trivy

trivy copied to clipboard

## Description _WIP_ ## Related issues - Close #2476 ## Checklist - [x] I've read the [guidelines for contributing](https://aquasecurity.github.io/trivy/latest/community/contribute/pr/) to this repository. - [x] I've followed the [conventions](https://aquasecurity.github.io/trivy/latest/community/contribute/pr/#title) in the...

liamg

## Description Trivy always parses language and lock files, but doesn't result to report if `--security-checks != vuln`. But it wastes time and resources. Added disabling analyzers for these files...

DmitriyLewen

## Description I have followed the instructions on [quarkus.io](https://quarkus.io/guides/building-native-image) to build a native image from my quarkus java programm (for demonstration the getting-started works well). When I want to scan...

tofuatjava

docs(sbom): improve SBOM docs by adding a description for scanning SBOM attestation

1

## Description I've improved SBOM docs by adding a description for scanning SBOM attestation. ## Related issues ## Checklist - [x] I've read the [guidelines for contributing](https://aquasecurity.github.io/trivy/latest/community/contribute/pr/) to this repository....

otms61

Trivy not able to detect graddle exclusions, hence reporting false positives

3

## Description **Trivy not able to detect Gradle exclusions, hence reporting false positives.** - Docker images are scanned using Trivy. These images host spring-boot application which uses Gradle for packaging....

pms-github

pom.xml scanner founds wrong dependencies versions

9

## Description While scanning my java project trivy detects wrong versions of certain dependencies such as: ``` org.springframework.security:spring-security-core : 4.2.20.RELEASE org.springframework.security:spring-security-web : 4.2.20.RELEASE org.springframework:spring-beans: 4.3.30.RELEASE org.springframework:spring-core : 4.3.30.RELEASE ``` But...

Bhaal22

Can trivy resolve python dependencies?

2

Hey all I wanted to use trivy in a python environment but i couldn't find a way to not only scan the requirements file but also whatever dependencies these packages...

eslamkarim

Cache fills to capacity then fails

3

## Description Using trivy as a service with a redis backing, it appears that nothing ever clears data from redis. It continued to fill until it hit 100% at which...

zfLQ2qx2

Trivy fail to show Node.js vulnerability

5

## Description I was looking for a Node.js vulnerability that could show Trivy ability to detect docker images vulnerability. I opt for the [CVE-2021-22883](https://www.cvedetails.com/cve/CVE-2021-22883/) which was easy to demonstrate in...

fabiorush

Integration Test cases are failing for Power(ppc64le).

4

Hi Team, I am raising this issue in reference to #2570 . Unit test cases and Module Integration test cases are passing after the fix done in #2575 .Currently facing...

Sunidhi-Gaonkar1