Closed codefromthecrypt closed 4 months ago
marking draft in case upstream accepts a plan forward which is to consider src/it deps "dev dependencies" which would have the same affect of not burdening folks with noise, unless they opt into it.
https://github.com/aquasecurity/trivy/pull/6213 obviates this
I've given up trying to convince trivy to consider maven-invoker-plugin a test vs a deployment. This adds a config and a helper script to run it ad-hoc.