Replies: 2 comments 1 reply
-
|
Hello @enzofrnt OVAL format should take these moments into account, and trivy-db in turn should also correctly process these cases. Regards, Dmitriy |
Beta Was this translation helpful? Give feedback.
-
|
Si currently Trivy does not support those cases ? The issue is that I don't know how to manage those cases. |
Beta Was this translation helpful? Give feedback.
-
|
You are talking about a special case. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Question
Hi,
I have a question regarding how Trivy handles vulnerabilities for Oracle Linux, specifically those published in ELSA (Enterprise Linux Security Advisory) reports.
Does Trivy ingest all CVEs listed in each ELSA, or is there some filtering logic to include only those that are actually relevant to the specific packages?
The reason I’m asking is that some ELSA reports include CVEs that do not necessarily apply to all the packages mentioned in the advisory. Without fine-grained filtering, this might lead to false positives in vulnerability reports.
Thanks in advance for your insights, and thank you for your work on Trivy!
Best regards,
Enzo
Target
Filesystem
Scanner
Vulnerability
Output Format
None
Mode
Standalone
Operating System
Oracle linux 8
Version
No response
Beta Was this translation helpful? Give feedback.
All reactions