Replies: 1 comment 2 replies
-
When Go doesn't determine the version, it uses |
Beta Was this translation helpful? Give feedback.
2 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
When Go doesn't determine the version, it uses |
Beta Was this translation helpful? Give feedback.
-
Question
We have a kafka-burrow docker image, which we are scanning through trivy and generate json and cyclonedx reports.
The generated sbom with v0.50.2 is giving for version for one of the oem_sw of kafka-burrow ("bom-ref": "pkg:golang/github.com/linkedin/burrow")
And, same image when we try to scan with v0.51.1 and check the sbom,
we don't see the version.
could you please help us with brief explanation about the above behavior we are seeing with different version of trivy.
And, is this an issue with Trivy latest?
Target
SBOM
Scanner
Vulnerability
Output Format
CycloneDX
Mode
Standalone
Operating System
rockylinux
Version
No response
Beta Was this translation helpful? Give feedback.
All reactions