bug(vex): Trivy doesn't support auth for OCI images from private registries

## Description
When trying to get VEX documents from the OCI image we get an authentication error:
```
failed to probe the package URL:
github.com/aquasecurity/trivy/pkg/vex.RetrieveVEXAttestation
/home/runner/work/trivy/trivy/pkg/vex/oci.go:42
fetching documents: looking for documents: resolving image reference: GET https://xxx.azurecr.io/oauth2/token?scope=repository%3Aaaa-bbb%3Apull&service=xxx.azurecr.io: UNAUTHORIZED: authentication required, visit https://aka.ms/acr/authorization for more information. CorrelationId: xxxx-xxx-xx-xx-xxxxx
``` 

Unfortunately, `github.com/openvex/discovery` doesn't support auth.
I created https://github.com/openvex/discovery/issues/82 about adding remote options for `ProbePurl`.


### Discussed in https://github.com/aquasecurity/trivy/discussions/8911


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

bug(vex): Trivy doesn't support auth for OCI images from private registries #8916

Description

Discussed in #8911

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

bug(vex): Trivy doesn't support auth for OCI images from private registries #8916

Description

Description

Discussed in #8911

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions