-
The trivy adapter instance will cache image layer metadata (OS, packages, libraries, etc...) by the image layer id, storing that data in the fanal.db on the local filesystem.
I'd like to store that…
-
from @ewels
Seeing more and more people ask about SBOM documents for pipelines / containers (software bill of materials). It looks like Trivy can generate SBOMs. Is this something that we could get …
-
Has anyone been able to get any useful output from combining trivy + reviewdog for container image scanning?
I would have hoped to keep using https://github.com/reviewdog/action-trivy for both `fs`…
-
It seems to me that the action is limited to only the scanners `os` and `library`?
Passing other valid types such as `license` is not possible.
Not sure if this is because you want to ensure tha…
-
@fjrsaracho surfaced an issue reported by the code scanning tool Trivy. This issue is about implementing Trivy to do a scan weekly so we can stay on top of vulns even if code is not being pushed.
…
-
#### Description
After deploying Harbor using the Helm chart in version `1.15.1`, the daily automated security scan does not report any vulnerabilities. However, when manually initiating a scan, vu…
-
Hi, our team is running a trivy scan on our custom image that contains only openshift-install, openshift-client and
From the trivy scan, we found the following CVEs:
- CVE-2023-48795
- CVE-2022-41…
-
### Discussed in https://github.com/aquasecurity/trivy-operator/discussions/1699
Originally posted by **gerbil** December 15, 2023
We got an issue with java db (400+mb) downloads from China. F…
-
### Description
A suggestion is to use [trivy](https://github.com/aquasecurity/trivy) it's free and works pretty well.
Running it locally like so: `trivy fs --severity HIGH,CRITICAL --exit-code …
-
I'm using Trivy to generate SBOM of my prpject dependencies and submit them to GitHub Dependency Graph. I'm following the steps described in [Trivy documentation](https://github.com/aquasecurity/trivy…