Israel Blancas
Israel Blancas
I'm not sure if this is a pretty good idea since the final images are based on `scratch` and not on `alpine` as #175 says. https://github.com/aquasecurity/trivy/issues/173#issuecomment-546673051
I'll try to gather some ideas... but I usually saw people using `trivy fs` command to deal with this kind of situations
@piotrgwiazda the only thing we'll add in that case, are the vulnerabilities from the base OS. I'm not sure if the ones from the execuables will be detected... since for...
The ideal would be to check the source code from each repository... but since this can be slow, I can add a script that checks out the different repositories and...
I see. Is changing the base images an option? Otherwise I think there is not a real "fix" for this issue.
I know but... I think there are no many options, right?
I don't find anything like that. The only thing I found is the `--vuln-type` argument from `trivy`. For instance: ```sh trivy i --vuln-type library otel/opentelemetry-collector:latest ```
Hmmm I was not able to find anything related. I did a couple of experiments... and something seems to work, is to just create a dummy file (using touch). What...
I can work on it :)
No, we haven't. This is something I have to work on