mirror of
https://github.com/aquasecurity/trivy.git
synced 2025-12-22 07:10:41 -08:00
a4e981b4ec
* docs: add coverage * add more pages * add dart, dotnet, elixir languages. * add C, ruby, cocoapods. Update links * rename headers for dart and elixir * docs: add Google Distroless and Photon OS * docs: add IaC * docs: put vulnerability into a single page * fixed broken links * docs: add coverage overview * update some links * add note about arch for Rocky linux * docs: fix typo * fix typo * docs: add footnotes * docs: add a link to coverage in the license section * docs: add a conversion table * docs: get aligned --------- Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>
1.8 KiB
1.8 KiB
Photon OS
Trivy supports the following scanners for OS packages.
| Scanner | Supported |
|---|---|
| SBOM | ✓ |
| Vulnerability | ✓ |
| License | ✓ |
Please see here for supported versions.
The table below outlines the features offered by Trivy.
| Feature | Supported |
|---|---|
| Unfixed vulnerabilities | - |
| Dependency graph | ✓ |
SBOM
Trivy detects packages that have been installed through package managers such as tdnf and yum.
Vulnerability
Photon OS offers its own security advisories, and these are utilized when scanning Photon OS for vulnerabilities.
Data Source
See here.
Fixed Version
Trivy takes fixed versions from Photon CVE metadata.
Severity
Trivy determines the severity of vulnerabilities based on the CVSSv3 score provided by Photon OS. See here for the conversion table from CVSS score to severity.
Status
Trivy supports the following vulnerability statuses for Photon OS.
| Status | Supported |
|---|---|
| Fixed | ✓ |
| Affected | ✓ |
| Under Investigation | |
| Will Not Fix | |
| Fix Deferred | |
| End of Life |
License
Trivy identifies licenses by examining the metadata of RPM packages.