-
We are currently running Trivy with the latest version:
```yaml
name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 #0.19.0
with:
ima…
-
I'd like to have an action to install Trivy so I can use it directly for advanced use-cases. This pattern is available for Syft & Grype (amongst others) at a nested path in their action repos.
This…
-
### Discussed in https://github.com/aquasecurity/trivy-operator/discussions/1699
Originally posted by **gerbil** December 15, 2023
We got an issue with java db (400+mb) downloads from China. F…
-
## 🐞 Bug report
### Describe the bug
We do the following scan by Trivy:
```
apiVersion: "execution.securecodebox.io/v1"
kind: Scan
metadata:
name: "trivy-k8s-1"
annotations:
def…
-
## Vulnerabilities found for metadata-writer:2.0.5
```
For OSS Maintainers: VEX Notice
--------------------------------
If you're an OSS maintainer and Trivy has detected vulnerabilities in your pro…
-
Hi,
I would like to raise an issue with trivy-action running in self-hosted runners hosted in EKS with docker in docker mode.
When I try to run trivy scan in these runners I'm always getting the…
-
We are building an image-scanner K8s-operator, and all our clusters runs Openshift. Inspired by [trivy-operator](https://github.com/aquasecurity/trivy-operator), which we cannot use for various reason…
-
[`cargo auditable`](https://github.com/rust-secure-code/cargo-auditable) is a project by Rust's [Secure Code WG](https://www.rust-lang.org/governance/wgs/wg-secure-code). It embeds the list of depende…
-
I see in the example https://github.com/aquasecurity/trivy-action#trivy-action
that pipeline only pull Tracy image, however when I use the same action it causes building privy docker image every run
…
-
### Current Behavior
I created a new project and imported an SBOM of an old version of debian-slim. Trivy reports vulnerabilities but dependencyTrack doesn't. I created a Sonatype OSS account and con…