aquasecurity · Biehlj · Dec 1, 2023 · Dec 4, 2023 · Dec 4, 2023 · simar7
@@ -24,7 +24,7 @@ There are 4 categories:
     If you find any false positives or false negatives, please make sure to report them under the "False Detection" category, not "Bugs".
 
 ## False detection
-Trivy depends on [multiple data sources](https://aquasecurity.github.io/trivy/latest/docs/vulnerability/detection/data-source/).
+Trivy depends on [multiple data sources](https://aquasecurity.github.io/trivy/latest/docs/scanner/vulnerability/#data-sources).
 Sometime these databases contain mistakes.
 
 If Trivy can't detect any CVE-IDs or shows false positive result, at first please follow the next steps:
@@ -42,6 +42,7 @@ If you find a problem, it'll be nice to fix it: [How to contribute to a GitHub s
 ### GitLab Advisory Database
 Visit [here](https://advisories.gitlab.com/) and search CVE-ID.
 
+<!-- Please note that the link to [Create an issue to GitLab Advisory Database](https://gitlab.com/gitlab-org/security-products/gemnasium-db/-/issues/new) requires login. -->
 If you find a problem, it'll be nice to fix it: [Create an issue to GitLab Advisory Database](https://gitlab.com/gitlab-org/security-products/gemnasium-db/-/issues/new)
-<!-- Please note that the link to [Create an issue to GitLab Advisory Database](https://gitlab.com/gitlab-org/security-products/gemnasium-db/-/issues/new) requires login. -->
-If you find a problem, it'll be nice to fix it: [Create an issue to GitLab Advisory Database](https://gitlab.com/gitlab-org/security-products/gemnasium-db/-/issues/new)
+If you find a problem, it'll be nice to fix it: [Create an issue to GitLab Advisory Database](https://gitlab.com/gitlab-org/security-products/gemnasium-db/-/issues/new). Please note this requires a GitLab account.
-<!-- Please note that the link to [Create an issue to GitLab Advisory Database](https://gitlab.com/gitlab-org/security-products/gemnasium-db/-/issues/new) requires login. -->
-If you find a problem, it'll be nice to fix it: [Create an issue to GitLab Advisory Database](https://gitlab.com/gitlab-org/security-products/gemnasium-db/-/issues/new)
+If you find a problem, it'll be nice to fix it: [Create an issue to GitLab Advisory Database](https://gitlab.com/gitlab-org/security-products/gemnasium-db/-/issues/new). Please note this requires a GitLab account.
 
 ### Red Hat CVE Database

@@ -137,6 +137,6 @@ $ trivy conf --skip-policy-update /path/to/conf
 ```
 
 [allowlist]: ../references/troubleshooting.md
-[oras]: https://oras.land/cli/
+[oras]: https://oras.land/docs/installation/
 
 [^1]: This is only required to scan `jar` files. More information about `Java index db` [here](../coverage/language/java.md)
@@ -355,4 +355,4 @@ Digest: sha256:6416d0199d66ce52ced19f01d75454b22692ff3aa7737e45f7a189880840424f
 [trivy-module-wordpress]: https://github.com/aquasecurity/trivy-module-wordpress
 
 [tinygo-installation]: https://tinygo.org/getting-started/install/
-[oras]: https://oras.land/cli/
+[oras]: https://oras.land/docs/installation/
@@ -103,7 +103,7 @@ Any package prefixes such as `main` and `user` are allowed.
 ### Metadata
 Metadata helps enrich Trivy's scan results with useful information.
 
-The annotation format is described in the [OPA documentation](https://www.openpolicyagent.org/docs/latest/annotations/).
+The annotation format is described in the [OPA documentation](https://www.openpolicyagent.org/docs/latest/policy-language/#annotations).
 
 Trivy supports extra fields in the `custom` section as described below.
 

@@ -89,4 +89,4 @@ To use such a policy with Trivy, use the `--config-policy` flag that points to t
 $ trivy --config-policy=/Users/user/my-custom-policies <path/to/iac>
 ```
 
-For more details on how to define schemas within Rego policies, please see the [OPA guide](https://www.openpolicyagent.org/docs/latest/schemas/#schema-annotations) that describes it in more detail.
+For more details on how to define schemas within Rego policies, please see the [OPA guide](https://www.openpolicyagent.org/docs/latest/policy-language/#schema-annotations) that describes it in more detail.
@@ -92,7 +92,7 @@ You can get the package names in the [trivy-policies repository][trivy-policies]
 
 For more details, see [an example][rule-example].
 
-[ns-example]: https://github.com/aquasecurity/trivy/tree/{{ git.commit }}/examples/misconf/namespace-exception
-[rule-example]: https://github.com/aquasecurity/trivy/tree/{{ git.commit }}/examples/misconf/rule-exception
+[ns-example]:https://github.com/aquasecurity/trivy/tree/main/integration/testdata/fixtures/repo/namespace-exception
+[rule-example]:https://github.com/aquasecurity/trivy/tree/main/integration/testdata/fixtures/repo/rule-exception
 [ksv012]: https://github.com/aquasecurity/trivy-policies/blob/main/rules/kubernetes/policies/pss/restricted/3_runs_as_root.rego 
 [trivy-policies]: https://github.com/aquasecurity/trivy-policies/
@@ -9,7 +9,7 @@ And, Trivy can take an SBOM attestation as input and scan for vulnerabilities
 
 ## Sign with a local key pair
 
-Cosign can generate key pairs and use them for signing and verification. After you run the following command, you will get a public and private key pair. Read more about [how to generate key pairs](https://docs.sigstore.dev/cosign/key-generation).
+Cosign can generate key pairs and use them for signing and verification. After you run the following command, you will get a public and private key pair. Read more about [how to generate key pairs](https://docs.sigstore.dev/key_management/signing_with_self-managed_keys/).
 
 ```bash
 $ cosign generate-key-pair

@@ -154,7 +154,7 @@ $ trivy image --format cosign-vuln --output vuln.json alpine:3.10
 
 ### Sign with a local key pair
 
-Cosign can generate key pairs and use them for signing and verification. After you run the following command, you will get a public and private key pair. Read more about [how to generate key pairs](https://docs.sigstore.dev/cosign/key-generation).
+Cosign can generate key pairs and use them for signing and verification. After you run the following command, you will get a public and private key pair. Read more about [how to generate key pairs](https://docs.sigstore.dev/key_management/signing_with_self-managed_keys/).
 
 ```bash
 $ cosign generate-key-pair

@@ -36,7 +36,7 @@ Trivy Docker Desktop extension for scanning container images for vulnerabilities
 ## Rancher Desktop (Community)
 [Rancher Desktop](https://rancherdesktop.io/) is an easy way to use containers and Kubernetes on your development machine, and manage it in a GUI.
 
-Trivy is natively integrated with Rancher, no installation is needed. More info in Rancher documentation: <https://docs.rancherdesktop.io/getting-started/features#scanning-images>
+Trivy is natively integrated with Rancher, no installation is needed. More info in Rancher documentation: <https://docs.rancherdesktop.io/ui/images#scanning-images>
 
 ## LazyTrivy (Community)
 A terminal native UI for Trivy

@@ -30,9 +30,10 @@ Below is a list of additional resources from the community.
 
 - [the vulnerability remediation lifecycle of Alpine containers](https://ariadne.space/2021/06/08/the-vulnerability-remediation-lifecycle-of-alpine-containers/)
 - [Open Source CVE Scanner Round-Up: Clair vs Anchore vs Trivy](https://boxboat.com/2020/04/24/image-scanning-tech-compared/)
-- [Docker Image Security: Static Analysis Tool Comparison – Anchore Engine vs Clair vs Trivy](https://www.a10o.net/devsecops/docker-image-security-static-analysis-tool-comparison-anchore-engine-vs-clair-vs-trivy/)
+<!-- - [Docker Image Security: Static Analysis Tool Comparison – Anchore Engine vs Clair vs Trivy](https://www.a10o.net/devsecops/docker-image-security-static-analysis-tool-comparison-anchore-engine-vs-clair-vs-trivy/) The blog post no longer exists commented out for removal -->
 
 ### Evaluations
 
 - [Istio evaluating to use Trivy](https://github.com/istio/release-builder/pull/687#issuecomment-874938417)
 - [Research Spike: evaluate Trivy for scanning running containers](https://gitlab.com/gitlab-org/gitlab/-/issues/270888)
+