Add ability to see that Trivy doesn't support detecting vulnerabilities in the found OS for json format
#6971
Replies: 4 comments
-
|
We need a "supported" flag both for SBOM and vulnerabilities. |
Beta Was this translation helpful? Give feedback.
-
|
Any chance it will be available in the next release? |
Beta Was this translation helpful? Give feedback.
-
|
This would be extremely helpful for companies that triage vulnerabilities based on the JSON files alone. As is, there's no indication in that workflow that no vulnerabilities were detected because the OS isn't supported. |
Beta Was this translation helpful? Give feedback.
-
|
Created #8256 for this task |
Beta Was this translation helpful? Give feedback.
-
Description
Trivy shows information about unsupported OS only in log message (e.g.
2024-05-04T08:27:07Z WARN Unsupported os family="fedora").But if log is supressed (
--quietflag) - users don't have option to understand that Trivy doesn't support detecting vulnerabilities in the found OS.As solution we can add new
boolfield (e.g.vulnScanningSupported) into OS struct.Or we can use
stringfield (supported,unsupportedanddisabled) to avoid confusing users when vuln vulnerability scanning is disabled.Target
Container Image
Scanner
Vulnerability
Beta Was this translation helpful? Give feedback.
All reactions