search

aquasecurity / trivy

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
https://aquasecurity.github.io/trivy
Apache License 2.0
23.05k stars 2.27k forks source link

Add type field for vulnerability src #334

Open mrueg opened 4 years ago

mrueg commented 4 years ago 
      {
        "VulnerabilityID": "CVE-2013-4235",
        "PkgName": "passwd",
        "InstalledVersion": "1:4.5-1.1ubuntu2",
        "Title": "shadow-utils: TOCTOU race conditions by copying and removing directory trees",
        "Description": "shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees",
        "Severity": "LOW",
        "References": [
          "https://access.redhat.com/security/cve/cve-2013-4235",
          "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4235",
          "https://security-tracker.debian.org/tracker/CVE-2013-4235"
        ]
      }

should include "VulnerabilityType": "CVE" This makes it easy to precompute links to vuln trackers, if they are not part of the references.

knqyf263 commented 4 years ago

I agree.