DmitriyLewen
DmitriyLewen
can you update Trivy to `v0.36.0` and try to scan again with flag `--security-checks vuln` flag(this flag for client command)
Hello @carrieyang1212 We merged changes to use `skip-dp-update` flag for `hot updates`. We will include this in next release. Before that you can use canary build(if this is okay for...
Hello @protux Sorry for waiting. I checked this case with my private docker hub image and Trivy works correctly: ```zsh ➜ ~ docker run -e "TRIVY_USERNAME=***" -e "TRIVY_PASSWORD=***" aquasec/trivy image...
Hello @outsideMyBox Thanks for your information. Looks like it is different problem. Can you create new Issue and tell more about your case(Trivy version, commands, etc...)? Regards, Dmitriy
@ohmer Adding secrets is possible for you, i understood you correct? And 1 more request: can you add test for this template? We have tests for some templates [here](https://github.com/aquasecurity/trivy/blob/34d505ad1497dd11c1865efa05ec96032d8fedae/integration/client_server_test.go#L314-L340).
Hello @stickycode thanks for your report! It seems that your docker credentials are wrong. Can you log out of docker and try again? And 1 more question: are you trying...
Hello @marcinwrochna Thanks for your information. What version of Trivy are you using? > I needed to login to ghcr.io with docker login ghcr.io -u $MYUSERNAME --password-stdin and a [Personal...
Hello @JwishPark Thanks for your report! Trivy uses `RedHat database` for `RHEL/CentOS`.(More information about Data Sources [here](https://aquasecurity.github.io/trivy/v0.34/docs/vulnerability/detection/data-source/). For RHEL7 `CVE-2014-9939` has status `affected`(https://access.redhat.com/security/cve/cve-2014-9939) That is why Trivy found this CVE....
Hello @kyberorg Thanks for your report! [Alpine security database](https://secdb.alpinelinux.org/edge/) currently contains `3.0.6-r0` as fixed version. When Alpine updates this, you will receive new fixed version. Regards, Dmitriy
Hello @KateCatlin Can you clarify - are there possible cases when only `last_known_affected_version_range` field is used? ( i mean without `fixed` or `last_affected`). Or are these not resynchronized advisories? example...