Trivy is [migrating to a new JSON schema](https://github.com/aquasecurity/trivy/discussions/1050). Artifact Hub stores the reports generated by Trivy in JSON format in the database, so we are migrating to the new format as well. Even though new security reports will use the new format, there might be reports stored in the database still using the previous format that may never be updated. The UI will know how to handle both, but users using the security report API endpoint need to be aware that they might receive any of them.
Signed-off-by: Sergio Castaño Arteaga <tegioz@icloud.com>
Signed-off-by: Cintia Sanchez Garcia <cynthiasg@icloud.com>
Co-authored-by: Sergio Castaño Arteaga <tegioz@icloud.com>
Co-authored-by: Cintia Sanchez Garcia <cynthiasg@icloud.com>
Errors returned from `trivy` are now added to the scanning errors logs
as-is. In addition to this, no security report for a package will be
generated if the scanning of one of the images fails for any reason.
Before, when the error was `image not found`, we were still generating
the report, which could lead to incomplete and misleading reports.
Closes#1387
Signed-off-by: Sergio Castaño Arteaga <tegioz@icloud.com>
Sergio C. Arteaga