Secret Detection Recommendation Document Missing Since v0.41.0

[maltefiala]

Description

In Version 0.40.0 the file existed. However, since 0.41.0 it is gone but still referred to in every trivy run.

Steps to reproduce:

1. run trivy image <someimage>
2. Output is
   2023-06-20T10:42:28.426+0200 INFO Vulnerability scanning is enabled 2023-06-20T10:42:28.426+0200 INFO Secret scanning is enabled 2023-06-20T10:42:28.426+0200 INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning 2023-06-20T10:42:28.426+0200 INFO Please see also https://aquasecurity.github.io/trivy/v0.42/docs/secret/scanning/#recommendation for faster secret detection 2023-06-20T10:42:28.471+0200 INFO Detected OS: debian 2023-06-20T10:42:28.471+0200 INFO Detecting Debian vulnerabilities... 2023-06-20T10:42:28.504+0200 INFO Number of language-specific files: 3 2023-06-20T10:42:28.504+0200 INFO Detecting python-pkg vulnerabilities... 2023-06-20T10:42:28.504+0200 INFO Detecting node-pkg vulnerabilities... 2023-06-20T10:42:28.504+0200 INFO Detecting jar vulnerabilities...
3. Link to https://aquasecurity.github.io/trivy/v0.42/docs/secret/scanning/#recommendation is wrong

See following screenshots

v0.40.0:

v0.41.0:

Link

https://aquasecurity.github.io/trivy/v0.42/docs/secret/scanning/#recommendation

Suggestions

1. Look up https://github.com/aquasecurity/trivy/blob/v0.40.0/docs/docs/secret/scanning.md
2. Check for relevancy
3. Migrate to v.0.42.0

Or delete reference from:

• https://github.com/aquasecurity/trivy/blob/main/pkg/commands/artifact/run.go#L597
• https://github.com/aquasecurity/trivy/blob/main/docs/docs/target/container_image.md?plain=1#L491
• https://github.com/aquasecurity/trivy/blob/main/docs/docs/supply-chain/attestation/rekor.md?plain=1#L25

Following file is hardcoded using doc from old version:

• https://github.com/aquasecurity/trivy/blob/main/docs/docs/scanner/vulnerability/os.md?plain=1#L104

[knqyf263]

Thanks. I've created an issue for tracking.
#4680