Trivy Ubuntu advisories provide a FixedVersion when there is a released fix for a package, Affected can be inferred when the advisory is present without a FixedVersion, it does not expose any other status that Canonical use to indicate the status of a fix. This is insufficient to infer a status of ignored, pending or needed as these status show the package is affected and in the process of getting to a fixed version or not if the status is ignored.
Summary
Trivy Ubuntu advisories provide a FixedVersion when there is a released fix for a package, Affected can be inferred when the advisory is present without a FixedVersion, it does not expose any other status that Canonical use to indicate the status of a fix. This is insufficient to infer a status of ignored, pending or needed as these status show the package is affected and in the process of getting to a fixed version or not if the status is ignored.
PR is #407