aquasecurity/trivy Q A · Discussions · GitHub

Trivy Security incident 2026-03-19 conclusion
Announcements itaysk

Q&A Discussions

Ask the community for help

You must be logged in to vote

Image Scans: SBOM generated by trivy does not contain license information for gobinary depedencies
triage/support Indicates an issue that is a support question.
seth-priya asked May 18, 2023 in Q&A · Unanswered

11
You must be logged in to vote

License expressions reported inconsistently with/without parentheses in SPDX format
triage/support Indicates an issue that is a support question. scan/license Issues relating to license scanning
o-shevchenko asked Feb 4, 2026 in Q&A · Closed · Unanswered

4
You must be logged in to vote

run trivy
triage/support Indicates an issue that is a support question.
Hagrou asked Feb 2, 2026 in Q&A · Answered

4
You must be logged in to vote

Trivy update fails
triage/support Indicates an issue that is a support question.
gwitsch asked Sep 18, 2024 in Q&A · Closed · Answered

71
You must be logged in to vote

fs scan ignores skip-dirs
triage/support Indicates an issue that is a support question. scan/vulnerability Issues relating to vulnerability scanning
s-hell asked Jan 9, 2026 in Q&A · Closed · Answered

2
You must be logged in to vote

Trivy crash when pom file destination is unreachable
triage/support Indicates an issue that is a support question.
dsvabek-pbz asked Jan 21, 2026 in Q&A · Unanswered

1
You must be logged in to vote

bug(image): image.skip-dirs not working for image scannning
triage/support Indicates an issue that is a support question. scan/vulnerability Issues relating to vulnerability scanning
madduci asked Jan 19, 2026 in Q&A · Answered

10
You must be logged in to vote

How Trivy gets packages information?
triage/support Indicates an issue that is a support question.
brian-223134 asked Jan 21, 2026 in Q&A · Unanswered

4
You must be logged in to vote

Support for scanning CVEs in standalone .so (shared object) files
triage/support Indicates an issue that is a support question.
stutiibm asked Jan 19, 2026 in Q&A · Unanswered

1
You must be logged in to vote

trivy filesystem command does not process correctly for some package-lock.json
triage/support Indicates an issue that is a support question. scan/vulnerability Issues relating to vulnerability scanning
larsriehn asked Jan 6, 2026 in Q&A · Unanswered

6
You must be logged in to vote

Trivy FS scan skips some npm dependencies present in package-lock.json (v3) and node_modules even with --include-dev-deps
triage/support Indicates an issue that is a support question.
vbharad asked Jan 14, 2026 in Q&A · Unanswered

2
You must be logged in to vote

"Noisy" scan results for FluxCD in a k8s cluster
triage/support Indicates an issue that is a support question.
bozho asked Jan 14, 2026 in Q&A · Unanswered

3
You must be logged in to vote

Is there a way to control the root component's type in a cycloneDX report?
triage/support Indicates an issue that is a support question.
apollo13 asked Jan 12, 2026 in Q&A · Unanswered

1
You must be logged in to vote

Trivy does not detect packages from package.json
triage/support Indicates an issue that is a support question. scan/vulnerability Issues relating to vulnerability scanning
aydinnyunus asked Jan 8, 2026 in Q&A · Unanswered

3
You must be logged in to vote

Using --config-data with trivy image

JC-19891989 asked Feb 20, 2023 in Q&A · Unanswered

8
You must be logged in to vote

Verifying severity of a vulnerability from trivy report
triage/support Indicates an issue that is a support question.
Sahasra-Sagiraju asked Dec 26, 2025 in Q&A · Unanswered

3
You must be logged in to vote

Wrong CVSS score and miss ghsa v4 score in trivy DB - CVE-2025-55754
triage/support Indicates an issue that is a support question. scan/vulnerability Issues relating to vulnerability scanning
axidex asked Dec 25, 2025 in Q&A · Unanswered

1
You must be logged in to vote

package-lock.json is ignored on scan
scan/vulnerability Issues relating to vulnerability scanning
jankoh asked Oct 24, 2023 in Q&A · Closed · Answered

4
You must be logged in to vote

How does Trivy handle large images with big data files?
triage/support Indicates an issue that is a support question.
gromyko21 asked Dec 15, 2025 in Q&A · Unanswered

4
You must be logged in to vote

Recalculating a vulnerability's Severity and CVSS score based on injected temporal/environmental metrics
triage/support Indicates an issue that is a support question.
quentinkhoo asked Dec 10, 2025 in Q&A · Unanswered

6
You must be logged in to vote

Struggling with Rego policy for Trivy
triage/support Indicates an issue that is a support question.
rungitringit asked Dec 17, 2025 in Q&A · Closed · Answered

4
You must be logged in to vote

--file-patterns flag not respected by vulnerability scanners
triage/support Indicates an issue that is a support question. scan/vulnerability Issues relating to vulnerability scanning
deser asked Dec 15, 2025 in Q&A · Unanswered

3
You must be logged in to vote

Can we generate multiple format of reports on a single scan?
triage/support Indicates an issue that is a support question.
uday-globuslive asked Dec 17, 2025 in Q&A · Unanswered

1
You must be logged in to vote

Show CVSS score in table output
triage/support Indicates an issue that is a support question.
hangrymuppet asked Jul 8, 2024 in Q&A · Closed · Unanswered

3
You must be logged in to vote

CVE not reported on older Alpine, only on newer version
triage/support Indicates an issue that is a support question. scan/vulnerability Issues relating to vulnerability scanning
ckcr4lyf asked Dec 9, 2025 in Q&A · Answered

2