Backport: Handle breaking change in Trivy v0.54.0 server API

src/main/java/org/dependencytrack/parser/trivy/model/Options.java

@@ -21,13 +21,32 @@
 import com.google.gson.annotations.SerializedName;
 
 public class Options {
+
+ /**
+ * NB: GSON doesn't support serialization of getters, it can only deal with fields.
+ * Need to have libraries as redundant field to packages, with Jackson we could just
+ * use a computed getter with {@link com.fasterxml.jackson.annotation.JsonGetter}.
+ * Migrate this to Jackson eventually.
+ *
+ * @see <a href="https://github.com/DependencyTrack/dependency-track/issues/3737">GitHub issue</a>
+ * @deprecated Kept for compatibility with Trivy < 0.54.0
+ */
+ @Deprecated(forRemoval = true)
  @SerializedName("vuln_type")
  private String[] vulnType;
+
+ @SerializedName("pkg_types")
+ private String[] pkgTypes;
+
  private String[] scanners;
 
- public String[] getVulnType() { return vulnType; }
- public void setVulnType(String[] value) { this.vulnType = value; }
+ public void setPkgTypes(String[] value) {
+ this.pkgTypes = value;
+ this.vulnType = value;
+ }
+
+ public void setScanners(String[] value) {
+ this.scanners = value;
+ }
 
- public String[] getScanners() { return scanners; }
- public void setScanners(String[] value) { this.scanners = value; }
 }

src/main/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTask.java

@@ -414,7 +414,7 @@ private TrivyResponse scanBlob(PutRequest input) {
  scan.setBlobIDS(new String[]{input.getDiffID()});
 
  final var opts = new Options();
- opts.setVulnType(new String[]{"os", "library"});
+ opts.setPkgTypes(new String[]{"os", "library"});
  opts.setScanners(new String[]{"vuln"});
 
  scan.setOptions(opts);

src/test/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTaskTest.java

@@ -410,6 +410,10 @@ Those using Woodstox to parse XML data may be vulnerable to Denial of Service at
  "${json-unit.regex}(^sha256:[a-f0-9]{64}$)"
  ],
  "options": {
+ "pkg_types": [
+ "os",
+ "library"
+ ],
  "vuln_type": [
  "os",
  "library"