Replies: 1 comment
-
Debian sid is not supported for now. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Description
Scanned a debian image using the latest trivy version, but see a discrepancy in the packages and vulnerabilities reported when compared with other tools
Eg. Trivy scan of debian:unstable-20240311 reports 86 packages with no vulnerabilities while dockerhub (https://hub.docker.com/layers/library/debian/unstable-20240311/images/sha256-8690225da3ca369e9be720446f73e0aa06f290776fdf2605b6ec80c2b229b9f6) reports 125 with 21 vulnerabilities.
Desired Behavior
Consistent results w.r.t packages and vulnerabilities
x
Actual Behavior
Unreported packages and vulnerabilities
Eg. missing xz-utils package and associated vulnerabilities
Reproduction Steps
Target
Container Image
Scanner
Vulnerability
Output Format
JSON
Mode
Standalone
Debug Output
Operating System
macOS Sonoma
Version
Checklist
trivy image --reset
Beta Was this translation helpful? Give feedback.
All reactions