Closed DmitriyLewen closed 3 months ago
@DmitriyLewen I had an idea to use UID but I was lazy and didn't implement it 😄 I've finally created https://github.com/aquasecurity/trivy/pull/7042, can you please see if this can fix the bug?
can you please see if this can fix the bug?
I can confirm that your PR is fixing this bug :+1:
Closed in favor of https://github.com/aquasecurity/trivy/pull/7042
Description
We aggregated
pip/gem/npm/jar/conda
packages. Therefore, there are cases whenResult
contains the same vulnerabilities for the same packages but with different file paths. We show duplicates in vulnerabilities[].affects[] for these cases. But vulnerabilities[].affects[] should be uniq. To avoid this we don't need to include vulns with sameCVE
for samepkgID
.Example:
Before:
after:
Related issues
Checklist