aquasecurity trivy Q A · Discussions · GitHub

Share with us your favourite part about Trivy
Adopters AnaisUrlichs

Q&A Discussions

Ask the community for help

You must be logged in to vote

Show CVSS score in table output
triage/support Indicates an issue that is a support question.
hangrymuppet asked Jul 8, 2024 in Q&A · Unanswered

1
You must be logged in to vote

CVE not reported on older Alpine, only on newer version
triage/support Indicates an issue that is a support question. scan/vulnerability Issues relating to vulnerability scanning
ckcr4lyf asked Dec 9, 2025 in Q&A · Answered

2
You must be logged in to vote

Severity mismatch for CVE-2025-9230 between Trivy and NVD.
triage/support Indicates an issue that is a support question.
aantra31 asked Dec 10, 2025 in Q&A · Unanswered

3
You must be logged in to vote

Recalculating a vulnerability's Severity and CVSS score based on injected temporal/environmental metrics
triage/support Indicates an issue that is a support question.
quentinkhoo asked Dec 10, 2025 in Q&A · Unanswered

1
You must be logged in to vote

Search on Aqua Vulnerability Database is broken? Doesn't show React2Shell
triage/support Indicates an issue that is a support question.
stefanlasiewski asked Dec 9, 2025 in Q&A · Closed · Answered

1
You must be logged in to vote

trivy bom scanning doesn't introspect images purl ?
triage/support Indicates an issue that is a support question. scan/vulnerability Issues relating to vulnerability scanning scan/sbom Issues relating to SBOM
cridam asked Dec 8, 2025 in Q&A · Unanswered

1
You must be logged in to vote

Does trivy support vc++ projects?
triage/support Indicates an issue that is a support question.
uday-globuslive asked Dec 7, 2025 in Q&A · Unanswered

3
You must be logged in to vote

Parallel scans utilizing same cache dir failing with 0.66.0
triage/support Indicates an issue that is a support question.
bluesliverx asked Sep 12, 2025 in Q&A · Unanswered

4
You must be logged in to vote

Potential false positive: CVE-2024-54133 reported for actionpack 7.2.3
triage/support Indicates an issue that is a support question.
bukreevdanil09-stack asked Dec 3, 2025 in Q&A · Answered

6
You must be logged in to vote

What does each letter of KSV and KCV stand for?
triage/support Indicates an issue that is a support question.
pczern asked Dec 3, 2025 in Q&A · Unanswered

0
You must be logged in to vote

Is it possible that a CVE does not have any CVSS source?
triage/support Indicates an issue that is a support question.
quentinkhoo asked Dec 5, 2025 in Q&A · Unanswered

0
You must be logged in to vote

Is it expected that Trivy doesn't detect CVE-2025-66478 (Next.js) yet?
triage/support Indicates an issue that is a support question.
DavidLMS asked Dec 4, 2025 in Q&A · Closed · Answered

2
You must be logged in to vote

Please help people in countries with internet restrictions
triage/support Indicates an issue that is a support question.
typenoob asked Dec 4, 2025 in Q&A · Unanswered

2
You must be logged in to vote

how to select files by glob

LuckichS asked Oct 14, 2025 in Q&A · Unanswered

2
You must be logged in to vote

list-all-pkgs does not work for table format
triage/support Indicates an issue that is a support question. scan/vulnerability Issues relating to vulnerability scanning target/container-image Issues relating to container image scanning
nicoabie asked Nov 27, 2025 in Q&A · Answered

7
You must be logged in to vote

CVE-2024-50343 is not detected when vulnerable package is in composer.lock
triage/support Indicates an issue that is a support question. scan/vulnerability Issues relating to vulnerability scanning
Chekote asked Nov 25, 2025 in Q&A · Closed · Answered

4
You must be logged in to vote

Pulling Trivy-DB From A Private Registry
triage/support Indicates an issue that is a support question.
Ehudaviv asked Dec 1, 2025 in Q&A · Closed · Answered

3
You must be logged in to vote

trivy does not manage VEX attestation as expected with option --vex oci
triage/support Indicates an issue that is a support question. scan/vulnerability Issues relating to vulnerability scanning
rcarre asked Nov 20, 2025 in Q&A · Unanswered

17
You must be logged in to vote

How to display reports?
triage/support Indicates an issue that is a support question.
static-moonlight asked Nov 26, 2025 in Q&A · Unanswered

0
You must be logged in to vote

Override built-in check severity
triage/support Indicates an issue that is a support question. scan/misconfiguration Issues relating to misconfiguration scanning
jamesrwhite asked Nov 10, 2025 in Q&A · Unanswered

2
You must be logged in to vote

Why is component.evidence.occurrences.location not populated in CycloneDX SBOMs?
triage/support Indicates an issue that is a support question.
3nol asked Nov 19, 2025 in Q&A · Closed · Answered

1
You must be logged in to vote

downloadLocation is almost always NONE in SPDX format
triage/support Indicates an issue that is a support question.
apenumacha asked Nov 18, 2025 in Q&A · Unanswered

1
You must be logged in to vote

IgnorePolicy

WineBarProstejov asked Nov 12, 2025 in Q&A · Closed · Unanswered

1
You must be logged in to vote

Multiple CVEs reported in Trivy 0.67.2 - are any exploitable?
triage/support Indicates an issue that is a support question.
candrews asked Nov 17, 2025 in Q&A · Unanswered

1
You must be logged in to vote

Error "semaphore acquire: context deadline exceeded" when running Trivy fs scan on WildFly repository
triage/support Indicates an issue that is a support question.
pooja0805 asked Nov 3, 2025 in Q&A · Unanswered

17