Update README (#224)

* Update README

* Add Distroless

README.md

@@ -70,7 +70,7 @@ See [here](#continuous-integration-ci) for details.
 # Features
 
 - Detect comprehensive vulnerabilities
-  - OS packages (Alpine, **Red Hat Universal Base Image**, Red Hat Enterprise Linux, CentOS, Debian and Ubuntu)
+  - OS packages (Alpine, **Red Hat Universal Base Image**, Red Hat Enterprise Linux, CentOS, Debian, Ubuntu, Amazon Linux and Distroless)
   - **Application dependencies** (Bundler, Composer, Pipenv, Poetry, npm, yarn and Cargo)
 - Simple
   - Specify only an image name
@@ -1206,10 +1206,14 @@ The unfixed/unfixable vulnerabilities mean that the patch has not yet been provi
 | Red Hat Universal Base Image | 7, 8                                     | Installed by yum/rpm          |                 YES                  |
 | Red Hat Enterprise Linux     | 6, 7, 8                                  | Installed by yum/rpm          |                 YES                  |
 | CentOS                       | 6, 7                                     | Installed by yum/rpm          |                 YES                  |
+| Amazon Linux                 | 1, 2                                     | Installed by apt/apt-get/dpkg |                  NO                  |
 | Debian GNU/Linux             | wheezy, jessie, stretch, buster          | Installed by apt/apt-get/dpkg |                 YES                  |
 | Ubuntu                       | 12.04, 14.04, 16.04, 18.04, 18.10, 19.04 | Installed by apt/apt-get/dpkg |                 YES                  |
+| Distroless                   | Any                                      | Installed by apt/apt-get/dpkg |                 YES                  |
 
-RHEL and CentOS package information is stored in a binary format, and Trivy uses the `rpm` executable to parse this information when scanning an image based on RHEL or CentOS. The Trivy container image includes `rpm`, and the installers include it as a dependency. If you installed the `trivy` binary using `wget` or `curl`, or if you build it from source, you will also need to ensure that `rpm` is available.
+RHEL, CentOS and Amazon Linux package information is stored in a binary format, and Trivy uses the `rpm` executable to parse this information when scanning an image based on RHEL or CentOS. The Trivy container image includes `rpm`, and the installers include it as a dependency. If you installed the `trivy` binary using `wget` or `curl`, or if you build it from source, you will also need to ensure that `rpm` is available.
+
+Distroless: https://github.com/GoogleContainerTools/distroless
 
 ## Application Dependencies
 
@@ -1227,6 +1231,17 @@ The path of these files does not matter.
 
 Example: https://github.com/aquasecurity/trivy-ci-test/blob/master/Dockerfile
 
+## Image Tar format
+Trivy scans a tar image with the following format.
+
+- Docker Image Specification (https://github.com/moby/moby/tree/master/image/spec)
+  - Moby Project (https://github.com/moby/moby/)
+  - Buildah, Podman (https://github.com/containers/buildah)
+  - img (https://github.com/genuinetools/img)
+- Kaniko
+  - Kaniko (https://github.com/GoogleContainerTools/kaniko)
+
+
 ### Data source
 - PHP
   - https://github.com/FriendsOfPHP/security-advisories