You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This update introduces the ability to display the status of vulnerabilities in both table and JSON formats. A new flag --ignore-status has been added, which allows users to ignore vulnerabilities with a certain status during the scan.
The status of a vulnerability provides additional context about its lifecycle. For example, a status of "will_not_fix" indicates that the vulnerability is known but there are no plans to address it. This can be useful information when prioritizing remediation efforts.
Here's how you can use the new --ignore-status flag:
In the example above, Trivy will scan the centos:7 image and ignore any vulnerabilities with the status will_not_fix or fix_deferred. This can be useful if you want to focus on actionable vulnerabilities.
See the document for a list of statuses, supported operating systems and other detailed information.
📁 Local repository support in trivy repo 📁
trivy repo now supports scanning of local repositories in addition to remote ones. Previously, trivy repo was used to scan remote repositories only. Now, with the addition of local repository support, you can use the same command to scan your local repositories as well.
$ trivy repo --scanners vuln /path/to/localrepo
In the example above, Trivy will scan the local repository located at /path/to/localrepo. This is equivalent to using the trivy fs command.
📦 Yarn support for --include-dev-deps flag 🧶
This update extends the --include-dev-deps flag to support Yarn in addition to npm. The --include-dev-deps flag was introduced in Trivy v0.43.0 to include development dependencies in the scan for npm. Now, this functionality is available for Yarn as well, allowing users to include development dependencies in their vulnerability scans.
$ trivy fs --include-dev-deps /path/to/project
In the example above, Trivy will scan the project located at /path/to/project and include development dependencies in the scan. This can be useful if you want to ensure that your development environment is also free from vulnerabilities.
📮Support --config-data for cloud scanning 🀧
It's now possible to supply custom input data for cloud scanning policies. See here for more info.
👨🏼🚒--policy flag now can accept directories and files both 🆒
We've added support so you can now supply one or multiple files as input to the --policy flag. For instance:
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
🚀 What's new? 🚀
🛡️ Vulnerability Status Support 📊
This update introduces the ability to display the status of vulnerabilities in both table and JSON formats. A new flag
--ignore-status
has been added, which allows users to ignore vulnerabilities with a certain status during the scan.The status of a vulnerability provides additional context about its lifecycle. For example, a status of "will_not_fix" indicates that the vulnerability is known but there are no plans to address it. This can be useful information when prioritizing remediation efforts.
Here's how you can use the new --ignore-status flag:
In the example above, Trivy will scan the
centos:7
image and ignore any vulnerabilities with the statuswill_not_fix
orfix_deferred
. This can be useful if you want to focus on actionable vulnerabilities.See the document for a list of statuses, supported operating systems and other detailed information.
📁 Local repository support in
trivy repo
📁trivy repo
now supports scanning of local repositories in addition to remote ones. Previously,trivy repo
was used to scan remote repositories only. Now, with the addition of local repository support, you can use the same command to scan your local repositories as well.In the example above, Trivy will scan the local repository located at
/path/to/localrepo
. This is equivalent to using thetrivy fs
command.📦 Yarn support for
--include-dev-deps
flag 🧶This update extends the
--include-dev-deps
flag to support Yarn in addition to npm. The--include-dev-deps
flag was introduced in Trivy v0.43.0 to include development dependencies in the scan for npm. Now, this functionality is available for Yarn as well, allowing users to include development dependencies in their vulnerability scans.In the example above, Trivy will scan the project located at
/path/to/project
and include development dependencies in the scan. This can be useful if you want to ensure that your development environment is also free from vulnerabilities.📮Support
--config-data
for cloud scanning 🀧It's now possible to supply custom input data for cloud scanning policies. See here for more info.
👨🏼🚒
--policy
flag now can accept directories and files both 🆒We've added support so you can now supply one or multiple files as input to the
--policy
flag. For instance:and
Will both work as intended.
👷♂️ Notable Fixes 🛠️
Beta Was this translation helpful? Give feedback.
All reactions