feat(python): Add support for astral UV

## Description
Parse [uv.lock](https://docs.astral.sh/uv/concepts/projects/#configuring-the-project-environment-path) to identify dependencies ([example](https://github.com/astral-sh/uv/blob/312eeb8f573d36f6df658f85ecadc52799647bb3/scripts/benchmark/uv.lock)).

## TODO
- [x] Add new [parser](https://github.com/aquasecurity/trivy/tree/4926da79de901fba73819d71845ec0355b68ae0f/pkg/dependency/parser/python).
   - [ ] `uv.lock` contains dependencies for package - so parser should detect `[]Package` and `[]Dependency`.(check the case when 2 packages with different versions are used (if possible)
   - [ ] `uv.lock` contains root package (e.g. https://github.com/astral-sh/uv/blob/312eeb8f573d36f6df658f85ecadc52799647bb3/scripts/benchmark/uv.lock#L27). Can we detect that this is root package (e.g. from `source` field)?
   - [x] fill Relationship field.
- [x] add new [analyzer](https://github.com/aquasecurity/trivy/tree/4926da79de901fba73819d71845ec0355b68ae0f/pkg/fanal/analyzer/language/python). 
   - [ ] If we can detect Root package from `uv.lock` file - we can use [analyzer interface](https://github.com/aquasecurity/trivy/blob/4926da79de901fba73819d71845ec0355b68ae0f/pkg/fanal/analyzer/analyzer.go#L72-L77). If no - we need to use [PostAnalyzer](https://github.com/aquasecurity/trivy/blob/4926da79de901fba73819d71845ec0355b68ae0f/pkg/fanal/analyzer/analyzer.go#L79-L84) and detect root package from `pyproject.toml` file.
   - [ ] This is lock file, so we need to add  it into [TypeLockfiles](https://github.com/aquasecurity/trivy/blob/4926da79de901fba73819d71845ec0355b68ae0f/pkg/fanal/analyzer/const.go#L207) (don't forget about `TypeLanguages`)
- [x] add new type into [purl package](https://github.com/aquasecurity/trivy/blob/4926da79de901fba73819d71845ec0355b68ae0f/pkg/purl/purl.go) 
- [x] update driver for [Python](https://github.com/aquasecurity/trivy/blob/4926da79de901fba73819d71845ec0355b68ae0f/pkg/detector/library/driver.go#L51)
- [x] add unit and integration tests
- [x] docs: update [Python](https://trivy.dev/latest/docs/coverage/language/python/) and [overview](https://trivy.dev/latest/docs/coverage/language/python/) pages


### Discussed in https://github.com/aquasecurity/trivy/discussions/7647


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

feat(python): Add support for astral UV #7653

Description

TODO

Discussed in #7647

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

feat(python): Add support for astral UV #7653

Description

Description

TODO

Discussed in #7647

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions