Add ability to see that Trivy doesn't support detecting vulnerabilities in the found OS for json format
#6971
DmitriyLewen
started this conversation in
Ideas
Replies: 3 comments
-
|
We need a "supported" flag both for SBOM and vulnerabilities. |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
Any chance it will be available in the next release? |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
This would be extremely helpful for companies that triage vulnerabilities based on the JSON files alone. As is, there's no indication in that workflow that no vulnerabilities were detected because the OS isn't supported. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Description
Trivy shows information about unsupported OS only in log message (e.g.
2024-05-04T08:27:07Z WARN Unsupported os family="fedora").But if log is supressed (
--quietflag) - users don't have option to understand that Trivy doesn't support detecting vulnerabilities in the found OS.As solution we can add new
boolfield (e.g.vulnScanningSupported) into OS struct.Or we can use
stringfield (supported,unsupportedanddisabled) to avoid confusing users when vuln vulnerability scanning is disabled.Target
Container Image
Scanner
Vulnerability
Beta Was this translation helpful? Give feedback.
All reactions