This tool uses a very old version of trivy (v0.19.2), which causes issues because apps using package-lock.json lockfileVersion: 3 , are not supported and vulnerabilities aren't found.
When is this going to be updated? Having such a old version makes the tool hard to justify to use.
This tool uses a very old version of trivy (v0.19.2), which causes issues because apps using package-lock.json lockfileVersion: 3 , are not supported and vulnerabilities aren't found.
When is this going to be updated? Having such a old version makes the tool hard to justify to use.