It's a bit tricky to use Trivy with the Fly.io registry because Fly.io tokens often contain commas. Trivy allows multiple, comma separated passwords to be sent and complains if the number of usernames doesn't match the number of passwords.
In the case where one username and multiple passwords is set, this PR rejoins the passwords with commas. This seems like a good balance between allowing for multiple credentials to be specified and allowing for commas in passwords.
Description
It's a bit tricky to use Trivy with the Fly.io registry because Fly.io tokens often contain commas. Trivy allows multiple, comma separated passwords to be sent and complains if the number of usernames doesn't match the number of passwords.
In the case where one username and multiple passwords is set, this PR rejoins the passwords with commas. This seems like a good balance between allowing for multiple credentials to be specified and allowing for commas in passwords.
Related issues
https://github.com/aquasecurity/trivy/discussions/7043
Checklist