Skip to content

Supported OS

The unfixed/unfixable vulnerabilities mean that the patch has not yet been provided on their distribution. Trivy doesn't support self-compiled packages/binaries, but official packages provided by vendors such as Red Hat and Debian.

OS Supported Versions Target Packages Detection of unfixed vulnerabilities
Alpine Linux 2.2 - 2.7, 3.0 - 3.17, edge Installed by apk NO
Wolfi Linux (n/a) Installed by apk NO
Chainguard (n/a) Installed by apk NO
Red Hat Universal Base Image1 7, 8, 9 Installed by yum/rpm YES
Red Hat Enterprise Linux 6, 7, 8 Installed by yum/rpm YES
CentOS 6, 7, 8 Installed by yum/rpm YES
AlmaLinux 8, 9 Installed by yum/rpm NO
Rocky Linux 8, 9 Installed by yum/rpm NO
Oracle Linux 5, 6, 7, 8 Installed by yum/rpm NO
CBL-Mariner 1.0, 2.0 Installed by yum/rpm YES
Amazon Linux 1, 2, 2023 Installed by yum/rpm NO
openSUSE Leap 42, 15 Installed by zypper/rpm NO
SUSE Enterprise Linux 11, 12, 15 Installed by zypper/rpm NO
Photon OS 1.0, 2.0, 3.0, 4.0 Installed by tdnf/yum/rpm NO
Debian GNU/Linux wheezy, jessie, stretch, buster, bullseye Installed by apt/apt-get/dpkg YES
Ubuntu All versions supported by Canonical Installed by apt/apt-get/dpkg YES
Distroless2 Any Installed by apt/apt-get/dpkg YES

Distributions

CBL-Mariner

Trivy scans CBL-Mariner.

Support

The following table provides an outline of the features Trivy offers.

Version Container image Virtual machine Distroless Multi-arch Unfixed support
1.0 amd64, arm64
2.0 amd64, arm64

Examples

➜ trivy image mcr.microsoft.com/cbl-mariner/base/core:2.0
2022-07-27T14:48:20.355+0600    INFO    Detected OS: cbl-mariner
2022-07-27T14:48:20.355+0600    INFO    Detecting CBL-Mariner vulnerabilities...
2022-07-27T14:48:20.356+0600    INFO    Number of language-specific files: 0

    mcr.microsoft.com/cbl-mariner/base/core:2.0 (cbl-mariner 2.0.20220527)

    Total: 33 (UNKNOWN: 0, LOW: 0, MEDIUM: 15, HIGH: 13, CRITICAL: 5)
➜ docker run  -it --rm --entrypoint bin/bash mcr.microsoft.com/cbl-mariner/base/core:2.0
root [ / ]# tdnf -y install ca-certificates
root [ / ]# # Install the latest Trivy
root [ / ]# trivy rootfs /
2022-07-27T09:30:06.815Z    INFO    Need to update DB
2022-07-27T09:30:06.815Z    INFO    DB Repository: ghcr.io/aquasecurity/trivy-db
2022-07-27T09:30:06.815Z    INFO    Downloading DB...
33.25 MiB / 33.25 MiB [------------------------------] 100.00% 4.20 MiB p/s 8.1s
2022-07-27T09:30:21.756Z    INFO    Vulnerability scanning is enabled
2022-07-27T09:30:21.756Z    INFO    Secret scanning is enabled
2022-07-27T09:30:21.756Z    INFO    If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2022-07-27T09:30:21.756Z    INFO    Please see also https://aquasecurity.github.io/trivy/v0.30.4/docs/secret/scanning/#recommendation for faster secret detection
2022-07-27T09:30:22.205Z    INFO    Detected OS: cbl-mariner
2022-07-27T09:30:22.205Z    INFO    Detecting CBL-Mariner vulnerabilities...
2022-07-27T09:30:22.205Z    INFO    Number of language-specific files: 0

40ba9a55397c (cbl-mariner 2.0.20220527)
=======================================
Total: 33 (UNKNOWN: 0, LOW: 0, MEDIUM: 15, HIGH: 13, CRITICAL: 5)

Data source

See here.


  1. https://developers.redhat.com/products/rhel/ubi 

  2. https://github.com/GoogleContainerTools/distroless