How does Trivy get the dependencies of a project ? #7595
Unanswered
ks-fabrice-chapuis
asked this question in
Q&A
Replies: 1 comment 3 replies
-
Hello @ks-fabrice-chapuis details on scanning
IIRC You can send me your Regards, Dmitriy |
Beta Was this translation helpful? Give feedback.
3 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Question
Hello,
Currently, I am using Trivy to generate the Software Bills of Materials of the projects of my company, but I saw something weird.
I have a python project having several dependencies (internal as external). The problem is that the dependencies' version in the requirements.txt file is different from the version written in the json file created by Trivy. And the version written in the requirements.txt file is not even written in the SBOM.
For example,
Do you have any idea why ?
Is it possible for it to find the dependencies of an internal dependency ?
Is it possible to differentiate them from the external ones ?
Thank you very much for your time,
Fabrice
Target
SBOM
Scanner
None
Output Format
JSON
Mode
Standalone
Operating System
No response
Version
Beta Was this translation helpful? Give feedback.
All reactions