Debian security tracker - TEMP vulnerabilities #6455

SinghSarabpreet05 · 2024-04-04T05:32:20Z

SinghSarabpreet05
Apr 4, 2024

Question

While scanning one of the debian images, some vulnerabilities are detected that are TEMP- and not CVEs. These are linked to debian security scanner.

For instance, running this scan outputs multiple TEMP- vulnerabilities:

trivy image python:3.11.4-slim-bullseye

One of those TEMPs are linked here: TEMP-0841856-B18BAF

Although these TEMPs can be ignored by setting --severity MEDIUM,HIGH,CRITICAL but that would ignore CVEs as well.

Is there a way to just ignore TEMP- vulnerabilities from showing up in the output?

Target

Container Image

Scanner

Vulnerability

Output Format

Table

Mode

Standalone

Operating System

Linux

Version

0.50.1

Answered by knqyf263

Apr 4, 2024

If you have a list of IDS, you can write them in .trivyignore.
https://aquasecurity.github.io/trivy/v0.50/docs/configuration/filtering/#by-finding-ids

If you want to ignore all CVEs prefixed TEMP-, you can write a Rego policy.
https://aquasecurity.github.io/trivy/v0.50/docs/configuration/filtering/#by-rego

View full answer

knqyf263 · 2024-04-04T06:48:41Z

knqyf263
Apr 4, 2024
Maintainer

If you have a list of IDS, you can write them in .trivyignore.
https://aquasecurity.github.io/trivy/v0.50/docs/configuration/filtering/#by-finding-ids

If you want to ignore all CVEs prefixed TEMP-, you can write a Rego policy.
https://aquasecurity.github.io/trivy/v0.50/docs/configuration/filtering/#by-rego

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Debian security tracker - TEMP vulnerabilities #6455

{{title}}

Replies: 1 comment

{{title}}

Select a reply

Debian security tracker - TEMP vulnerabilities #6455

SinghSarabpreet05 Apr 4, 2024

Question

Target

Scanner

Output Format

Mode

Operating System

Version

Replies: 1 comment

knqyf263 Apr 4, 2024 Maintainer

SinghSarabpreet05
Apr 4, 2024

knqyf263
Apr 4, 2024
Maintainer