Supported OS
The unfixed/unfixable vulnerabilities mean that the patch has not yet been provided on their distribution. Trivy doesn't support self-compiled packages/binaries, but official packages provided by vendors such as Red Hat and Debian.
| OS | Supported Versions | Target Packages | Detection of unfixed vulnerabilities |
|---|---|---|---|
| Alpine Linux | 2.2 - 2.7, 3.0 - 3.15, edge | Installed by apk | NO |
| Red Hat Universal Base Image1 | 7, 8 | Installed by yum/rpm | YES |
| Red Hat Enterprise Linux | 6, 7, 8 | Installed by yum/rpm | YES |
| CentOS | 6, 7, 8 | Installed by yum/rpm | YES |
| AlmaLinux | 8 | Installed by yum/rpm | NO |
| Rocky Linux | 8 | Installed by yum/rpm | NO |
| Oracle Linux | 5, 6, 7, 8 | Installed by yum/rpm | NO |
| CBL-Mariner | 1.0, 2.0 | Installed by yum/rpm | YES |
| Amazon Linux | 1, 2 | Installed by yum/rpm | NO |
| openSUSE Leap | 42, 15 | Installed by zypper/rpm | NO |
| SUSE Enterprise Linux | 11, 12, 15 | Installed by zypper/rpm | NO |
| Photon OS | 1.0, 2.0, 3.0, 4.0 | Installed by tdnf/yum/rpm | NO |
| Debian GNU/Linux | wheezy, jessie, stretch, buster, bullseye | Installed by apt/apt-get/dpkg | YES |
| Ubuntu | All versions supported by Canonical | Installed by apt/apt-get/dpkg | YES |
| Distroless2 | Any | Installed by apt/apt-get/dpkg | YES |