Supported OS
The unfixed/unfixable vulnerabilities mean that the patch has not yet been provided on their distribution. Trivy doesn't support self-compiled packages/binaries, but official packages provided by vendors such as Red Hat and Debian.
| OS | Supported Versions | Target Packages | Detection of unfixed vulnerabilities |
|---|---|---|---|
| Alpine Linux | 2.2 - 2.7, 3.0 - 3.17, edge | Installed by apk | NO |
| Wolfi Linux | (n/a) | Installed by apk | NO |
| Red Hat Universal Base Image1 | 7, 8, 9 | Installed by yum/rpm | YES |
| Red Hat Enterprise Linux | 6, 7, 8 | Installed by yum/rpm | YES |
| CentOS | 6, 7, 8 | Installed by yum/rpm | YES |
| AlmaLinux | 8, 9 | Installed by yum/rpm | NO |
| Rocky Linux | 8, 9 | Installed by yum/rpm | NO |
| Oracle Linux | 5, 6, 7, 8 | Installed by yum/rpm | NO |
| CBL-Mariner | 1.0, 2.0 | Installed by yum/rpm | YES |
| Amazon Linux | 1, 2, 2023 | Installed by yum/rpm | NO |
| openSUSE Leap | 42, 15 | Installed by zypper/rpm | NO |
| SUSE Enterprise Linux | 11, 12, 15 | Installed by zypper/rpm | NO |
| Photon OS | 1.0, 2.0, 3.0, 4.0 | Installed by tdnf/yum/rpm | NO |
| Debian GNU/Linux | wheezy, jessie, stretch, buster, bullseye | Installed by apt/apt-get/dpkg | YES |
| Ubuntu | All versions supported by Canonical | Installed by apt/apt-get/dpkg | YES |
| Distroless2 | Any | Installed by apt/apt-get/dpkg | YES |
Distributions
CBL-Mariner
Trivy scans CBL-Mariner.
Support
The following table provides an outline of the features Trivy offers.
| Version | Container image | Virtual machine | Distroless | Multi-arch | Unfixed support |
|---|---|---|---|---|---|
| 1.0 | ✔ | ✔ | ✔ | amd64, arm64 | ✔ |
| 2.0 | ✔ | ✔ | ✔ | amd64, arm64 | ✔ |
Examples
➜ trivy image mcr.microsoft.com/cbl-mariner/base/core:2.0
2022-07-27T14:48:20.355+0600 INFO Detected OS: cbl-mariner
2022-07-27T14:48:20.355+0600 INFO Detecting CBL-Mariner vulnerabilities...
2022-07-27T14:48:20.356+0600 INFO Number of language-specific files: 0
mcr.microsoft.com/cbl-mariner/base/core:2.0 (cbl-mariner 2.0.20220527)
Total: 33 (UNKNOWN: 0, LOW: 0, MEDIUM: 15, HIGH: 13, CRITICAL: 5)
➜ docker run -it --rm --entrypoint bin/bash mcr.microsoft.com/cbl-mariner/base/core:2.0
root [ / ]# tdnf -y install ca-certificates
root [ / ]# # Install the latest Trivy
root [ / ]# trivy rootfs /
2022-07-27T09:30:06.815Z INFO Need to update DB
2022-07-27T09:30:06.815Z INFO DB Repository: ghcr.io/aquasecurity/trivy-db
2022-07-27T09:30:06.815Z INFO Downloading DB...
33.25 MiB / 33.25 MiB [------------------------------] 100.00% 4.20 MiB p/s 8.1s
2022-07-27T09:30:21.756Z INFO Vulnerability scanning is enabled
2022-07-27T09:30:21.756Z INFO Secret scanning is enabled
2022-07-27T09:30:21.756Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2022-07-27T09:30:21.756Z INFO Please see also https://aquasecurity.github.io/trivy/v0.30.4/docs/secret/scanning/#recommendation for faster secret detection
2022-07-27T09:30:22.205Z INFO Detected OS: cbl-mariner
2022-07-27T09:30:22.205Z INFO Detecting CBL-Mariner vulnerabilities...
2022-07-27T09:30:22.205Z INFO Number of language-specific files: 0
40ba9a55397c (cbl-mariner 2.0.20220527)
=======================================
Total: 33 (UNKNOWN: 0, LOW: 0, MEDIUM: 15, HIGH: 13, CRITICAL: 5)
Data source
See here.