distribution/v3/LICENSES, /usr/share/licenses/trivy/vendor/github.com/docker/go-units, /usr/share/licenses/trivy/vendor/github.com/moby/spdystream, /usr/share/licenses/trivy/vendor/github.com/sergi, /usr/share/licenses/trivy/vendor/github.com/open-policy- agent/opa/internal/semver, /usr/share/licenses/trivy/vendor/k8s.io/kube-openapi/pkg/internal, /usr/share/licenses/trivy/vendor/github.com/hashicorp/hcl/v2, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/accessanalyzer, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/sso, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/rds, /usr/share/licenses/trivy/vendor/github.com/beorn7, /usr/share/licenses/trivy/vendor/github.com/beorn7/perks, /usr/share/licenses/trivy/vendor/github.com/AzureAD, /usr/share/licenses/trivy/vendor/google.golang.org/api/internal/third_party, /usr/share/licenses/trivy/vendor/github.com/cloudflare, /usr/share/licenses/trivy/vendor/google.golang.org/api/internal, /usr/share/licenses/trivy/vendor/github.com/moby/sys/user, /usr/share/licenses/trivy/vendor/github.com/mxk, /usr/share/licenses/trivy/vendor/github.com/cpuguy83/dockercfg, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/ecs, /usr/share/licenses/trivy/vendor/github.com/russross/blackfriday/v2, /usr/share/licenses/trivy/pkg/iac, /usr/share/licenses/trivy/vendor/sigs.k8s.io/kustomize, /usr/share/licenses/trivy/vendor/github.com/prometheus/common/internal/bitbucket.org/ww/goautoneg, /usr/share/licenses/trivy/vendor/go.opentelemetry.io/contrib, /usr/share/licenses/trivy/vendor/github.com/moby/sys/mountinfo, /usr/share/licenses/trivy/vendor/github.com/jbenet/go-context, /usr/share/licenses/trivy/vendor/github.com/vbatts, /usr/share/licenses/trivy/vendor/github.com/cenkalti/backoff/v4, /usr/share/licenses/trivy/vendor/github.com/alicebob/miniredis/v2/geohash, /usr/share/licenses/trivy/vendor/github.com/antchfx, /usr/share/licenses/trivy/vendor/k8s.io/client-go/third_party, /usr/share/licenses/trivy/vendor/modernc.org/sqlite, /usr/share/licenses/trivy/vendor/github.com/go-logr/logr, /usr/share/licenses/trivy/vendor/github.com/golang, /usr/share/licenses/trivy/vendor/github.com/go-git/go-billy/v5, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk-go-v2/feature, /usr/share/licenses/trivy/vendor/dario.cat/mergo, /usr/share/licenses/trivy/vendor/github.com/Intevation, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/lambda, /usr/share/licenses/trivy/vendor/github.com/dlclark, /usr/share/licenses/trivy/vendor/github.com/spdx, /usr/share/licenses/trivy/vendor/k8s.io, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/cloudfront, /usr/share/licenses/trivy/vendor/github.com/modern-go, /usr/share/licenses/trivy/vendor/github.com/oklog, /usr/share/licenses/trivy/vendor/cloud.google.com/go/compute, /usr/share/licenses/trivy/vendor/github.com/subosito/gotenv, /usr/share/licenses/trivy/vendor/github.com/opencontainers, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/elasticsearchservice, /usr/share/licenses/trivy/vendor/github.com/googleapis/enterprise- certificate-proxy, /usr/share/licenses/trivy/vendor/github.com/spf13/afero, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/kms, /usr/share/licenses/trivy/vendor/golang.org/x, /usr/share/licenses/trivy/vendor/github.com/docker/cli, /usr/share/licenses/trivy/vendor/github.com/alicebob/miniredis/v2/hyperloglog, /usr/share/licenses/trivy/vendor/github.com/vbatts/tar-split, /usr/share/licenses/trivy/vendor/github.com/cenkalti/backoff, /usr/share/licenses/trivy/vendor/github.com/mitchellh/go-homedir, /usr/share/licenses/trivy/vendor/github.com/containerd/log, /usr/share/licenses/trivy/vendor/github.com/knqyf263/go-rpmdb, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/internal/configsources, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/internal/ini, /usr/share/licenses/trivy/vendor/github.com/moby, /usr/share/licenses/trivy/vendor/github.com/olekukonko, /usr/share/licenses/trivy/vendor/github.com/evanphx/json-patch, /usr/share/licenses/trivy/vendor/github.com/klauspost/compress/internal, /usr/share/licenses/trivy/vendor/github.com/gobwas, /usr/share/licenses/trivy/vendor/github.com/CycloneDX/cyclonedx-go, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/sns, /usr/share/licenses/trivy/vendor/github.com/aws/smithy-go/internal, /usr/share/licenses/trivy/vendor/github.com/cespare, /usr/share/licenses/trivy/vendor/gopkg.in/yaml.v3, /usr/share/licenses/trivy/vendor/github.com/prometheus/common/internal, /usr/share/licenses/trivy/vendor/github.com/golang-jwt/jwt/v5, /usr/share/licenses/trivy/vendor/google.golang.org/grpc, /usr/share/licenses/trivy/vendor/github.com/lunixbochs/struc, /usr/share/licenses/trivy/vendor/github.com/gosuri/uitable, /usr/share/licenses/trivy/vendor/github.com/mailru, /usr/share/licenses/trivy/vendor/github.com/pelletier, /usr/share/licenses/trivy/vendor/github.com/alicebob/miniredis, /usr/share/licenses/trivy/vendor/github.com/quasilyte/go-ruleguard, /usr/share/licenses/trivy/vendor/github.com/ProtonMail, /usr/share/licenses/trivy/vendor/github.com/moby/buildkit, /usr/share/licenses/trivy/vendor/github.com/samber/lo, /usr/share/licenses/trivy/vendor/github.com/quasilyte/go- ruleguard/dsl, /usr/share/licenses/trivy/vendor/github.com/go- redis/redis/v8, /usr/share/licenses/trivy/vendor/github.com/aws/aws- sdk-go-v2/service/cloudtrail, /usr/share/licenses/trivy/vendor/github.com/golang-jwt/jwt, /usr/share/licenses/trivy/vendor/github.com/subosito, /usr/share/licenses/trivy/vendor/github.com/owenrumney/go-sarif, /usr/share/licenses/trivy/vendor/github.com/sourcegraph, /usr/share/licenses/trivy/vendor/github.com/tchap, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/apigateway, /usr/share/licenses/trivy/vendor/github.com/go-openapi/spec, /usr/share/licenses/trivy/vendor/github.com/aws/smithy-go, /usr/share/licenses/trivy/vendor/github.com/sergi/go-diff, /usr/share/licenses/trivy/vendor/google.golang.org, /usr/share/licenses/trivy/pkg, /usr/share/licenses/trivy/vendor/google.golang.org/genproto/googleapis, /usr/share/licenses/trivy/vendor/modernc.org/token, /usr/share/licenses/trivy/vendor/github.com/exponent-io, /usr/share/licenses/trivy/vendor/github.com/go- openapi/runtime/middleware/denco, /usr/share/licenses/trivy/vendor/github.com/shopspring/decimal, /usr/share/licenses/trivy/vendor/github.com/aws/smithy- go/internal/sync/singleflight, /usr/share/licenses/trivy/vendor/github.com/Azure/go-autorest/logger, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/eks, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/codebuild, /usr/share/licenses/trivy/vendor/github.com/microsoft, /usr/share/licenses/trivy/vendor/k8s.io/kube- openapi/pkg/internal/third_party/go-json-experiment, /usr/share/licenses/trivy/vendor/k8s.io/apimachinery/third_party, /usr/share/licenses/trivy/pkg/iac/scanners/helm, /usr/share/licenses/trivy/vendor/github.com/alecthomas/chroma, /usr/share/licenses/trivy/vendor/github.com/prometheus/common, /usr/share/licenses/trivy/vendor/github.com/remyoudompheng/bigfft, /usr/share/licenses/trivy/vendor/github.com/mitchellh/mapstructure, /usr/share/licenses/trivy/vendor/github.com/briandowns, /usr/share/licenses/trivy/vendor/github.com/docker/distribution, /usr/share/licenses/trivy/vendor/github.com/antchfx/htmlquery, /usr/share/licenses/trivy/vendor/github.com/opencontainers/go-digest, /usr/share/licenses/trivy/vendor/github.com/spf13/cobra, /usr/share/licenses/trivy/vendor/github.com/klauspost/compress/zstd/internal/xxhash, /usr/share/licenses/trivy/vendor/github.com/cyphar/filepath- securejoin, /usr/share/licenses/trivy/vendor/github.com/Azure/azure- sdk-for-go/sdk/azcore, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/redshift, /usr/share/licenses/trivy/vendor/github.com/pelletier/go-toml/v2, /usr/share/licenses/trivy/vendor/k8s.io/apimachinery, /usr/share/licenses/trivy/vendor/k8s.io/client-go, /usr/share/licenses/trivy/vendor/sigs.k8s.io/json, /usr/share/licenses/trivy/vendor/github.com/cenkalti, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/feature/s3/manager, /usr/share/licenses/trivy/vendor/github.com/hashicorp/golang-lru/v2, /usr/share/licenses/trivy/vendor/github.com/imdario/mergo, /usr/share/licenses/trivy/vendor/github.com/containerd, /usr/share/licenses/trivy/vendor/k8s.io/client- go/third_party/forked/golang, /usr/share/licenses/trivy/vendor/github.com/agnivade/levenshtein, /usr/share/licenses/trivy/vendor/github.com/docker/docker-credential- helpers, /usr/share/licenses/trivy/vendor/github.com/rcrowley/go- metrics, /usr/share/licenses/trivy/vendor/github.com/aquasecurity, /usr/share/licenses/trivy/vendor/modernc.org/libc/honnef.co, /usr/share/licenses/trivy/vendor/github.com/klauspost/compress/zstd, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/cloudwatchlogs, /usr/share/licenses/trivy/vendor/github.com/felixge/httpsnoop, /usr/share/licenses/trivy/vendor/github.com/kballard, /usr/share/licenses/trivy/vendor/github.com/lann/ps, /usr/share/licenses/trivy/vendor/github.com/munnerz/goautoneg, /usr/share/licenses/trivy/vendor/github.com/pmezard, /usr/share/licenses/trivy/vendor/github.com/chai2010/gettext-go, /usr/share/licenses/trivy/vendor/github.com/tchap/go-patricia/v2, /usr/share/licenses/trivy/vendor/github.com/aquasecurity/bolt- fixtures, /usr/share/licenses/trivy/vendor/github.com/russross, /usr/share/licenses/trivy/vendor/github.com/xeipuuv, /usr/share/licenses/trivy/vendor/k8s.io/kube- openapi/pkg/validation/spec, /usr/share/licenses/trivy/vendor/github.com/open-policy-agent, /usr/share/licenses/trivy/vendor/github.com/shopspring, /usr/share/licenses/trivy/vendor/github.com/anchore, /usr/share/licenses/trivy/vendor/helm.sh/helm/v3, /usr/share/licenses/trivy/vendor/github.com/Masterminds/goutils, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/internal/accept-encoding, /usr/share/licenses/trivy/vendor/github.com/golang-jwt/jwt/v4, /usr/share/licenses/trivy/vendor/k8s.io/kubectl/pkg/util/i18n/translations, /usr/share/licenses/trivy/vendor/github.com/docker/go-metrics, /usr/share/licenses/trivy/vendor/github.com/in-toto/in-toto-golang, /usr/share/licenses/trivy/vendor/k8s.io/client-go/third_party/forked, /usr/share/licenses/trivy/vendor/github.com/cpuguy83/go-md2man, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/kafka, /usr/share/licenses/trivy/vendor/github.com/Azure/azure-sdk-for- go/sdk, /usr/share/licenses/trivy/vendor/github.com/hashicorp/hc- install, /usr/share/licenses/trivy/vendor/github.com/sigstore/rekor, /usr/share/licenses/trivy/vendor/github.com/distribution, /usr/share/licenses/trivy/vendor/github.com/Masterminds/semver, /usr/share/licenses/trivy/vendor/github.com/morikuni/aec, /usr/share/licenses/trivy/vendor/gopkg.in/ini.v1, /usr/share/licenses/trivy/vendor/github.com/emirpasic, /usr/share/licenses/trivy/vendor/google.golang.org/genproto/googleapis/api, /usr/share/licenses/trivy/vendor/github.com/mitchellh/hashstructure, /usr/share/licenses/trivy/vendor/github.com/pkg/errors, /usr/share/licenses/trivy/vendor/oras.land, /usr/share/licenses/trivy/vendor/github.com/GoogleCloudPlatform/docker- credential-gcr, /usr/share/licenses/trivy/vendor/github.com/antchfx/xpath, /usr/share/licenses/trivy/vendor/github.com/gosuri/uitable/util, /usr/share/licenses/trivy/vendor/go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc, /usr/share/licenses/trivy/vendor/github.com/go-openapi/loads, /usr/share/licenses/trivy/vendor/github.com/dgryski, /usr/share/licenses/trivy/vendor/go.opentelemetry.io, /usr/share/licenses/trivy/vendor/github.com/knqyf263/go-deb-version, /usr/share/licenses/trivy/vendor/github.com/masahiro331/go-disk, /usr/share/licenses/trivy/vendor/github.com/cpuguy83/go-md2man/v2, /usr/share/licenses/trivy/vendor/github.com/OneOfOne/xxhash, /usr/share/licenses/trivy/vendor/github.com/jmoiron/sqlx, /usr/share/licenses/trivy/vendor/github.com/openvex, /usr/share/licenses/trivy/vendor/github.com/rivo/uniseg, /usr/share/licenses/trivy/vendor/github.com/open-policy- agent/opa/internal/providers/aws, /usr/share/licenses/trivy/vendor/github.com/saracen/walker, /usr/share/licenses/trivy/vendor/github.com/bmatcuk, /usr/share/licenses/trivy/vendor/sigs.k8s.io/yaml/goyaml.v2, /usr/share/licenses/trivy/vendor/github.com/magiconair/properties, /usr/share/licenses/trivy/vendor/github.com/testcontainers, /usr/share/licenses/trivy/vendor/github.com/zclconf, /usr/share/licenses/trivy/vendor/github.com/huandu/xstrings, /usr/share/licenses/trivy/vendor/github.com/twitchtv/twirp, /usr/share/licenses/trivy/vendor/github.com/magefile/mage, /usr/share/licenses/trivy/vendor/github.com/aquasecurity/tml, /usr/share/licenses/trivy/vendor/github.com/evanphx, /usr/share/licenses/trivy/vendor/github.com/go-git/go-billy, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/feature/ec2/imds, /usr/share/licenses/trivy/vendor/github.com/davecgh/go-spew, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/internal, /usr/share/licenses/trivy/vendor/github.com/Azure, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/internal/endpoints/v2, /usr/share/licenses/trivy/vendor/cloud.google.com/go/internal/version, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/internal, /usr/share/licenses/trivy/vendor/github.com/json- iterator, /usr/share/licenses/trivy/vendor/github.com/hashicorp/errwrap, /usr/share/licenses/trivy/vendor/github.com/OneOfOne, /usr/share/licenses/trivy/vendor/github.com/mitchellh/go-wordwrap, /usr/share/licenses/trivy/vendor/github.com/gogo/protobuf, /usr/share/licenses/trivy/vendor/github.com/stretchr/objx, /usr/share/licenses/trivy/vendor/github.com/hashicorp/terraform-json, /usr/share/licenses/trivy/vendor/github.com/apparentlymart/go- textseg/v15, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/internal/sync/singleflight, /usr/share/licenses/trivy/vendor/github.com/containerd/fifo, /usr/share/licenses/trivy/vendor/github.com/masahiro331/go-xfs- filesystem, /usr/share/licenses/trivy/vendor/github.com/containerd/typeurl, /usr/share/licenses/trivy/vendor/github.com/sosedoff, /usr/share/licenses/trivy/vendor/github.com/kevinburke, /usr/share/licenses/trivy/vendor/google.golang.org/genproto, /usr/share/licenses/trivy/vendor/github.com/saracen, /usr/share/licenses/trivy/vendor/github.com/shibumi/go-pathspec, /usr/share/licenses/trivy/vendor/sigs.k8s.io/kustomize/api, /usr/share/licenses/trivy/vendor/github.com/distribution/reference, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/internal/presigned-url, /usr/share/licenses/trivy/vendor/github.com/ulikunitz/xz, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk-go/internal, /usr/share/licenses/trivy/vendor/github.com/sagikazarmark/slog-shim, /usr/share/licenses/trivy/vendor/cloud.google.com, /usr/share/licenses/trivy/vendor/k8s.io/kubectl/pkg/util, /usr/share/licenses/trivy/vendor/github.com/pkg, /usr/share/licenses/trivy/vendor/github.com/alicebob/miniredis/v2/metro, /usr/share/licenses/trivy/vendor/github.com/hashicorp/go-uuid, /usr/share/licenses/trivy/vendor/github.com/rcrowley, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/emr, /usr/share/licenses/trivy/vendor/go.uber.org, /usr/share/licenses/trivy/vendor/github.com/golang-jwt, /usr/share/licenses/trivy/vendor/modernc.org/strutil, /usr/share/licenses/trivy/vendor/github.com/cyphar, /usr/share/licenses/trivy/vendor/go.etcd.io, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/apigatewayv2, /usr/share/licenses/trivy/vendor/github.com/klauspost/compress/internal/snapref, /usr/share/licenses/trivy/vendor/github.com/liamg/jfather, /usr/share/licenses/trivy/vendor/modernc.org/ccgo/v3, /usr/share/licenses/trivy/vendor/github.com/fsnotify, /usr/share/licenses/trivy/vendor/sigs.k8s.io/kustomize/kyaml/internal/forked, /usr/share/licenses/trivy/vendor/github.com/google/gnostic-models, /usr/share/licenses/trivy/vendor/github.com/aquasecurity/trivy-db, /usr/share/licenses/trivy/vendor/github.com/golang/groupcache, /usr/share/licenses/trivy/vendor/github.com/spf13/viper, /usr/share/licenses/trivy/vendor/google.golang.org/genproto/googleapis/rpc, /usr/share/licenses/trivy/vendor/golang.org/x/oauth2, /usr/share/licenses/trivy/vendor/github.com/stretchr, /usr/share/licenses/trivy/vendor/modernc.org/memory, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/feature/ec2, /usr/share/licenses/trivy/vendor/k8s.io/cli- runtime, /usr/share/licenses/trivy/vendor/github.com/Azure/go- autorest/autorest/date, /usr/share/licenses/trivy/vendor/github.com/Azure/go-autorest/tracing, /usr/share/licenses/trivy/vendor/github.com/hashicorp/go-version, /usr/share/licenses/trivy/vendor/github.com/bgentry/go-netrc, /usr/share/licenses/trivy/vendor/github.com/kevinburke/ssh_config, /usr/share/licenses/trivy/vendor/github.com/AdaLogics, /usr/share/licenses/trivy/vendor/github.com/lib, /usr/share/licenses/trivy/vendor/github.com/russross/blackfriday, /usr/share/licenses/trivy/vendor/github.com/apparentlymart, /usr/share/licenses/trivy/vendor/github.com/asaskevich, /usr/share/licenses/trivy/vendor/github.com/xeipuuv/gojsonreference, /usr/share/licenses/trivy/vendor/github.com/go-openapi/analysis, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/internal/checksum, /usr/share/licenses/trivy/vendor/github.com/go-openapi/jsonpointer, /usr/share/licenses/trivy/vendor/github.com/MakeNowJust/heredoc, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go/internal/sync/singleflight, /usr/share/licenses/trivy/vendor/github.com/yuin, /usr/share/licenses/trivy/vendor/github.com/prometheus/common/internal/bitbucket.org, /usr/share/licenses/trivy/vendor/github.com/go-git/gcfg, /usr/share/licenses/trivy/vendor/sigs.k8s.io/structured-merge-diff/v4, /usr/share/licenses/trivy/vendor/github.com/santhosh- tekuri/jsonschema/v5, /usr/share/licenses/trivy/vendor/github.com/openvex/go-vex, /usr/share/licenses/trivy/vendor/github.com/agext, /usr/share/licenses/trivy/vendor/k8s.io/component-base, /usr/share/licenses/trivy/vendor/github.com/go-redis, /usr/share/licenses/trivy/vendor/github.com/emicklei, /usr/share/licenses/trivy/vendor/github.com/aws/smithy- go/internal/sync, /usr/share/licenses/trivy/vendor/github.com/aws/aws- sdk-go-v2/service/dynamodb, /usr/share/licenses/trivy/vendor/github.com/google/licenseclassifier, /usr/share/licenses/trivy/vendor/k8s.io/utils, /usr/share/licenses/trivy/vendor/github.com/prometheus/common/internal/bitbucket.org/ww, /usr/share/licenses/trivy/vendor/github.com/masahiro331/go- ext4-filesystem, /usr/share/licenses/trivy/vendor/github.com/go- openapi/validate, /usr/share/licenses/trivy/vendor/github.com/hashicorp/go-getter, /usr/share/licenses/trivy/vendor/github.com/secure-systems-lab, /usr/share/licenses/trivy/vendor/github.com/alicebob, /usr/share/licenses/trivy/pkg/iac/scanners/helm/test/mysql/charts, /usr/share/licenses/trivy/vendor/gopkg.in/yaml.v2, /usr/share/licenses/trivy/vendor/github.com/cpuguy83, /usr/share/licenses/trivy/vendor/k8s.io/klog, /usr/share/licenses/trivy/vendor/github.com/goccy, /usr/share/licenses/trivy/vendor/github.com/Masterminds/semver/v3, /usr/share/licenses/trivy/vendor/github.com/hashicorp/hcl, /usr/share/licenses/trivy/vendor/github.com/sirupsen/logrus, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/ssooidc, /usr/share/licenses/trivy/vendor/github.com/go- git/go-git/v5, /usr/share/licenses/trivy/vendor/k8s.io/apimachinery/third_party/forked/golang, /usr/share/licenses/trivy/vendor/github.com/remyoudompheng, /usr/share/licenses/trivy/vendor/golang.org/x/mod, /usr/share/licenses/trivy/vendor/github.com/josharian/intern, /usr/share/licenses/trivy/vendor/lukechampine.com/uint128, /usr/share/licenses/trivy/vendor/github.com/anchore/go-struct- converter, /usr/share/licenses/trivy/vendor/github.com/go- openapi/runtime/middleware, /usr/share/licenses/trivy/vendor/github.com/apparentlymart/go-cidr, /usr/share/licenses/trivy/vendor/github.com/liggitt, /usr/share/licenses/trivy/vendor/k8s.io/utils/internal/third_party/forked, /usr/share/licenses/trivy/vendor/github.com/tetratelabs, /usr/share/licenses/trivy/vendor/modernc.org/mathutil, /usr/share/licenses/trivy/vendor/github.com/xanzy/ssh-agent, /usr/share/licenses/trivy/vendor/github.com/hashicorp/go-cleanhttp, /usr/share/licenses/trivy/vendor/golang.org/x/exp, /usr/share/licenses/trivy/pkg/iac/scanners, /usr/share/licenses/trivy/vendor/github.com/imdario, /usr/share/licenses/trivy/vendor/github.com/skeema/knownhosts, /usr/share/licenses/trivy/vendor/github.com/open-policy- agent/opa/internal, /usr/share/licenses/trivy/vendor/github.com/gorilla/mux, /usr/share/licenses/trivy/vendor/github.com/hashicorp/terraform-exec, /usr/share/licenses/trivy/vendor/github.com/apparentlymart/go-textseg, /usr/share/licenses/trivy/vendor/github.com/sosedoff/gitkit, /usr/share/licenses/trivy/vendor/google.golang.org/protobuf, /usr/share/licenses/trivy/vendor/github.com/gregjones, /usr/share/licenses/trivy/vendor/github.com/cespare/xxhash/v2, /usr/share/licenses/trivy/vendor/github.com/Masterminds/sprig, /usr/share/licenses/trivy/vendor/github.com/VividCortex, /usr/share/licenses/trivy/vendor/github.com/go-openapi/strfmt, /usr/share/licenses/trivy/vendor/github.com/prometheus/client_golang, /usr/share/licenses/trivy/vendor/github.com/mitchellh/reflectwalk, /usr/share/licenses/trivy/vendor/github.com/moby/sys/signal, /usr/share/licenses/trivy/vendor/sigs.k8s.io/kustomize/kyaml/internal/forked/github.com/go- yaml/yaml, /usr/share/licenses/trivy/vendor/oras.land/oras-go, /usr/share/licenses/trivy/vendor/github.com/gosuri/uitable/util/wordwrap, /usr/share/licenses/trivy/vendor/github.com/kylelemons/godebug, /usr/share/licenses/trivy/vendor/k8s.io/kube-openapi/pkg, /usr/share/licenses/trivy/vendor/golang.org/x/term, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/neptune, /usr/share/licenses/trivy/vendor/github.com/aquasecurity/go-gem- version, /usr/share/licenses/trivy/vendor/github.com/shibumi, /usr/share/licenses/trivy/vendor/github.com/cheggaaa/pb, /usr/share/licenses/trivy/vendor/github.com/googleapis/gax-go/v2, /usr/share/licenses/trivy/vendor/github.com/mitchellh, /usr/share/licenses/trivy/vendor/github.com/aquasecurity/trivy-java- db, /usr/share/licenses/trivy/vendor/golang.org/x/xerrors, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/elasticloadbalancingv2, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/workspaces, /usr/share/licenses/trivy/vendor/github.com/xlab, /usr/share/licenses/trivy/vendor/k8s.io/kubectl/pkg/util/i18n, /usr/share/licenses/trivy/vendor/github.com/go-openapi, /usr/share/licenses/trivy/vendor/github.com/dlclark/regexp2, /usr/share/licenses/trivy/vendor/github.com/hashicorp/go- retryablehttp, /usr/share/licenses/trivy/vendor/golang.org/x/text, /usr/share/licenses/trivy/vendor/modernc.org/libc/honnef.co/go/netdb, /usr/share/licenses/trivy/vendor/github.com/klauspost, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/s3, /usr/share/licenses/trivy/vendor/github.com/peterbourgon/diskv, /usr/share/licenses/trivy/vendor/github.com/Microsoft/hcsshim, /usr/share/licenses/trivy/vendor/modernc.org/cc/v3, /usr/share/licenses/trivy/vendor/gopkg.in/cheggaaa, /usr/share/licenses/trivy/vendor/github.com/mitchellh/copystructure, /usr/share/licenses/trivy/vendor/go.opencensus.io, /usr/share/licenses/trivy/vendor/sigs.k8s.io/yaml, /usr/share/licenses/trivy/vendor/github.com/go-openapi/jsonreference, /usr/share/licenses/trivy/vendor/github.com/exponent-io/jsonpath, /usr/share/licenses/trivy/vendor/github.com/mattn/go-shellwords, /usr/share/licenses/trivy/vendor/github.com/owenrumney, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk-go-v2/aws, /usr/share/licenses/trivy/vendor/gopkg.in/cheggaaa/pb.v1, /usr/share/licenses/trivy/vendor/github.com/hashicorp, /usr/share/licenses/trivy/vendor/golang.org/x/crypto, /usr/share/licenses/trivy/vendor/github.com/huandu, /usr/share/licenses/trivy/vendor/github.com/secure-systems-lab/go- securesystemslib, /usr/share/licenses/trivy/vendor/github.com/prometheus/client_model, /usr/share/licenses/trivy/vendor/github.com/gorilla, /usr/share/licenses/trivy/vendor/github.com/ProtonMail/go-crypto, /usr/share/licenses/trivy/vendor/go.opentelemetry.io/contrib/instrumentation/net/http, /usr/share/licenses/trivy/vendor/github.com/mattn, /usr/share/licenses/trivy/vendor/golang.org/x/sync, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/aws/protocol, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk-go, /usr/share/licenses/trivy/vendor/github.com/stretchr/testify, /usr/share/licenses/trivy/vendor/github.com/knqyf263, /usr/share/licenses/trivy/vendor/github.com/hashicorp/golang-lru, /usr/share/licenses/trivy/vendor/github.com/Azure/azure-sdk-for- go/sdk/internal, /usr/share/licenses/trivy/vendor/github.com/moby/sys/sequential, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/kinesis, /usr/share/licenses/trivy/vendor/sigs.k8s.io/kustomize/kyaml/internal, /usr/share/licenses/trivy/vendor/github.com/Masterminds, /usr/share/licenses/trivy/vendor/github.com/aquasecurity/table, /usr/share/licenses/trivy/vendor/github.com/dustin, /usr/share/licenses/trivy/vendor/github.com/mattn/go-colorable, /usr/share/licenses/trivy/vendor/github.com/prometheus, /usr/share/licenses/trivy/vendor/github.com/bgentry, /usr/share/licenses/trivy/vendor/github.com/gogo, /usr/share/licenses/trivy/vendor/github.com/xlab/treeprint, /usr/share/licenses/trivy/vendor/github.com/masahiro331/go-mvn- version, /usr/share/licenses/trivy/vendor/github.com/AdamKorcz, /usr/share/licenses/trivy/vendor/github.com/jbenet, /usr/share/licenses/trivy/vendor/cloud.google.com/go/compute/metadata, /usr/share/licenses/trivy/vendor/github.com/containerd/stargz- snapshotter, /usr/share/licenses/trivy/vendor/github.com/skeema, /usr/share/licenses/trivy/vendor/modernc.org/cc, /usr/share/licenses/trivy/vendor/github.com/golang/protobuf, /usr/share/licenses/trivy/vendor/github.com/inconshreveable/mousetrap, /usr/share/licenses/trivy/vendor/github.com/prometheus/procfs, /usr/share/licenses/trivy/vendor/helm.sh, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/internal/s3shared, /usr/share/licenses/trivy/vendor/k8s.io/klog/v2, /usr/share/licenses/trivy/vendor/github.com/bitnami/go-version, /usr/share/licenses/trivy/vendor/github.com/hashicorp/go-multierror, /usr/share/licenses/trivy/vendor/github.com/docker/docker, /usr/share/licenses/trivy/vendor/github.com/AzureAD/microsoft- authentication-library-for-go, /usr/share/licenses/trivy/vendor/github.com/pjbgf/sha1cd, /usr/share/licenses/trivy/vendor/sigs.k8s.io, /usr/share/licenses/trivy/vendor/github.com/in-toto, /usr/share/licenses/trivy/vendor/github.com/open-policy- agent/opa/internal/edittree, /usr/share/licenses/trivy/vendor/golang.org, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/sqs, /usr/share/licenses/trivy/vendor/github.com/Microsoft/go-winio, /usr/share/licenses/trivy/vendor/github.com/spf13/pflag, /usr/share/licenses/trivy/vendor/cloud.google.com/go/storage, /usr/share/licenses/trivy/vendor/github.com/xanzy, /usr/share/licenses/trivy/vendor/github.com/google/shlex, /usr/share/licenses/trivy/vendor/github.com/google/wire, /usr/share/licenses/trivy/vendor/github.com/asaskevich/govalidator, /usr/share/licenses/trivy/vendor/github.com/gregjones/httpcache, /usr/share/licenses/trivy/vendor/github.com/AdaLogics/go-fuzz-headers, /usr/share/licenses/trivy/vendor/github.com/googleapis/gax-go, /usr/share/licenses/trivy/vendor/gopkg.in/inf.v0, /usr/share/licenses/trivy/vendor/github.com/masahiro331, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/internal/sync, /usr/share/licenses/trivy/vendor/github.com/emicklei/go-restful, /usr/share/licenses/trivy/vendor/github.com/santhosh-tekuri, /usr/share/licenses/trivy/vendor/github.com/aquasecurity/trivy- kubernetes, /usr/share/licenses/trivy/vendor/github.com/google/go- containerregistry, /usr/share/licenses/trivy/vendor/github.com/aquasecurity/go-version, /usr/share/licenses/trivy/vendor/github.com/opentracing/opentracing- go, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go/internal/sync, /usr/share/licenses/trivy/vendor/go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc, /usr/share/licenses/trivy/vendor/github.com/google/gofuzz, /usr/share/licenses/trivy/vendor/github.com/containerd/continuity, /usr/share/licenses/trivy/vendor/github.com/Microsoft, /usr/share/licenses/trivy/vendor/github.com/open-policy- agent/opa/internal/edittree/bitvector, /usr/share/licenses/trivy/vendor/github.com/sourcegraph/conc, /usr/share/licenses/trivy/vendor/github.com/Intevation/jsonpath, /usr/share/licenses/trivy/vendor/github.com/MakeNowJust, /usr/share/licenses/trivy/vendor/go.mongodb.org, /usr/share/licenses/trivy/vendor/github.com/bitnami, /usr/share/licenses/trivy/vendor/github.com/spf13/cast, /usr/share/licenses/trivy/vendor/cloud.google.com/go/internal, /usr/share/licenses/trivy/vendor/google.golang.org/appengine, /usr/share/licenses/trivy/vendor/github.com/mattn/go-isatty, /usr/share/licenses/trivy/vendor/k8s.io/kube- openapi/pkg/internal/third_party/go-json-experiment/json, /usr/share/licenses/trivy/vendor/sigs.k8s.io/kustomize/kyaml/internal/forked/github.com/qri- io, /usr/share/licenses/trivy/vendor/github.com/munnerz, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/internal/endpoints, /usr/share/licenses/trivy/vendor/github.com/peterbourgon, /usr/share/licenses/trivy/vendor/github.com/rubenv/sql- migrate/sqlparse, /usr/share/licenses/trivy/vendor/modernc.org/libc/honnef.co/go, /usr/share/licenses/trivy/vendor/k8s.io/apimachinery/third_party/forked, /usr/share/licenses/trivy/vendor/github.com/spdx/tools-golang, /usr/share/licenses/trivy/vendor/github.com/package-url/packageurl-go, /usr/share/licenses/trivy/vendor/github.com/yashtewari/glob- intersection, /usr/share/licenses/trivy/vendor/go.etcd.io/bbolt, /usr/share/licenses/trivy/vendor/github.com/hashicorp/go-safetemp, /usr/share/licenses/trivy/vendor/go.opentelemetry.io/otel/sdk, /usr/share/licenses/trivy/vendor/github.com/goccy/go-yaml, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk-go-v2/service, /usr/share/licenses/trivy/vendor/github.com/briandowns/spinner, /usr/share/licenses/trivy/vendor/github.com/lann/builder, /usr/share/licenses/trivy/vendor/cloud.google.com/go/iam, /usr/share/licenses/trivy/vendor, /usr/share/licenses/trivy/vendor/github.com/BurntSushi, /usr/share/licenses/trivy/vendor/github.com/aquasecurity/testdocker, /usr/share/licenses/trivy/vendor/github.com/containerd/containerd, /usr/share/licenses/trivy/vendor/github.com/mxk/go-flowrate, /usr/share/licenses/trivy/vendor/github.com/open-policy- agent/opa/internal/gojsonschema, /usr/share/licenses/trivy/vendor/github.com/fatih, /usr/share/licenses/trivy/vendor/github.com/chai2010, /usr/share/licenses/trivy/vendor/github.com/pmezard/go-difflib, /usr/share/licenses/trivy/vendor/dario.cat, /usr/share/licenses/trivy/vendor/github.com/lann, /usr/share/licenses/trivy/vendor/github.com/emirpasic/gods, /usr/share/licenses/trivy/vendor/github.com/mailru/easyjson, /usr/share/licenses/trivy/vendor/helm.sh/helm, /usr/share/licenses/trivy/pkg/iac/scanners/helm/test, /usr/share/licenses/trivy/vendor/github.com/jmespath/go-jmespath, /usr/share/licenses/trivy/vendor/github.com/google/go-cmp, /usr/share/licenses/trivy/vendor/github.com/magefile, /usr/share/licenses/trivy/vendor/go.opentelemetry.io/otel/trace, /usr/share/licenses/trivy/vendor/github.com/Azure/go-ansiterm, /usr/share/licenses/trivy/vendor/github.com/opencontainers/image-spec, /usr/share/licenses/trivy/vendor/k8s.io/api, /usr/share/licenses/trivy/vendor/golang.org/x/tools, /usr/share/licenses/trivy/vendor/github.com/cespare/xxhash, /usr/share/licenses/trivy/vendor/github.com/monochromegane, /usr/share/licenses/trivy/vendor/modernc.org/ccgo, /usr/share/licenses/trivy/pkg/iac/scanners/helm/test/mysql/charts/common, /usr/share/licenses/trivy/vendor/sigs.k8s.io/kustomize/kyaml, /usr/share/licenses/trivy/vendor/github.com/santhosh- tekuri/jsonschema, /usr/share/licenses/trivy/vendor/github.com/Azure/azure-sdk-for-go, /usr/share/licenses/trivy/vendor/github.com/google, /usr/share/licenses/trivy/vendor/github.com/moby/locker, /usr/share/licenses/trivy/vendor/github.com/liamg, /usr/share/licenses/trivy/vendor/k8s.io/utils/internal, /usr/share/licenses/trivy/vendor/github.com/google/btree, /usr/share/licenses/trivy/vendor/github.com/aquasecurity/trivy-aws, /usr/share/licenses/trivy/vendor/github.com/google/uuid, /usr/share/licenses/trivy/vendor/k8s.io/utils/internal/third_party/forked/golang, /usr/share/licenses/trivy/vendor/github.com/magiconair, /usr/share/licenses/trivy/vendor/github.com/dustin/go-humanize, /usr/share/licenses/trivy/vendor/github.com/knqyf263/go-apk-version, /usr/share/licenses/trivy/vendor/github.com/sirupsen, /usr/share/licenses/trivy/vendor/github.com/yashtewari, /usr/share/licenses/trivy/vendor/github.com/sagikazarmark, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/cloudwatch, /usr/share/licenses/trivy/vendor/github.com/go-openapi/errors, /usr/share/licenses/trivy/vendor/github.com/cheggaaa, /usr/share/licenses/trivy/vendor/github.com/bmatcuk/doublestar, /usr/share/licenses/trivy/vendor/github.com/tchap/go-patricia, /usr/share/licenses/trivy/vendor/github.com/google/licenseclassifier/v2, /usr/share/licenses/trivy/vendor/modernc.org, /usr/share/licenses/trivy/vendor/google.golang.org/api, /usr/share/licenses/trivy/vendor/github.com/pkg/browser, /usr/share/licenses/trivy/vendor/github.com/jmespath, /usr/share/licenses/trivy/vendor/google.golang.org/api/internal/third_party/uritemplates, /usr/share/licenses/trivy/vendor/go.opentelemetry.io/contrib/instrumentation/google.golang.org, /usr/share/licenses/trivy/vendor/go.opentelemetry.io/otel/metric, /usr/share/licenses/trivy/vendor/k8s.io/apiextensions-apiserver, /usr/share/licenses/trivy/vendor/github.com/zclconf/go-cty, /usr/share/licenses/trivy/vendor/github.com/cloudflare/circl, /usr/share/licenses/trivy/vendor/github.com/olekukonko/tablewriter, /usr/share/licenses/trivy/vendor/github.com/open-policy- agent/opa/internal/providers, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/ecr, /usr/share/licenses/trivy/vendor/github.com/open- policy-agent/opa/internal/jwx, /usr/share/licenses/trivy/vendor/modernc.org/libc, /usr/share/licenses/trivy/vendor/github.com/rubenv, /usr/share/licenses/trivy/vendor/github.com/spf13, /usr/share/licenses/trivy/vendor/github.com/go-errors, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/internal/endpoint-discovery, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk-go-v2, /usr/share/licenses/trivy/vendor/go.mongodb.org/mongo-driver, /usr/share/licenses/trivy/vendor/github.com/pelletier/go-toml, /usr/share/licenses/trivy/vendor/github.com/aquasecurity/go- pep440-version, /usr/share/licenses/trivy/vendor/github.com/aws/aws- sdk-go-v2/service/athena, /usr/share/licenses/trivy/vendor/github.com/modern-go/reflect2, /usr/share/licenses/trivy/vendor/go.uber.org/multierr, /usr/share/licenses/trivy/vendor/github.com/docker/go-connections, /usr/share/licenses/trivy/vendor/github.com/NYTimes/gziphandler, /usr/share/licenses/trivy/vendor/github.com/go-gorp, /usr/share/licenses/trivy/vendor/github.com/owenrumney/squealer, /usr/share/licenses/trivy/pkg/iac/scanners/helm/test/mysql, /usr/share/licenses/trivy/vendor/github.com/CycloneDX, /usr/share/licenses/trivy/vendor/k8s.io/utils/internal/third_party, /usr/share/licenses/trivy/vendor/sigs.k8s.io/structured-merge-diff, /usr/share/licenses/trivy/vendor/github.com/Intevation/gval, /usr/share/licenses/trivy/vendor/github.com/davecgh, /usr/share/licenses/trivy/vendor/github.com/go-gorp/gorp/v3, /usr/share/licenses/trivy/vendor/github.com/kballard/go-shellquote, /usr/share/licenses/trivy/vendor/github.com/fatih/color, /usr/share/licenses/trivy/vendor/github.com/samber, /usr/share/licenses/trivy/vendor/github.com/open-policy- agent/opa/internal/gqlparser, /usr/share/licenses/trivy/vendor/github.com/aquasecurity/trivy- policies, /usr/share/licenses/trivy/vendor/github.com/Azure/azure-sdk- for-go/sdk/azidentity, /usr/share/licenses/trivy/vendor/github.com/xeipuuv/gojsonschema, /usr/share/licenses/trivy/vendor/github.com/moby/patternmatcher, /usr/share/licenses/trivy/vendor/github.com/json-iterator/go, /usr/share/licenses/trivy/vendor/k8s.io/kubectl/pkg, /usr/share/licenses/trivy/vendor/sigs.k8s.io/kustomize/kyaml/internal/forked/github.com/qri- io/starlib/util, /usr/share/licenses/trivy/vendor/k8s.io/apiserver, /usr/share/licenses/trivy/vendor/github.com/moby/term, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/mq, /usr/share/licenses/trivy/vendor/github.com/masahiro331/go-vmdk- parser, /usr/share/licenses/trivy/vendor/github.com/Azure/go- autorest/autorest/adal, /usr/share/licenses/trivy/vendor/github.com/josharian, /usr/share/licenses/trivy/vendor/github.com/rivo, /usr/share/licenses/trivy/vendor/github.com/zclconf/go-cty-yaml, /usr/share/licenses/trivy/vendor/github.com/dgryski/go-rendezvous, /usr/share/licenses/trivy/vendor/github.com/owenrumney/go-sarif/v2, /usr/share/licenses/trivy/vendor/github.com/liamg/memoryfs, /usr/share/licenses/trivy/vendor/github.com/modern-go/concurrent, /usr/share/licenses/trivy/vendor/github.com/opentracing, /usr/share/licenses/trivy/vendor/github.com/testcontainers/testcontainers- go/modules/localstack, /usr/share/licenses/trivy/vendor/github.com/BurntSushi/toml, /usr/share/licenses/trivy/vendor/github.com/go-errors/errors, /usr/share/licenses/trivy/vendor/github.com/alicebob/miniredis/v2/fpconv, /usr/share/licenses/trivy/vendor/github.com/containerd/cgroups, /usr/share/licenses/trivy/vendor/github.com/gofrs/uuid, /usr/share/licenses/trivy/vendor/github.com/csaf- poc/csaf_distribution/v3, /usr/share/licenses/trivy/vendor/github.com/googleapis, /usr/share/licenses/trivy/vendor/github.com/mitchellh/hashstructure/v2, /usr/share/licenses/trivy/vendor/go.starlark.net, /usr/share/licenses/trivy/vendor/github.com/bmatcuk/doublestar/v4, /usr/share/licenses/trivy/vendor/k8s.io/kubectl, /usr/share/licenses/trivy/vendor/github.com/xeipuuv/gojsonpointer, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/internal/v4a, /usr/share/licenses/trivy/vendor/lukechampine.com, /usr/share/licenses/trivy/vendor/k8s.io/kube-openapi, /usr/share/licenses/trivy/vendor/gopkg.in, /usr/share/licenses/trivy/vendor/github.com/GoogleCloudPlatform, /usr/share/licenses/trivy/vendor/github.com/microsoft/go-rustaudit, /usr/share/licenses/trivy/vendor/github.com/docker/go-events, /usr/share/licenses/trivy/vendor/github.com/mattn/go-runewidth, /usr/share/licenses/trivy/vendor/github.com/gobwas/glob, /usr/share/licenses/trivy/vendor/github.com/go-ini, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/docdb, /usr/share/licenses/trivy/vendor/github.com, /usr/share/licenses/trivy/vendor/github.com/csaf-poc, /usr/share/licenses/trivy/vendor/github.com/docker, /usr/share/licenses/trivy/vendor/github.com/Masterminds/sprig/v3, /usr/share/licenses/trivy/vendor/github.com/agnivade, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/secretsmanager, /usr/share/licenses/trivy/vendor/github.com/opencontainers/runtime- spec, /usr/share/licenses/trivy/vendor/go.uber.org/zap, /usr/share/licenses/trivy/vendor/github.com/yuin/gopher-lua, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/elasticache, /usr/share/licenses/trivy/vendor/k8s.io/kube- openapi/pkg/internal/third_party, /usr/share/licenses/trivy/vendor/github.com/ulikunitz, /usr/share/licenses/trivy/vendor/github.com/go-openapi/swag, /usr/share/licenses/trivy/vendor/github.com/emicklei/go-restful/v3, /usr/share/licenses/trivy/vendor/cloud.google.com/go, /usr/share/licenses/trivy/vendor/github.com/tetratelabs/wazero, /usr/share/licenses/trivy/vendor/github.com/aquasecurity/loading, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/ec2, /usr/share/licenses/trivy/vendor/github.com/gosuri, /usr/share/licenses/trivy/vendor/github.com/google/s2a-go, /usr/share/licenses/trivy/vendor/github.com/pjbgf, /usr/share/licenses/trivy/vendor/github.com/monochromegane/go- gitignore, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/credentials, /usr/share/licenses/trivy/vendor/github.com/VividCortex/ewma, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/aws/protocol/eventstream, /usr/share/licenses/trivy/vendor/github.com/go-git, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/iam, /usr/share/licenses/trivy/vendor/github.com/oklog/ulid, /usr/share/licenses/trivy/vendor/modernc.org/opt, /usr/share/licenses/trivy/vendor/github.com/felixge, /usr/share/licenses/trivy/vendor/sigs.k8s.io/kustomize/kyaml/internal/forked/github.com/qri- io/starlib, /usr/share/licenses/trivy/vendor/go.opentelemetry.io/otel, /usr/share/licenses/trivy/vendor/github.com/Azure/go- autorest/autorest, /usr/share/licenses/trivy/vendor/github.com/gorilla/websocket, /usr/share/licenses/trivy/vendor/github.com/lib/pq, /usr/share/licenses/trivy/vendor/github.com/inconshreveable, /usr/share/licenses/trivy/vendor/github.com/morikuni, /usr/share/licenses/trivy/vendor/github.com/alicebob/miniredis/v2, /usr/share/licenses/trivy/vendor/github.com/testcontainers/testcontainers- go, /usr/share/licenses/trivy/vendor/github.com/alecthomas, /usr/share/licenses/trivy/vendor/github.com/csaf- poc/csaf_distribution, /usr/share/licenses/trivy/vendor/github.com/testcontainers/testcontainers- go/modules, /usr/share/licenses/trivy/vendor/github.com/Azure/go- autorest, /usr/share/licenses/trivy/vendor/github.com/klauspost/compress/zstd/internal, /usr/share/licenses/trivy/vendor/github.com/AdamKorcz/go-118-fuzz- build, /usr/share/licenses/trivy/vendor/github.com/Masterminds/squirrel, /usr/share/licenses/trivy/vendor/github.com/gofrs, /usr/share/licenses/trivy/vendor/github.com/twitchtv, /usr/share/licenses/trivy/vendor/go.opentelemetry.io/contrib/instrumentation/net, /usr/share/licenses/trivy/vendor/github.com/containerd/stargz- snapshotter/estargz, /usr/share/licenses/trivy/vendor/github.com/go- openapi/runtime, /usr/share/licenses/trivy/vendor/golang.org/x/sys, /usr/share/licenses/trivy/vendor/github.com/go-logr/stdr, /usr/share/licenses/trivy/vendor/github.com/rubenv/sql-migrate, /usr/share/licenses/trivy/vendor/github.com/agext/levenshtein, /usr/share/licenses/trivy/vendor/github.com/cheggaaa/pb/v3, /usr/share/licenses/trivy/vendor/github.com/opencontainers/selinux, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/ebs, /usr/share/licenses/trivy/vendor/github.com/knqyf263/nested, /usr/share/licenses/trivy/vendor/github.com/lunixbochs, /usr/share/licenses/trivy/vendor/github.com/alicebob/gopher-json, /usr/share/licenses/trivy/vendor/golang.org/x/net, /usr/share/licenses/trivy/vendor/github.com/go-logr, /usr/share/licenses/trivy/vendor/github.com/go-redis/redis, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/service/sts, /usr/share/licenses/trivy/vendor/github.com/liamg/iamgo, /usr/share/licenses/trivy/vendor/github.com/go-git/go-git, /usr/share/licenses/trivy/vendor/github.com/NYTimes, /usr/share/licenses/trivy/vendor/github.com/open-policy-agent/opa, /usr/share/licenses/trivy/vendor/github.com/aquasecurity/go-npm- version, /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk- go-v2/config, /usr/share/licenses/trivy/vendor/github.com/sagikazarmark/locafero, /usr/share/licenses/trivy/vendor/github.com/sigstore, /usr/share/licenses/trivy/vendor/github.com/go-ini/ini, /usr/share/licenses/trivy/vendor/go.opentelemetry.io/contrib/instrumentation, /usr/share/licenses/trivy/vendor/github.com/aws, /usr/share/licenses/trivy/vendor/github.com/package-url, /usr/share/licenses/trivy/vendor/github.com/masahiro331/go-ebs-file, /usr/share/licenses/trivy/vendor/github.com/quasilyte, /usr/share/licenses/trivy/vendor/github.com/containerd/typeurl/v2, /usr/share/licenses/trivy/vendor/github.com/jmoiron, /usr/share/licenses/trivy/vendor/github.com/knqyf263/go-rpm-version, /usr/share/licenses/trivy/vendor/gopkg.in/warnings.v0, /usr/share/licenses/trivy/vendor/github.com/moby/sys, /usr/share/licenses/trivy/vendor/github.com/fsnotify/fsnotify, /usr/share/licenses/trivy/vendor/github.com/mitchellh/go-testing- interface, /usr/share/licenses/trivy/vendor/github.com/containerd/ttrpc, /usr/share/licenses/trivy/vendor/github.com/go-gorp/gorp, /usr/share/licenses/trivy/vendor/golang.org/x/time [x]: %build honors applicable compiler flags or justifies otherwise. [!]: Package contains no bundled libraries without FPC exception. Note: Especially check following dirs for bundled code: /home/jamesjer/2272258-trivy/upstream- unpacked/Source1/vendor/sigs.k8s.io/kustomize/kyaml/ext, /home/jamesjer/2272258-trivy/upstream- unpacked/Source1/vendor/k8s.io/client-go/third_party, /home/jamesjer/2272258-trivy/upstream- unpacked/Source1/vendor/k8s.io/apimachinery/third_party, /home/jamesjer/2272258-trivy/upstream- unpacked/Source1/vendor/google.golang.org/api/internal/third_party, /home/jamesjer/2272258-trivy/upstream- unpacked/Source1/vendor/github.com/opentracing/opentracing-go/ext, /home/jamesjer/2272258-trivy/upstream- unpacked/Source1/vendor/k8s.io/utils/internal/third_party, /home/jamesjer/2272258-trivy/upstream- unpacked/Source1/vendor/helm.sh/helm/v3/internal/third_party, /home/jamesjer/2272258-trivy/upstream- unpacked/Source1/vendor/k8s.io/kube-openapi/pkg/internal/third_party, /home/jamesjer/2272258-trivy/upstream- unpacked/Source1/vendor/github.com/hashicorp/hcl/v2/ext [x]: Changelog in prescribed format. [x]: Sources contain only permissible code or content. [-]: Package contains desktop file if it is a GUI application. [-]: Development files must be in a -devel package [x]: Package uses nothing in %doc for runtime. [x]: Package consistently uses macros (instead of hard-coded directory names). [x]: Package is named according to the Package Naming Guidelines. [x]: Package does not generate any conflict. [x]: Package obeys FHS, except libexecdir and /usr/target. [-]: If the package is a rename of another package, proper Obsoletes and Provides are present. [x]: Requires correct, justified where necessary. [x]: Spec file is legible and written in American English. [-]: Package contains systemd file(s) if in need. [x]: Useful -debuginfo package or justification otherwise. [x]: Package is not known to require an ExcludeArch tag. [x]: Package complies to the Packaging Guidelines [x]: Package successfully compiles and builds into binary rpms on at least one supported primary architecture. [x]: Package installs properly. [x]: Rpmlint is run on all rpms the build produces. Note: There are rpmlint messages (see attachment). [x]: The License field must be a valid SPDX expression. [x]: Package does not own files or directories owned by other packages. [x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install. [x]: Macros in Summary, %description expandable at SRPM build time. [x]: Dist tag is present. [x]: Package does not contain duplicates in %files. [x]: Permissions on files are set properly. [x]: Package must not depend on deprecated() packages. [x]: Package use %makeinstall only when make install DESTDIR=... doesn't work. [x]: Package is named using only allowed ASCII characters. [x]: Package does not use a name that already exists. [x]: Package is not relocatable. [x]: Sources used to build the package match the upstream source, as provided in the spec URL. [x]: Spec file name must match the spec package %{name}, in the format %{name}.spec. [x]: File names are valid UTF-8. [x]: Large documentation must go in a -doc subpackage. Large could be size (~1MB) or number of files. Note: Documentation size is 6382 bytes in 3 files. [x]: Packages must not store files under /srv, /opt or /usr/local ===== SHOULD items ===== Generic: [-]: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. [x]: Final provides and requires are sane (see attachments). [?]: Package functions as described. [!]: Latest version is packaged. [x]: Package does not include license text files separate from upstream. [x]: SourceX tarball generation or download is documented. Note: Package contains tarball without URL, check comments [-]: Sources are verified with gpgverify first in %prep if upstream publishes signatures. Note: gpgverify is not used. [x]: %check is present and all tests pass. [x]: Packages should try to preserve timestamps of original installed files. [x]: Reviewer should test that the package builds in mock. [x]: Buildroot is not present [x]: Package has no %clean section with rm -rf %{buildroot} (or $RPM_BUILD_ROOT) [x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. [x]: Fully versioned dependency in subpackages if applicable. [x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file [x]: SourceX is a working URL. [x]: Package should compile and build into binary rpms on all supported architectures. [x]: Spec use %global instead of %define unless justified. ===== EXTRA items ===== Generic: [x]: Large data in /usr/share should live in a noarch subpackage if package is arched. Note: Arch-ed rpms have a total of 4454400 bytes in /usr/share These are the licenses for the vendored packages. [x]: Rpmlint is run on debuginfo package(s). Note: No rpmlint messages. [x]: Rpmlint is run on all installed packages. Note: There are rpmlint messages (see attachment). [x]: Spec file according to URL is the same as in SRPM.
Rpmlint ------- Checking: trivy-0.50.0-1.fc41.x86_64.rpm trivy-debuginfo-0.50.0-1.fc41.x86_64.rpm trivy-debugsource-0.50.0-1.fc41.x86_64.rpm trivy-0.50.0-1.fc41.src.rpm ================================================ rpmlint session starts ================================================ rpmlint: 2.5.0 configuration: /usr/lib/python3.12/site-packages/rpmlint/configdefaults.toml /etc/xdg/rpmlint/fedora-legacy-licenses.toml /etc/xdg/rpmlint/fedora-spdx-licenses.toml /etc/xdg/rpmlint/fedora.toml /etc/xdg/rpmlint/scoring.toml /etc/xdg/rpmlint/users-groups.toml /etc/xdg/rpmlint/warn-on-functions.toml rpmlintrc: [PosixPath('/tmp/tmphxa68sdv')] checks: 32, packages: 4 trivy.src: E: spelling-error ('misconfigurations', '%description -l en_US misconfigurations -> configurations, reconfiguration, configuration') trivy.x86_64: E: spelling-error ('misconfigurations', '%description -l en_US misconfigurations -> configurations, reconfiguration, configuration') trivy.x86_64: E: readelf-failed /usr/bin/trivy 'utf-8' codec can't decode byte 0xc2 in position 10956: invalid continuation byte trivy.x86_64: E: non-executable-script /usr/share/licenses/trivy/vendor/cloud.google.com/go/internal/version/update_version.sh 644 /bin/bash trivy.x86_64: E: non-executable-script /usr/share/licenses/trivy/vendor/cloud.google.com/go/storage/emulator_test.sh 644 /bin/bash trivy.x86_64: E: non-executable-script /usr/share/licenses/trivy/vendor/github.com/go-git/go-git/v5/oss-fuzz.sh 644 /bin/bash -eu trivy.x86_64: E: non-executable-script /usr/share/licenses/trivy/vendor/go.opentelemetry.io/otel/get_main_pkgs.sh 644 /usr/bin/env bash trivy.x86_64: E: non-executable-script /usr/share/licenses/trivy/vendor/go.opentelemetry.io/otel/verify_examples.sh 644 /bin/bash trivy.x86_64: E: non-executable-script /usr/share/licenses/trivy/vendor/google.golang.org/grpc/regenerate.sh 644 /bin/bash trivy.x86_64: E: non-executable-script /usr/share/licenses/trivy/vendor/k8s.io/kubectl/pkg/util/i18n/translations/extract.py 644 /usr/bin/env python3 trivy.x86_64: W: no-manual-page-for-binary trivy trivy.spec: W: invalid-url Source1: trivy-0.50.0-vendor.tar.xz trivy.spec: W: invalid-url Source0: //github.com/aquasecurity/trivy/archive/v0.50.0/trivy-0.50.0.tar.gz trivy.x86_64: E: files-duplicated-waste 2071566 trivy-debugsource.x86_64: E: files-duplicated-waste 794638 trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/go.opentelemetry.io/otel/trace/LICENSE /usr/share/licenses/trivy/LICENSE:/usr/share/licenses/trivy/vendor/github.com/AdaLogics/go-fuzz-headers/LICENSE:/usr/share/licenses/trivy/vendor/github.com/AdamKorcz/go-118-fuzz-build/LICENSE:/usr/share/licenses/trivy/vendor/github.com/GoogleCloudPlatform/docker-credential-gcr/LICENSE:/usr/share/licenses/trivy/vendor/github.com/agext/levenshtein/LICENSE:(and 33 more) trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/k8s.io/utils/LICENSE /usr/share/licenses/trivy/vendor/cloud.google.com/go/LICENSE:/usr/share/licenses/trivy/vendor/cloud.google.com/go/compute/LICENSE:/usr/share/licenses/trivy/vendor/cloud.google.com/go/compute/metadata/LICENSE:/usr/share/licenses/trivy/vendor/cloud.google.com/go/iam/LICENSE:/usr/share/licenses/trivy/vendor/cloud.google.com/go/storage/LICENSE:(and 96 more) trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/github.com/imdario/mergo/LICENSE /usr/share/licenses/trivy/vendor/dario.cat/mergo/LICENSE trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/github.com/Azure/azure-sdk-for-go/sdk/internal/LICENSE.txt /usr/share/licenses/trivy/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/LICENSE.txt:/usr/share/licenses/trivy/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/LICENSE.txt trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/github.com/Azure/go-autorest/tracing/LICENSE /usr/share/licenses/trivy/vendor/github.com/Azure/go-autorest/LICENSE:/usr/share/licenses/trivy/vendor/github.com/Azure/go-autorest/autorest/LICENSE:/usr/share/licenses/trivy/vendor/github.com/Azure/go-autorest/autorest/adal/LICENSE:/usr/share/licenses/trivy/vendor/github.com/Azure/go-autorest/autorest/date/LICENSE:/usr/share/licenses/trivy/vendor/github.com/Azure/go-autorest/logger/LICENSE trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/github.com/Intevation/jsonpath/LICENSE /usr/share/licenses/trivy/vendor/github.com/Intevation/gval/LICENSE trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/AUTHORS /usr/share/licenses/trivy/vendor/github.com/ProtonMail/go-crypto/AUTHORS trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/modernc.org/token/LICENSE /usr/share/licenses/trivy/vendor/github.com/ProtonMail/go-crypto/LICENSE:/usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk-go/internal/sync/singleflight/LICENSE:/usr/share/licenses/trivy/vendor/github.com/liggitt/tabwriter/LICENSE:/usr/share/licenses/trivy/vendor/github.com/sagikazarmark/slog-shim/LICENSE:/usr/share/licenses/trivy/vendor/golang.org/x/crypto/LICENSE:(and 12 more) trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/github.com/antchfx/xpath/LICENSE /usr/share/licenses/trivy/vendor/github.com/antchfx/htmlquery/LICENSE trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk-go/NOTICE.txt /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk-go-v2/NOTICE.txt trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/github.com/aws/smithy-go/internal/sync/singleflight/LICENSE /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk-go-v2/internal/sync/singleflight/LICENSE trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/github.com/cenkalti/backoff/v4/LICENSE /usr/share/licenses/trivy/vendor/github.com/cenkalti/backoff/LICENSE trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/github.com/klauspost/compress/zstd/internal/xxhash/LICENSE.txt /usr/share/licenses/trivy/vendor/github.com/cespare/xxhash/v2/LICENSE.txt trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/gopkg.in/cheggaaa/pb.v1/LICENSE /usr/share/licenses/trivy/vendor/github.com/cheggaaa/pb/v3/LICENSE trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/github.com/containerd/typeurl/v2/LICENSE /usr/share/licenses/trivy/vendor/github.com/containerd/containerd/LICENSE:/usr/share/licenses/trivy/vendor/github.com/containerd/continuity/LICENSE:/usr/share/licenses/trivy/vendor/github.com/containerd/log/LICENSE trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/github.com/docker/go-metrics/NOTICE /usr/share/licenses/trivy/vendor/github.com/containerd/containerd/NOTICE trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/github.com/docker/distribution/LICENSE /usr/share/licenses/trivy/vendor/github.com/distribution/reference/LICENSE trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/github.com/docker/docker/NOTICE /usr/share/licenses/trivy/vendor/github.com/docker/cli/NOTICE trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/github.com/moby/term/LICENSE /usr/share/licenses/trivy/vendor/github.com/docker/docker/LICENSE:/usr/share/licenses/trivy/vendor/github.com/moby/patternmatcher/LICENSE trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/github.com/docker/go-units/LICENSE /usr/share/licenses/trivy/vendor/github.com/docker/go-connections/LICENSE trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/gopkg.in/inf.v0/LICENSE /usr/share/licenses/trivy/vendor/github.com/go-git/gcfg/LICENSE trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/gopkg.in/ini.v1/LICENSE /usr/share/licenses/trivy/vendor/github.com/go-ini/ini/LICENSE trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/sigs.k8s.io/yaml/goyaml.v2/LICENSE /usr/share/licenses/trivy/vendor/github.com/go-logr/logr/LICENSE:/usr/share/licenses/trivy/vendor/github.com/masahiro331/go-ext4-filesystem/LICENSE:/usr/share/licenses/trivy/vendor/github.com/masahiro331/go-vmdk-parser/LICENSE:/usr/share/licenses/trivy/vendor/github.com/masahiro331/go-xfs-filesystem/LICENSE:/usr/share/licenses/trivy/vendor/github.com/opencontainers/selinux/LICENSE:(and 8 more) trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/github.com/golang-jwt/jwt/v5/LICENSE /usr/share/licenses/trivy/vendor/github.com/golang-jwt/jwt/LICENSE:/usr/share/licenses/trivy/vendor/github.com/golang-jwt/jwt/v4/LICENSE trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/k8s.io/klog/v2/LICENSE /usr/share/licenses/trivy/vendor/github.com/golang/groupcache/LICENSE trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/go.opencensus.io/LICENSE /usr/share/licenses/trivy/vendor/github.com/google/go-containerregistry/LICENSE trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/github.com/mitchellh/go-wordwrap/LICENSE.md /usr/share/licenses/trivy/vendor/github.com/gosuri/uitable/util/wordwrap/LICENSE.md:/usr/share/licenses/trivy/vendor/github.com/mitchellh/copystructure/LICENSE trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/github.com/hashicorp/hcl/LICENSE /usr/share/licenses/trivy/vendor/github.com/hashicorp/errwrap/LICENSE:/usr/share/licenses/trivy/vendor/github.com/hashicorp/go-version/LICENSE trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/github.com/hashicorp/golang-lru/v2/LICENSE /usr/share/licenses/trivy/vendor/github.com/hashicorp/golang-lru/LICENSE trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/github.com/hashicorp/terraform-exec/LICENSE /usr/share/licenses/trivy/vendor/github.com/hashicorp/hc-install/LICENSE trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/github.com/knqyf263/go-rpm-version/LICENSE /usr/share/licenses/trivy/vendor/github.com/knqyf263/go-deb-version/LICENSE trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/github.com/knqyf263/nested/LICENSE /usr/share/licenses/trivy/vendor/github.com/knqyf263/go-rpmdb/LICENSE trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/github.com/liamg/memoryfs/LICENSE /usr/share/licenses/trivy/vendor/github.com/liamg/iamgo/LICENSE:/usr/share/licenses/trivy/vendor/github.com/liamg/jfather/LICENSE trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/github.com/mattn/go-runewidth/LICENSE /usr/share/licenses/trivy/vendor/github.com/mattn/go-colorable/LICENSE trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/github.com/mitchellh/reflectwalk/LICENSE /usr/share/licenses/trivy/vendor/github.com/mitchellh/go-homedir/LICENSE:/usr/share/licenses/trivy/vendor/github.com/mitchellh/mapstructure/LICENSE trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/github.com/mitchellh/hashstructure/v2/LICENSE /usr/share/licenses/trivy/vendor/github.com/mitchellh/go-testing-interface/LICENSE trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/github.com/prometheus/common/internal/bitbucket.org/ww/goautoneg/README.txt /usr/share/licenses/trivy/vendor/github.com/munnerz/goautoneg/README.txt trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/github.com/xanzy/ssh-agent/LICENSE /usr/share/licenses/trivy/vendor/github.com/open-policy-agent/opa/LICENSE trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/github.com/xeipuuv/gojsonschema/LICENSE-APACHE-2.0.txt /usr/share/licenses/trivy/vendor/github.com/open-policy-agent/opa/internal/gojsonschema/LICENSE-APACHE-2.0.txt:/usr/share/licenses/trivy/vendor/github.com/xeipuuv/gojsonpointer/LICENSE-APACHE-2.0.txt:/usr/share/licenses/trivy/vendor/github.com/xeipuuv/gojsonreference/LICENSE-APACHE-2.0.txt trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/github.com/owenrumney/squealer/LICENSE /usr/share/licenses/trivy/vendor/github.com/owenrumney/go-sarif/v2/LICENSE trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/k8s.io/utils/internal/third_party/forked/golang/LICENSE /usr/share/licenses/trivy/vendor/github.com/remyoudompheng/bigfft/LICENSE trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/github.com/spf13/cobra/LICENSE.txt /usr/share/licenses/trivy/vendor/github.com/spf13/afero/LICENSE.txt trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/github.com/spf13/viper/LICENSE /usr/share/licenses/trivy/vendor/github.com/spf13/cast/LICENSE trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/github.com/testcontainers/testcontainers-go/modules/localstack/LICENSE /usr/share/licenses/trivy/vendor/github.com/testcontainers/testcontainers-go/LICENSE trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/google.golang.org/grpc/AUTHORS /usr/share/licenses/trivy/vendor/go.opencensus.io/AUTHORS trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/sigs.k8s.io/yaml/goyaml.v2/NOTICE /usr/share/licenses/trivy/vendor/gopkg.in/yaml.v2/NOTICE:/usr/share/licenses/trivy/vendor/gopkg.in/yaml.v3/NOTICE:/usr/share/licenses/trivy/vendor/sigs.k8s.io/kustomize/kyaml/internal/forked/github.com/go-yaml/yaml/NOTICE trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/sigs.k8s.io/kustomize/kyaml/internal/forked/github.com/go-yaml/yaml/LICENSE /usr/share/licenses/trivy/vendor/gopkg.in/yaml.v3/LICENSE ======== 4 packages and 0 specfiles checked; 12 errors, 50 warnings, 95 filtered, 12 badness; has taken 10.1 s ========= Rpmlint (debuginfo) ------------------- Checking: trivy-debuginfo-0.50.0-1.fc41.x86_64.rpm ================================================ rpmlint session starts ================================================ rpmlint: 2.5.0 configuration: /usr/lib/python3.12/site-packages/rpmlint/configdefaults.toml /etc/xdg/rpmlint/fedora-legacy-licenses.toml /etc/xdg/rpmlint/fedora-spdx-licenses.toml /etc/xdg/rpmlint/fedora.toml /etc/xdg/rpmlint/scoring.toml /etc/xdg/rpmlint/users-groups.toml /etc/xdg/rpmlint/warn-on-functions.toml rpmlintrc: [PosixPath('/tmp/tmp8c1yoig8')] checks: 32, packages: 1 =========== 1 packages and 0 specfiles checked; 0 errors, 0 warnings, 6 filtered, 0 badness; has taken 2.0 s =========== Rpmlint (installed packages) ---------------------------- ============================ rpmlint session starts ============================ rpmlint: 2.5.0 configuration: /usr/lib/python3.12/site-packages/rpmlint/configdefaults.toml /etc/xdg/rpmlint/fedora-legacy-licenses.toml /etc/xdg/rpmlint/fedora-spdx-licenses.toml /etc/xdg/rpmlint/fedora.toml /etc/xdg/rpmlint/scoring.toml /etc/xdg/rpmlint/users-groups.toml /etc/xdg/rpmlint/warn-on-functions.toml checks: 32, packages: 3 trivy.x86_64: W: unused-direct-shlib-dependency /usr/bin/trivy /lib64/libresolv.so.2 trivy.x86_64: E: spelling-error ('misconfigurations', '%description -l en_US misconfigurations -> configurations, reconfiguration, configuration') trivy.x86_64: E: non-executable-script /usr/share/licenses/trivy/vendor/cloud.google.com/go/internal/version/update_version.sh 644 /bin/bash trivy.x86_64: E: non-executable-script /usr/share/licenses/trivy/vendor/cloud.google.com/go/storage/emulator_test.sh 644 /bin/bash trivy.x86_64: E: non-executable-script /usr/share/licenses/trivy/vendor/github.com/go-git/go-git/v5/oss-fuzz.sh 644 /bin/bash -eu trivy.x86_64: E: non-executable-script /usr/share/licenses/trivy/vendor/go.opentelemetry.io/otel/get_main_pkgs.sh 644 /usr/bin/env bash trivy.x86_64: E: non-executable-script /usr/share/licenses/trivy/vendor/go.opentelemetry.io/otel/verify_examples.sh 644 /bin/bash trivy.x86_64: E: non-executable-script /usr/share/licenses/trivy/vendor/google.golang.org/grpc/regenerate.sh 644 /bin/bash trivy.x86_64: E: non-executable-script /usr/share/licenses/trivy/vendor/k8s.io/kubectl/pkg/util/i18n/translations/extract.py 644 /usr/bin/env python3 trivy.x86_64: W: no-manual-page-for-binary trivy trivy-debugsource.x86_64: E: files-duplicated-waste 794638 trivy.x86_64: E: files-duplicated-waste 2071566 trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/go.opentelemetry.io/otel/trace/LICENSE /usr/share/licenses/trivy/LICENSE:/usr/share/licenses/trivy/vendor/github.com/AdaLogics/go-fuzz-headers/LICENSE:/usr/share/licenses/trivy/vendor/github.com/AdamKorcz/go-118-fuzz-build/LICENSE:/usr/share/licenses/trivy/vendor/github.com/GoogleCloudPlatform/docker-credential-gcr/LICENSE:/usr/share/licenses/trivy/vendor/github.com/agext/levenshtein/LICENSE:(and 33 more) trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/k8s.io/utils/LICENSE /usr/share/licenses/trivy/vendor/cloud.google.com/go/LICENSE:/usr/share/licenses/trivy/vendor/cloud.google.com/go/compute/LICENSE:/usr/share/licenses/trivy/vendor/cloud.google.com/go/compute/metadata/LICENSE:/usr/share/licenses/trivy/vendor/cloud.google.com/go/iam/LICENSE:/usr/share/licenses/trivy/vendor/cloud.google.com/go/storage/LICENSE:(and 96 more) trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/github.com/imdario/mergo/LICENSE /usr/share/licenses/trivy/vendor/dario.cat/mergo/LICENSE trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/github.com/Azure/azure-sdk-for-go/sdk/internal/LICENSE.txt /usr/share/licenses/trivy/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/LICENSE.txt:/usr/share/licenses/trivy/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/LICENSE.txt trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/github.com/Azure/go-autorest/tracing/LICENSE /usr/share/licenses/trivy/vendor/github.com/Azure/go-autorest/LICENSE:/usr/share/licenses/trivy/vendor/github.com/Azure/go-autorest/autorest/LICENSE:/usr/share/licenses/trivy/vendor/github.com/Azure/go-autorest/autorest/adal/LICENSE:/usr/share/licenses/trivy/vendor/github.com/Azure/go-autorest/autorest/date/LICENSE:/usr/share/licenses/trivy/vendor/github.com/Azure/go-autorest/logger/LICENSE trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/github.com/Intevation/jsonpath/LICENSE /usr/share/licenses/trivy/vendor/github.com/Intevation/gval/LICENSE trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/AUTHORS /usr/share/licenses/trivy/vendor/github.com/ProtonMail/go-crypto/AUTHORS trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/modernc.org/token/LICENSE /usr/share/licenses/trivy/vendor/github.com/ProtonMail/go-crypto/LICENSE:/usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk-go/internal/sync/singleflight/LICENSE:/usr/share/licenses/trivy/vendor/github.com/liggitt/tabwriter/LICENSE:/usr/share/licenses/trivy/vendor/github.com/sagikazarmark/slog-shim/LICENSE:/usr/share/licenses/trivy/vendor/golang.org/x/crypto/LICENSE:(and 12 more) trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/github.com/antchfx/xpath/LICENSE /usr/share/licenses/trivy/vendor/github.com/antchfx/htmlquery/LICENSE trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk-go/NOTICE.txt /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk-go-v2/NOTICE.txt trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/github.com/aws/smithy-go/internal/sync/singleflight/LICENSE /usr/share/licenses/trivy/vendor/github.com/aws/aws-sdk-go-v2/internal/sync/singleflight/LICENSE trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/github.com/cenkalti/backoff/v4/LICENSE /usr/share/licenses/trivy/vendor/github.com/cenkalti/backoff/LICENSE trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/github.com/klauspost/compress/zstd/internal/xxhash/LICENSE.txt /usr/share/licenses/trivy/vendor/github.com/cespare/xxhash/v2/LICENSE.txt trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/gopkg.in/cheggaaa/pb.v1/LICENSE /usr/share/licenses/trivy/vendor/github.com/cheggaaa/pb/v3/LICENSE trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/github.com/containerd/typeurl/v2/LICENSE /usr/share/licenses/trivy/vendor/github.com/containerd/containerd/LICENSE:/usr/share/licenses/trivy/vendor/github.com/containerd/continuity/LICENSE:/usr/share/licenses/trivy/vendor/github.com/containerd/log/LICENSE trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/github.com/docker/go-metrics/NOTICE /usr/share/licenses/trivy/vendor/github.com/containerd/containerd/NOTICE trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/github.com/docker/distribution/LICENSE /usr/share/licenses/trivy/vendor/github.com/distribution/reference/LICENSE trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/github.com/docker/docker/NOTICE /usr/share/licenses/trivy/vendor/github.com/docker/cli/NOTICE trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/github.com/moby/term/LICENSE /usr/share/licenses/trivy/vendor/github.com/docker/docker/LICENSE:/usr/share/licenses/trivy/vendor/github.com/moby/patternmatcher/LICENSE trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/github.com/docker/go-units/LICENSE /usr/share/licenses/trivy/vendor/github.com/docker/go-connections/LICENSE trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/gopkg.in/inf.v0/LICENSE /usr/share/licenses/trivy/vendor/github.com/go-git/gcfg/LICENSE trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/gopkg.in/ini.v1/LICENSE /usr/share/licenses/trivy/vendor/github.com/go-ini/ini/LICENSE trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/sigs.k8s.io/yaml/goyaml.v2/LICENSE /usr/share/licenses/trivy/vendor/github.com/go-logr/logr/LICENSE:/usr/share/licenses/trivy/vendor/github.com/masahiro331/go-ext4-filesystem/LICENSE:/usr/share/licenses/trivy/vendor/github.com/masahiro331/go-vmdk-parser/LICENSE:/usr/share/licenses/trivy/vendor/github.com/masahiro331/go-xfs-filesystem/LICENSE:/usr/share/licenses/trivy/vendor/github.com/opencontainers/selinux/LICENSE:(and 8 more) trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/github.com/golang-jwt/jwt/v5/LICENSE /usr/share/licenses/trivy/vendor/github.com/golang-jwt/jwt/LICENSE:/usr/share/licenses/trivy/vendor/github.com/golang-jwt/jwt/v4/LICENSE trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/k8s.io/klog/v2/LICENSE /usr/share/licenses/trivy/vendor/github.com/golang/groupcache/LICENSE trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/go.opencensus.io/LICENSE /usr/share/licenses/trivy/vendor/github.com/google/go-containerregistry/LICENSE trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/github.com/mitchellh/go-wordwrap/LICENSE.md /usr/share/licenses/trivy/vendor/github.com/gosuri/uitable/util/wordwrap/LICENSE.md:/usr/share/licenses/trivy/vendor/github.com/mitchellh/copystructure/LICENSE trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/github.com/hashicorp/hcl/LICENSE /usr/share/licenses/trivy/vendor/github.com/hashicorp/errwrap/LICENSE:/usr/share/licenses/trivy/vendor/github.com/hashicorp/go-version/LICENSE trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/github.com/hashicorp/golang-lru/v2/LICENSE /usr/share/licenses/trivy/vendor/github.com/hashicorp/golang-lru/LICENSE trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/github.com/hashicorp/terraform-exec/LICENSE /usr/share/licenses/trivy/vendor/github.com/hashicorp/hc-install/LICENSE trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/github.com/knqyf263/go-rpm-version/LICENSE /usr/share/licenses/trivy/vendor/github.com/knqyf263/go-deb-version/LICENSE trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/github.com/knqyf263/nested/LICENSE /usr/share/licenses/trivy/vendor/github.com/knqyf263/go-rpmdb/LICENSE trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/github.com/liamg/memoryfs/LICENSE /usr/share/licenses/trivy/vendor/github.com/liamg/iamgo/LICENSE:/usr/share/licenses/trivy/vendor/github.com/liamg/jfather/LICENSE trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/github.com/mattn/go-runewidth/LICENSE /usr/share/licenses/trivy/vendor/github.com/mattn/go-colorable/LICENSE trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/github.com/mitchellh/reflectwalk/LICENSE /usr/share/licenses/trivy/vendor/github.com/mitchellh/go-homedir/LICENSE:/usr/share/licenses/trivy/vendor/github.com/mitchellh/mapstructure/LICENSE trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/github.com/mitchellh/hashstructure/v2/LICENSE /usr/share/licenses/trivy/vendor/github.com/mitchellh/go-testing-interface/LICENSE trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/github.com/prometheus/common/internal/bitbucket.org/ww/goautoneg/README.txt /usr/share/licenses/trivy/vendor/github.com/munnerz/goautoneg/README.txt trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/github.com/xanzy/ssh-agent/LICENSE /usr/share/licenses/trivy/vendor/github.com/open-policy-agent/opa/LICENSE trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/github.com/xeipuuv/gojsonschema/LICENSE-APACHE-2.0.txt /usr/share/licenses/trivy/vendor/github.com/open-policy-agent/opa/internal/gojsonschema/LICENSE-APACHE-2.0.txt:/usr/share/licenses/trivy/vendor/github.com/xeipuuv/gojsonpointer/LICENSE-APACHE-2.0.txt:/usr/share/licenses/trivy/vendor/github.com/xeipuuv/gojsonreference/LICENSE-APACHE-2.0.txt trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/github.com/owenrumney/squealer/LICENSE /usr/share/licenses/trivy/vendor/github.com/owenrumney/go-sarif/v2/LICENSE trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/k8s.io/utils/internal/third_party/forked/golang/LICENSE /usr/share/licenses/trivy/vendor/github.com/remyoudompheng/bigfft/LICENSE trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/github.com/spf13/cobra/LICENSE.txt /usr/share/licenses/trivy/vendor/github.com/spf13/afero/LICENSE.txt trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/github.com/spf13/viper/LICENSE /usr/share/licenses/trivy/vendor/github.com/spf13/cast/LICENSE trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/github.com/testcontainers/testcontainers-go/modules/localstack/LICENSE /usr/share/licenses/trivy/vendor/github.com/testcontainers/testcontainers-go/LICENSE trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/google.golang.org/grpc/AUTHORS /usr/share/licenses/trivy/vendor/go.opencensus.io/AUTHORS trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/sigs.k8s.io/yaml/goyaml.v2/NOTICE /usr/share/licenses/trivy/vendor/gopkg.in/yaml.v2/NOTICE:/usr/share/licenses/trivy/vendor/gopkg.in/yaml.v3/NOTICE:/usr/share/licenses/trivy/vendor/sigs.k8s.io/kustomize/kyaml/internal/forked/github.com/go-yaml/yaml/NOTICE trivy.x86_64: W: files-duplicate /usr/share/licenses/trivy/vendor/sigs.k8s.io/kustomize/kyaml/internal/forked/github.com/go-yaml/yaml/LICENSE /usr/share/licenses/trivy/vendor/gopkg.in/yaml.v3/LICENSE 3 packages and 0 specfiles checked; 10 errors, 49 warnings, 91 filtered, 10 badness; has taken 7.0 s Requires -------- trivy (rpmlib, GLIBC filtered): libc.so.6()(64bit) libresolv.so.2()(64bit) rtld(GNU_HASH) trivy-debuginfo (rpmlib, GLIBC filtered): trivy-debugsource (rpmlib, GLIBC filtered): Provides -------- trivy: trivy trivy(x86-64) trivy-debuginfo: debuginfo(build-id) trivy-debuginfo trivy-debuginfo(x86-64) trivy-debugsource: trivy-debugsource trivy-debugsource(x86-64) Generated by fedora-review 0.10.0 (e79b66b) last change: 2023-07-24 Command line :/usr/bin/fedora-review -b 2272258 -m fedora-rawhide-x86_64 Buildroot used: fedora-rawhide-x86_64 Active plugins: C/C++, Shell-api, Generic Disabled plugins: R, PHP, Java, Ruby, fonts, Ocaml, SugarActivity, Perl, Haskell, Python Disabled flags: EXARCH, EPEL6, EPEL7, DISTTAG, BATCH
This is the first package to use https://gitlab.com/fedora/sigs/go/go-vendor-tools, the new tooling for vendoring Go packages, and is actually an optional dependency of go-vendor-tools itself, so there is still some work to do. See the discussion in https://lists.fedoraproject.org/archives/list/golang@lists.fedoraproject.org/thread/K5P6P2MGEE3SCPF4SZFWOIUGHQHJ6GGG/. I apologize for missing some context with this review request. I had expected for a Go SIG member who had participated in the previous discussions to review the package, but your review is very welcome. Thank you! trivy has a lot of dependencies, some of which do atypical things (e.g., the modernc dependencies), and is not representative of the average Go project. It was likely not the best first package… Anyways, I will respond to the rest of your feedback inline. (In reply to Jerry James from comment #2) > There don't seem to be any golang packaging guidelines These do exist in https://docs.fedoraproject.org/en-US/packaging-guidelines/Golang/, but don't cover the new tooling yet. > I'm doing my best to understand and review properly below. Please excuse me > if I make an ignorant comment. The review is so long that bugzilla won't let > me paste it all, so I will split it across multiple comments. Sure—thank you for bearing with me. > Package Review > ============== > > Legend: > [x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated > > Issues: > ======= > > - There is an awful lot of bundling going on. Is that typical for the golang > ecosystem? See the above comment about bundling. > - I am attempting to see if the License field in the spec file matches the > actual licenses in play. It's a bit of a challenge. There is no comment > in > the spec file nor any kind of README describing the license breakdown. > That > would help a lot. See the following questions. go-vendor-tools automatically computes the license tag, but there definitely should be a comment explaining that. I opened https://gitlab.com/fedora/sigs/go/go2rpm/-/issues/41. > - Many files under vendor/modernc.org/libc contain one or both of > LGPL-2.1-or-later and GPL-3.0-or-later declarations, but I don't see either > license in the License field. Should they appear there? The licensing of that project is murky. See https://gitlab.com/cznic/libc/-/issues/31. It's pulled in via trivy's dependency on modernc.org/sqlite. I wonder if upstream would consider a different sqlite driver. I'll keep digging into it. > - vendor/github.com/rcrowley/go-metrics/LICENSE is BSD-2-Clause-Views, not > BSD-2-Clause, but I don't see that in License. Fixed locally. > - Some files additionally have lines that read: > // SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note > I don't know if we are obligated to list notes, or if we only worry about > exceptions in Fedora. The files: > - vendor/modernc.org/libc/sys/socket/socket_linux_arm.go > - vendor/modernc.org/libc/sys/socket/socket_linux_arm64.go > - vendor/modernc.org/libc/sys/socket/socket_linux_riscv64.go See above. > - What do you make of the license declaration at the top of > vendor/golang.org/x/crypto/chacha20/chacha_ppc64le.s? Is that file > included > in the build on ppc64le? The link in that comment is dead, but https://web.archive.org/web/20240111224133/https://www.openssl.org/~appro/cryptogams/ still has it and https://github.com/dot-asm/cryptogams/blob/a60f5b50ed908e91e5c39ca79126a4a876d5d8ff/LICENSE suggests that this is available under the BSD-3-Clause license OR (an unspecified version of) the GPL. golang-x-crypto is licensed under BSD-3-Clause as well and only retains that notice. go-vendor-tools already detects this dependency as BSD-3-Clause, so we should be okay there. I don't think adding an "OR GPL-1.0-or-later" to account for > ALTERNATIVELY, provided that this notice is retained in full, this product may be distributed under the terms of the GNU General Public License (GPL), in which case the provisions of the GPL apply INSTEAD OF those given above. in the original project's license makes sense here. > - vendor/github.com/alecthomas/chroma/formatters/svg/font_liberation_mono.go > contains an encoding of a font under the OFL-1.1-RFN license, which does > not > appear in License. Fixed locally. > - See the complaint below about unowned directories. This is not an error. > The directory /usr/share/licenses/trivy/vendor/github.com/kylelemons, for > example, is not owned by this package, but contains another directory that > is. Tracked at https://gitlab.com/fedora/sigs/go/go-vendor-tools/-/issues/44. The code that generates the license filelist also needs to add entries for intermediate directories. > - See the non-executable-script rpmlint warnings below. Please either remove > the shebangs from those files or make them executable. > - Notice the invalid-url rpmlint warning for Source0. The URL is missing > "https:" at the beginning. Is this a weakness of %gourl? Is something > missing from the spec file that would cause that to appear? This seems to be a false positive. The URL is expanded properly when you evaluate the specfile. > - Note that unused-direct-shlib-dependency warning for /usr/bin/trivy. It > depends, uselessly, on libresolv.so.2. Does that mean /usr/bin/trivy was > linked without --as-needed? > - Version 0.50.1 has been released, FYI. Thanks for the heads up. I'll take a look at updating after I've addressed the other outstanding tooling issues.
> - See the non-executable-script rpmlint warnings below. Please either remove > the shebangs from those files or make them executable. > - Note that unused-direct-shlib-dependency warning for /usr/bin/trivy. It > depends, uselessly, on libresolv.so.2. Does that mean /usr/bin/trivy was > linked without --as-needed? I'll look at these two items as well.
(In reply to Maxwell G from comment #5) > This is the first package to use > https://gitlab.com/fedora/sigs/go/go-vendor-tools, the new tooling for > vendoring Go packages, and is actually an optional dependency of > go-vendor-tools itself, so there is still some work to do. See the > discussion in > https://lists.fedoraproject.org/archives/list/golang@lists.fedoraproject.org/ > thread/K5P6P2MGEE3SCPF4SZFWOIUGHQHJ6GGG/. I apologize for missing some > context with this review request. I had expected for a Go SIG member who had > participated in the previous discussions to review the package, but your > review is very welcome. Thank you! If some Go SIG member wants to take over this review, I am happy to hand it over. I actually have reviewed Go packages before, but it's been awhile, and I am clearly not up on the latest developments. > > There don't seem to be any golang packaging guidelines > > These do exist in > https://docs.fedoraproject.org/en-US/packaging-guidelines/Golang/, but don't > cover the new tooling yet. Okay. I expected to find a link in https://docs.fedoraproject.org/en-US/packaging-guidelines/#_domain_specific_guidelines, but I don't see one there. I am satisfied with your other answers. (I didn't know "%license %dir" was a thing. I'm glad that works!) I look forward to the next iteration. Thanks for doing the work to get trivy packaged. It will be a great addition to Fedora.
Spec URL: https://gotmax23.fedorapeople.org/reviews/trivy/trivy.spec SRPM URL: https://gotmax23.fedorapeople.org/reviews/trivy/trivy-0.50.0-1.fc39.src.rpm Koji scratch build: https://koji.fedoraproject.org/koji/taskinfo?taskID=115896937
I updated the specfile. I have fixed the incorrect/missing license issues, replaced modernc.org/sqlite with less problematic github.com/mattn/go-sqlite3, and removed the files with shebang issues (those files were included by %go_vendor_license_install, as they had license headers, but they were just development scripts, so there was no need to include them). The directory ownership issues were also fixed in go-vendor-tools; I pushed the fix to rawhide. https://git.sr.ht/~gotmax23/trivy-rpm has the unpacked sources if that's easier to review.
Spec URL: https://gotmax23.fedorapeople.org/reviews/trivy/trivy.spec SRPM URL: https://gotmax23.fedorapeople.org/reviews/trivy/trivy-0.50.0-1.fc39.src.rpm Fix Source0 entry
> - Notice the invalid-url rpmlint warning for Source0. The URL is missing > "https:" at the beginning. Is this a weakness of %gourl? Is something > missing from the spec file that would cause that to appear? 🤦 https://git.sr.ht/~gotmax23/trivy-rpm/commit/0e6ec42eca8c5d80d7167fdeae9a61968e16f744
(In reply to Maxwell G from comment #11) > 🤦 > https://git.sr.ht/~gotmax23/trivy-rpm/commit/ > 0e6ec42eca8c5d80d7167fdeae9a61968e16f744 Aha, mystery solved! You have addressed all of my concerns, so this package is APPROVED.
The Pagure repository was created at https://src.fedoraproject.org/rpms/trivy
FEDORA-2024-9ed62a7814 (trivy-0.50.1-1.fc41) has been submitted as an update to Fedora 41. https://bodhi.fedoraproject.org/updates/FEDORA-2024-9ed62a7814
FEDORA-2024-9ed62a7814 (trivy-0.50.1-1.fc41) has been pushed to the Fedora 41 stable repository. If problem still persists, please make note of it in this bug report.