Comments (3)
Hi @piyush94, thank you for the report. I'm a developer of Trivy. We changed the behavior of severity in v0.7.0. v0.6.0 used the severity from NVD, but v0.7.0 uses the severity from a vendor such as Red Hat and Debian according to a base image. The NVD severity is the generic one, but the vendor provides more accurate severity, considering the situation of distribution. The number of vulnerabilities is not supposed to be different. I'm sorry for the confusion.
https://github.com/aquasecurity/trivy/releases/tag/v0.7.0
from harbor-scanner-trivy.
@danielpacak, @knqyf263 - Thanks. This was helpful.
from harbor-scanner-trivy.
@piyush94 I should have mentioned the change in the release notes https://github.com/aquasecurity/harbor-scanner-trivy/releases/tag/v0.10.0, which are now updated.
Please close the ticket if we answered your questions.
from harbor-scanner-trivy.
Related Issues (20)
- Harbor trivy-adapter offline not working HOT 2
- Allow .trivyignore HOT 2
- Can I use it by separately installing adapter 0.30.7 in harbor 2.2 in an offline environment?
- un-use deprecated flags
- How is the reports folder used when using the Harbor Trivy Adapter?
- [Question] Connecting to external Trivy instance HOT 2
- harbor integration trivy report Unhealthy
- Missing attribute preferred_cvss in the report json
- File containing the security issue (target) is not stored
- Trivy cache is growing too fast
- Scan report is missing the binary related to vulnerability HOT 1
- the length of usernames and passwords must match with 2.8.2 HOT 8
- About vulnerabilities [email protected] on image docker
- mkdir /home/scanner/.cache/trivy/fanal: permission denied HOT 1
- ERROR: column t0.critical_cnt does not exist HOT 1
- It does not work when scan java program HOT 1
- Trivy status goes unhealthy during the scan
- how to skip java db update when scanning start
- Allow image layer cache (fanal.db) to be stored in Redis HOT 1
- Trivy scan results are not up to date HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from harbor-scanner-trivy.