Description

The secret scanner fails with a UTF-8 marshalling error when scanning repositories that contain files with invalid UTF-8 content, such as translation files or binary content.

Steps to Reproduce

1. Start trivy server:

$ trivy server

2. Scan a repository with files containing invalid UTF-8 sequences:

$ trivy repo https://github.com/juice-shop/juice-shop --server http://localhost:4954

Expected Behavior

The scan should complete successfully, handling files with invalid UTF-8 content gracefully.

Actual Behavior

The scan fails with the following error:

FATAL   Fatal error     repo scan error: scan error: scan failed: failed analysis: remote repository error: failed to store blob (sha256:e3e730cdeff2f1c66082bc550dcdd2226b8070382f6451040a13d203e1ff5325) in cache: unable to store cache on the server: twirp error internal: failed to marshal proto request: string field contains invalid UTF-8

Environment

• Repository with translation files or binary content (e.g., juice-shop)
• Trivy server mode with secret scanning enabled

Additional Context

This issue occurs because the secret scanner converts raw file bytes to strings without UTF-8 validation, and protobuf string fields require valid UTF-8 content during marshalling.