Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Supported versions of Trivy and report types #386

Open
ghost opened this issue Oct 27, 2022 · 1 comment
Open

Supported versions of Trivy and report types #386

ghost opened this issue Oct 27, 2022 · 1 comment
Labels
documentation Improvements or additions to documentation

Comments

@ghost
Copy link

ghost commented Oct 27, 2022

Description

The README has two gaps in documentation that could cause unexpected behavior or errors in the application.

  1. What are the versions of Trivy that have been tested to demonstrate compatibility? Since Trivy is still in a v0 status they do not guarantee backwards compatibility and their reports/outputs may change.
  2. What Trivy report types are supported?
    • The example report you have in the repo seems to be an image scan output
    • Is the Kubernetes report supported?

The tool seems great, but was just hoping to have a better understanding of the current scope of functionality!
@Morl99
Copy link
Contributor

Morl99 commented Oct 28, 2022

Hello @pbaumer,

thanks for your interest in the project and your input. I can completely relate to your thoughts. This project started out as a small side-project with no professional intention, but it turned out to be really useful for us and we are using it in our daily work. So I am committed in maintaining and improving it.

I share your observation, that Trivy is evolving fast, and I am focussing on the use cases that are relevant for us as a team. We are exclusively using the image scan. I recently fooled around with the kubernetes scan and find it interesting, since the nature of the findings is similar to the image scan (because it just scans all images in a kubernetes cluster), I would be very interested in supporting it. The first step would be to design a good UI for it, since the intention of the project is to be better than what the console output of Trivy can be. If you have any ideas, I would appreciate a discussion. What would you like the trivy-vulnerability-explorer to do?

Without a question, it is a good idea to cleary state what the vulnerability explorer is currently able to support. If you want, you could create a MR for that, if not, I will keep this issue open and work on it once I find the time. As for versions, I could try to document the supported Trivy version, but my observation is, that the report format is pretty stable so far. I had to work on a breaking change once, so as far as I know, all report formats that trivy used during the past 12 months are supported. Since the documentation about the supported versions would get old really fast, I am somehow reluctant to putting it in a readme. But since Trivy specifies a Schema version, it might be helpful to document, that the explorer currently supports both SchemaVersion 1 and 2.

Let me know if you have any other questions.

@Morl99 Morl99 mentioned this issue Apr 3, 2023
Closed
@Morl99 Morl99 added the documentation Improvements or additions to documentation label Jan 24, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
documentation Improvements or additions to documentation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Morl99