What is the relationship between GitHub Advisory Database and Trivy Vulnerability Data Source? #1910
-
|
What is the relationship between GitHub Advisory Database and Trivy Vulnerability Data Source? For example, I have a springboot program that contains a vulnerability. Since it is a Java program, when trivy scans the program's docker image for vulnerabilities, will it only use the GitLab Advisories Community and GitHub Advisory Database (Maven) listed in the Trivy Vulnerability Data Source? But I see there is also a NVD in the data source, will this be used when scanning my springboot program? What does it do? Thanks!
|
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 3 replies
-
|
Hello @fighterhit Regards, Dmitriy |
Beta Was this translation helpful? Give feedback.
-
|
Thank you @DmitriyLewen , when will NVD be used? |
Beta Was this translation helpful? Give feedback.
-
|
we are not working on it at the moment |
Beta Was this translation helpful? Give feedback.
-
|
ok, thank you! |
Beta Was this translation helpful? Give feedback.
Hello @fighterhit
Thanks for your interest to Trivy.
Trivy use only GitLab Advisories Community and GitHub Advisory Database (Maven) for scan Java files.
Regards, Dmitriy