aquasecurity trivy False Detection · Discussions · GitHub

Sort by: Latest activity

False Detection Discussions

False positives/negatives

You must be logged in to vote

[Secret scanning] Trivy mistakenly reports gpg/RSA key hash contained in README (Markdown) as "AWS secret access key"

codethief started Jan 19, 2024 in False Detection · Closed

1
You must be logged in to vote

False positive for CVE-2023-51074

onobc started Jan 17, 2024 in False Detection · Closed

2
You must be logged in to vote

image misconfiguration incorrect reports COPY command has more than two arguments
scan/misconfiguration Issues relating to misconfiguration scanning
candrews started Jan 17, 2024 in False Detection

3
You must be logged in to vote

false negative avd-gcp-0056 with terraform dynamic blocks
scan/misconfiguration Issues relating to misconfiguration scanning
pawelmrowka started Jan 4, 2024 in False Detection · Closed

1
You must be logged in to vote

bug(secret): AWS Secret detection detects strings of 40 characters as false positive
scan/secret Issues relating to secret scanning
christiangonre started Jan 4, 2024 in False Detection · Closed

1
You must be logged in to vote

Trivy does not identify certain imported pom files

ishapirovArnica started Dec 29, 2023 in False Detection · Closed

1
You must be logged in to vote

Incorrect transitive dependencies for pkg:maven/commons-validator/[email protected]

ishapirovArnica started Dec 27, 2023 in False Detection · Closed

1
You must be logged in to vote

No vulnerabilities identified for pkg:maven/org.apache.tomcat.embed/tomcat-embed-core
scan/vulnerability Issues relating to vulnerability scanning
biehl1 started Dec 21, 2023 in False Detection · Closed

1
You must be logged in to vote

False positives on Bitnami packages due to versions with revisions

juan131 started Nov 21, 2023 in False Detection · Closed

5
You must be logged in to vote

IAC - False Positive detection for AVD-AWS-0028 (aws_instance should activate session tokens for Instance Metadata Service)

nishad-aliaqua started Dec 17, 2023 in False Detection · Closed

1
You must be logged in to vote

Trivy did not report on PYSEC-2023-135

donnieelmore started Dec 12, 2023 in False Detection

1
You must be logged in to vote

CVE-2019-8457 - False positive detection

cgargas started Dec 11, 2023 in False Detection · Closed

1
You must be logged in to vote

Nokogiri dependencies.yml RSA KEY false positive

wagnerpereira started Dec 12, 2023 in False Detection · Closed

3
You must be logged in to vote

Incomplete Vulnerability Detection for google-cloud-storage:2.23.0

sagic-orca started Dec 5, 2023 in False Detection · Closed

1
You must be logged in to vote

CVE-2022-22965 detected in Spring Boot 3.2.0

DarkAtra started Nov 24, 2023 in False Detection · Closed

2
You must be logged in to vote

False positive: CVE-2022-36087 not affected in SLES 15 SP4, SP5

sekveaja started Nov 24, 2023 in False Detection

1
You must be logged in to vote

Trivy doesn not detect CVE-2023-31419 for elasticsearch-7.10.2.jar
scan/vulnerability Issues relating to vulnerability scanning
navzen2000 started Nov 14, 2023 in False Detection · Closed

20
You must be logged in to vote

Python 3.6.8 Pip 9.0.3 vulnerabilities not detected
scan/vulnerability Issues relating to vulnerability scanning
matjawor started Nov 21, 2023 in False Detection

1
You must be logged in to vote

False alibaba-access-key-id detection in pnpm cache for @types/react.json

vonazt started Nov 20, 2023 in False Detection · Closed

1
You must be logged in to vote

AVD-GIT-0001 false positive
scan/misconfiguration Issues relating to misconfiguration scanning
stevehipwell started Oct 4, 2023 in False Detection

6
You must be logged in to vote

CVE-2023-4863 is not detected in Sharp NPM package
kind/security-advisory Categorizes issue or PR as related to security advisories. scan/vulnerability Issues relating to vulnerability scanning
saars-orca started Nov 5, 2023 in False Detection · Closed

1
You must be logged in to vote

CVE-2023-44487 was not detected in jar file
kind/security-advisory Categorizes issue or PR as related to security advisories.
DuyTran-TomTom started Nov 1, 2023 in False Detection

1
You must be logged in to vote

nginx 3rd party package detection on alpine

jkroepke started Oct 23, 2023 in False Detection · Closed

4
You must be logged in to vote

Trivy not detecting Terraform misconfiguration when private Terraform modules in-use

bkonicek-calm started Oct 19, 2023 in False Detection · Closed

4
You must be logged in to vote

Unexpected vulnerability detected in package(nss)

JwishPark started Oct 18, 2023 in False Detection

1