-
Notifications
You must be signed in to change notification settings - Fork 55
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[REQ] Patch from Trivy SBOM scan results #446
Comments
@duffney can you tell a bit more about this? any distinctions or advantages over using trivy report? |
I was envisioning using the SBOM to patch images instead of scanning results. If the SBOM was already available in the referrers of the container image, it would make scanning unnecessary. One of the promises of an SBOM is to assist with vuln management, but after a bit more research it might be a bit early. However, it could make a good backlog feature. :) |
wouldn't you still need to scan it (what |
That's correct. However, the report that trivy generates with |
What kind of request is this?
Improvement of existing experience
What is your request or suggestion?
Trivy allows you to generate an SBOM for a container image and then use the SBOM to produce a vulnerability report. My request is that Copa be able to use the vulnerability report generated by the
trivy sbom
command to patch the container image instead of relying on scans of the container image directly.Here's an example:
Currently, when I follow this path I get the following error:
Are you willing to submit PRs to contribute to this feature request?
The text was updated successfully, but these errors were encountered: