Extend VEX application to container Image scanning #4767

knqyf263 · 2023-07-03T11:55:53Z

Description

At present, Trivy's support for the Vulnerability Exploitability Exchange (VEX) is limited to Software Bill of Materials (SBOM) scanning. It would be beneficial to extend this application to container image scanning, filesystem scanning and other scanning as well.

However, achieving this with the current BOM-Ref approach may not be feasible. Once the experimental implementation of Package URL (PURL) comparison in VEX is completed, it could potentially pave the way for this extension.

The proposed use case for this feature is similar to that of .trivyignore. The key difference is that it would allow us to accomplish the same tasks using VEX, which is a more industry-standard format.

The text was updated successfully, but these errors were encountered:

knqyf263 added kind/feature Categorizes issue or PR as related to a new feature. scan/vulnerability Issues relating to vulnerability scanning labels Jul 3, 2023

knqyf263 added this to the v0.44.0 milestone Jul 3, 2023

knqyf263 modified the milestones: v0.44.0, v0.45.0 Jul 30, 2023

knqyf263 modified the milestones: v0.45.0, v0.46.0 Aug 29, 2023

knqyf263 modified the milestones: v0.46.0, v0.48.0 Nov 3, 2023

knqyf263 modified the milestones: v0.48.0, v0.49.0 Dec 17, 2023

knqyf263 mentioned this issue Jan 24, 2024

feat(vuln): enable --vex for all targets #5992

Merged

6 tasks

knqyf263 closed this as completed in #5992 Jan 25, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Extend VEX application to container Image scanning #4767

Extend VEX application to container Image scanning #4767

knqyf263 commented Jul 3, 2023

Extend VEX application to container Image scanning #4767

Extend VEX application to container Image scanning #4767

Comments

knqyf263 commented Jul 3, 2023

Description