aquasecurity
diff --git a/‎.github/workflows/auto-update-labels.yaml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/auto-update-labels.yaml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/reusable-release.yaml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/reusable-release.yaml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/test.yaml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/test.yaml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.golangci.yaml
Lines changed: 1 addition & 1 deletion b/‎.golangci.yaml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.vex/trivy.openvex.json
Lines changed: 29 additions & 0 deletions b/‎.vex/trivy.openvex.json
Lines changed: 29 additions & 0 deletions
diff --git a/‎Dockerfile.protoc
Lines changed: 1 addition & 1 deletion b/‎Dockerfile.protoc
Lines changed: 1 addition & 1 deletion
diff --git a/‎aqua.yaml
Lines changed: 1 addition & 1 deletion b/‎aqua.yaml
Lines changed: 1 addition & 1 deletion
diff --git a/‎docs/docs/configuration/reporting.md
Lines changed: 2 additions & 0 deletions b/‎docs/docs/configuration/reporting.md
Lines changed: 2 additions & 0 deletions
diff --git a/‎docs/docs/coverage/language/index.md
Lines changed: 1 addition & 0 deletions b/‎docs/docs/coverage/language/index.md
Lines changed: 1 addition & 0 deletions
diff --git a/‎docs/docs/coverage/language/python.md
Lines changed: 7 additions & 0 deletions b/‎docs/docs/coverage/language/python.md
Lines changed: 7 additions & 0 deletions
@@ -6,7 +6,7 @@ on:
     branches:
       - main
 env:
-  GO_VERSION: '1.22'
+  GO_VERSION: '1.23'
 jobs:
   deploy:
     name: Auto-update labels
 
@@ -14,7 +14,7 @@ on:
 
 env:
   GH_USER: "aqua-bot"
-  GO_VERSION: '1.22'
+  GO_VERSION: '1.23'
 
 jobs:
   release:
 
@@ -12,7 +12,7 @@ on:
   workflow_dispatch:
 
 env:
-  GO_VERSION: '1.22'
+  GO_VERSION: '1.23'
 jobs:
   test:
     name: Test
 
@@ -121,7 +121,7 @@ linters:
     - usestdlibvars
 
 run:
-  go: '1.22'
+  go: '1.23'
   timeout: 30m
 
 issues:
 
@@ -570,6 +570,35 @@
       "status": "not_affected",
       "justification": "vulnerable_code_not_in_execute_path",
       "impact_statement": "Govulncheck determined that the vulnerable code isn't called"
+    },
+    {
+      "vulnerability": {
+        "@id": "https://pkg.go.dev/vuln/GO-2024-3333",
+        "name": "GO-2024-3333",
+        "description": "Non-linear parsing of case-insensitive content in golang.org/x/net/html",
+        "aliases": [
+          "CVE-2024-45338"
+        ]
+      },
+      "products": [
+        {
+          "@id": "pkg:golang/github.com/aquasecurity/trivy",
+          "identifiers": {
+            "purl": "pkg:golang/github.com/aquasecurity/trivy"
+          },
+          "subcomponents": [
+            {
+              "@id": "pkg:golang/golang.org/x/net",
+              "identifiers": {
+                "purl": "pkg:golang/golang.org/x/net"
+              }
+            }
+          ]
+        }
+      ],
+      "status": "not_affected",
+      "justification": "vulnerable_code_not_in_execute_path",
+      "impact_statement": "Govulncheck determined that the vulnerable code isn't called"
     }
   ]
 }
@@ -1,4 +1,4 @@
-FROM --platform=linux/amd64 golang:1.22
+FROM --platform=linux/amd64 golang:1.23
 
 # Set environment variable for protoc
 ENV PROTOC_ZIP=protoc-3.19.4-linux-x86_64.zip
 
@@ -5,6 +5,6 @@ registries:
 - type: standard
   ref: v3.157.0 # renovate: depName=aquaproj/aqua-registry
 packages:
-- name: tinygo-org/tinygo@v0.31.1
+- name: tinygo-org/tinygo@v0.33.0
 - name: WebAssembly/binaryen@version_112
 - name: magefile/[email protected]
@@ -58,6 +58,7 @@ The following languages are currently supported:
 |          | [yarn.lock][yarn-lock]                     |
 | .NET     | [packages.lock.json][dotnet-packages-lock] |
 | Python   | [poetry.lock][poetry-lock]                 |
+|          | [uv.lock][uv-lock]                         |
 | Ruby     | [Gemfile.lock][gemfile-lock]               |
 | Rust     | [cargo-auditable binaries][cargo-binaries] |
 | Go       | [go.mod][go-mod]                           |
@@ -449,6 +450,7 @@ $ trivy convert --format table --severity CRITICAL result.json
 [yarn-lock]: ../coverage/language/nodejs.md#yarn
 [dotnet-packages-lock]: ../coverage/language/dotnet.md#packageslockjson
 [poetry-lock]: ../coverage/language/python.md#poetry
+[uv-lock]: ../coverage/language/python.md#uv
 [gemfile-lock]: ../coverage/language/ruby.md#bundler
 [go-mod]: ../coverage/language/golang.md#go-module
 [composer-lock]: ../coverage/language/php.md#composerlock
 
@@ -22,6 +22,7 @@ On the other hand, when the target is a post-build artifact, like a container im
 |                      | gemspec                                                                                    |     ✅     |     ✅      |       -        |       -        |
 | [Python](python.md)  | Pipfile.lock                                                                               |     -     |     -      |       ✅        |       ✅        |
 |                      | poetry.lock                                                                                |     -     |     -      |       ✅        |       ✅        |
+|                      | uv.lock                                                                                    |     -     |     -      |       ✅        |       ✅        |
 |                      | requirements.txt                                                                           |     -     |     -      |       ✅        |       ✅        |
 |                      | egg package[^1]                                                                            |     ✅     |     ✅      |       -        |       -        |
 |                      | wheel package[^2]                                                                          |     ✅     |     ✅      |       -        |       -        |
 
@@ -8,6 +8,7 @@ The following scanners are supported for package managers.
 | pip             |  ✓   |       ✓       |    ✓    |
 | Pipenv          |  ✓   |       ✓       |    -    |
 | Poetry          |  ✓   |       ✓       |    -    |
+| uv              |  ✓   |       ✓       |    -    |
 
 In addition, Trivy supports three formats of Python packages: `egg`, `wheel` and `conda`.
 The following scanners are supported for Python packages.
@@ -26,6 +27,7 @@ The following table provides an outline of the features Trivy offers.
 | pip             | requirements.txt |            -            |     Include      |                  -                   |    ✓     |                    ✓                     |
 | Pipenv          | Pipfile.lock     |            ✓            |     Include      |                  -                   |    ✓     |                Not needed                |
 | Poetry          | poetry.lock      |            ✓            |     Include      |                  ✓                   |    -     |                Not needed                |
+| uv              | uv.lock          |            ✓            |     Exclude      |                  ✓                   |    -     |                Not needed                |
 
 
 | Packaging | Dependency graph |
@@ -126,6 +128,11 @@ To build the correct dependency graph, `pyproject.toml` also needs to be present
 
 License detection is not supported for `Poetry`.
 
+### uv
+Trivy uses `uv.lock` to identify dependencies and find vulnerabilities.
+
+License detection is not supported for `uv`.
+
 ## Packaging
 Trivy parses the manifest files of installed packages in container image scanning and so on.
 See [here](https://packaging.python.org/en/latest/discussions/package-formats/) for the detail.
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-FROM --platform=linux/amd64 golang:1.22`
	`1`	`+FROM --platform=linux/amd64 golang:1.23`
`2`	`2`
`3`	`3`	`# Set environment variable for protoc`
`4`	`4`	`ENV PROTOC_ZIP=protoc-3.19.4-linux-x86_64.zip`