I always get CRITICAL: 0 report even if it Trivy also detected a critical vulnerability #7040

gracesabs · 2024-06-27T11:52:42Z

gracesabs
Jun 27, 2024

Description

I seem to get a confusing report after executing trivy getting only Critical vulnerability with an image.
As show below, in the same image, it says CRITICAL: 0 first, then after it is another report which is more reliable.
We are not sure why we are getting two results

Command: trivy image --format table --severity CRITICAL DOCKER_IMAGE

Desired Behavior

It will only show the summary that really shows that it found a critical vulnerability

Actual Behavior

See description

Reproduction Steps

1.trivy image --format table --severity CRITICAL  *DOCKER_IMAGE*
2.
3.
...

Target

Container Image

Scanner

Vulnerability

Output Format

Table

Mode

None

Debug Output

---Start of Trivy scanning of oxford-registry.awsdev.infor.com/m3/m3ce/m3ce-runtime-automation/poll_db_status:m3ceops-5507-test-pipeline
2024-06-27T11:48:30Z	INFO	Removing artifact caches...
2024-06-27T11:48:31Z	INFO	Vulnerability scanning is enabled
2024-06-27T11:48:31Z	INFO	Secret scanning is enabled
2024-06-27T11:48:31Z	INFO	If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-06-27T11:48:31Z	INFO	Please see also https://aquasecurity.github.io/trivy/v0.52/docs/scanner/secret/#recommendation for faster secret detection
2024-06-27T11:48:45Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="iniparse" version="0.4"
2024-06-27T11:48:45Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="urlgrabber" version="3.10"
2024-06-27T11:48:45Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="Python" version="2.7.18"
2024-06-27T11:48:45Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="pygpgme" version="0.3"
2024-06-27T11:48:45Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="pyliblzma" version="0.5.3"
2024-06-27T11:48:49Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="boto3" version="1.34.42"
2024-06-27T11:48:49Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="botocore" version="1.34.42"
2024-06-27T11:48:49Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="jmespath" version="1.0.1"
2024-06-27T11:48:49Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="pip" version="24.0"
2024-06-27T11:48:49Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="python-dateutil" version="2.8.2"
2024-06-27T11:48:49Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="s3transfer" version="0.10.0"
2024-06-27T11:48:49Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="simplejson" version="3.17.2"
2024-06-27T11:48:49Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="six" version="1.16.0"
2024-06-27T11:48:49Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="urllib3" version="1.26.18"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="Cython" version="0.29.37"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="PyYAML" version="6.0.1"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="SecretStorage" version="3.3.3"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="aws-sam-translator" version="1.86.0"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="awscli" version="1.33.16"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="black" version="24.2.0"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="boto3" version="1.34.60"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="botocore" version="1.34.60"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="certifi" version="2024.2.2"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="cffi" version="1.16.0"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="cfn-lint" version="0.86.0"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="cfnresponse" version="1.1.2"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="charset-normalizer" version="3.3.2"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="cleo" version="2.1.0"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="click" version="8.1.7"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="coverage" version="7.4.3"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="crashtest" version="0.4.1"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="cryptography" version="42.0.8"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="defusedxml" version="0.7.1"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="distlib" version="0.3.8"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="docutils" version="0.16"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="dulwich" version="0.21.7"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="fastjsonschema" version="2.20.0"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="flake8" version="7.0.0"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="invoke" version="2.2.0"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="jira" version="3.6.0"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="jschema-to-python" version="1.2.3"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="jsonpatch" version="1.33"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="jsonpointer" version="2.4"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="jsonschema" version="4.21.1"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="jsonschema-specifications" version="2023.12.1"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="junit-xml" version="1.9"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="kafka-python" version="1.4.4"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="lazy" version="1.6"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="looseversion" version="1.3.0"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="mccabe" version="0.7.0"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="mpmath" version="1.3.0"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="msgpack" version="1.0.8"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="mypy-extensions" version="1.0.0"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="oauthlib" version="3.2.2"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="pbr" version="6.0.0"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="pexpect" version="4.9.0"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="pillow" version="10.2.0"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="pkginfo" version="1.11.1"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="pluggy" version="1.4.0"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="poetry" version="1.8.3"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="poetry-core" version="1.9.0"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="poetry-plugin-export" version="1.8.0"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="ptyprocess" version="0.7.0"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="pyasn1" version="0.6.0"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="pycodestyle" version="2.11.1"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="pycparser" version="2.22"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="pydantic" version="1.9.0"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="pyflakes" version="3.2.0"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="pygtail" version="0.14.0"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="pytest" version="8.1.1"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="pytest-cov" version="4.1.0"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="pytest-env" version="1.1.3"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="pytest-mock" version="3.12.0"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="python-dateutil" version="2.9.0.post0"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="python-json-logger" version="2.0.7"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="rapidfuzz" version="3.9.3"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="referencing" version="0.33.0"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="regex" version="2023.12.25"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="requests" version="2.31.0"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="requests-aws-sign" version="0.1.6"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="requests-oauthlib" version="1.4.0"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="requests-toolbelt" version="1.0.0"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="rpds-py" version="0.18.0"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="rsa" version="4.7.2"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="sarif-om" version="1.0.4"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="shellingham" version="1.5.4"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="sympy" version="1.12"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="tomlkit" version="0.12.5"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="yamale" version="3.0.8"
2024-06-27T11:49:00Z	INFO	[python] License acquired from METADATA classifiers may be subject to additional terms	name="yamllint" version="1.35.1"
2024-06-27T11:49:00Z	INFO	Detected OS	family="amazon" version="2 (Karoo)"
2024-06-27T11:49:00Z	INFO	[amazon] Detecting vulnerabilities...	os_version="2" pkg_num=108
2024-06-27T11:49:00Z	INFO	Number of language-specific files	num=2
2024-06-27T11:49:00Z	INFO	[gobinary] Detecting vulnerabilities...
2024-06-27T11:49:00Z	INFO	[python-pkg] Detecting vulnerabilities...
2024-06-27T11:49:00Z	DEBUG	Parsed severities	severities=[CRITICAL]
2024-06-27T11:49:00Z	DEBUG	Ignore statuses	statuses=[]
2024-06-27T11:49:00Z	DEBUG	Cache dir	dir="/root/.cache/trivy"
2024-06-27T11:49:00Z	DEBUG	DB update was skipped because the local DB is the latest
2024-06-27T11:49:00Z	DEBUG	DB info	schema=2 updated_at=2024-06-27T06:11:43.124342311Z next_update=2024-06-27T12:11:43.12434205Z downloaded_at=2024-06-27T11:47:06.219652481Z
2024-06-27T11:49:00Z	INFO	Vulnerability scanning is enabled
2024-06-27T11:49:00Z	DEBUG	Vulnerability type	type=[os library]
2024-06-27T11:49:00Z	INFO	Secret scanning is enabled
2024-06-27T11:49:00Z	INFO	If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-06-27T11:49:00Z	INFO	Please see also https://aquasecurity.github.io/trivy/v0.52/docs/scanner/secret/#recommendation for faster secret detection
2024-06-27T11:49:00Z	DEBUG	Enabling misconfiguration scanners	scanners=[azure-arm cloudformation dockerfile helm kubernetes terraform terraformplan-json terraformplan-snapshot]
2024-06-27T11:49:00Z	DEBUG	[secret] No secret config detected	config_path="trivy-secret.yaml"
2024-06-27T11:49:00Z	DEBUG	[nuget] The nuget packages directory couldn't be found. License search disabled
2024-06-27T11:49:00Z	DEBUG	[secret] No secret config detected	config_path="trivy-secret.yaml"
2024-06-27T11:49:00Z	DEBUG	[image] Detected image ID	image_id="sha256:0c3dbef0e1754cc5425a39780ee4c73d24987210e5a8923bce263c75ec58e669"
2024-06-27T11:49:00Z	DEBUG	Saving the container image to a local file to obtain the image config...
2024-06-27T11:49:11Z	DEBUG	[image] Detected diff ID	diff_ids=[sha256:ecafc03674fff03c9093e22e7e4ebe0a8b016eaaa43bf1747c68f63bef869447 sha256:e963df18d7264eef1d7acf70aeefe301dbb5c27fbca868bfd78480ca82878526 sha256:a5b47dc9b5d8498388f09502fb737d6bea93135836b7c7f3ce7b541a3ac267ae sha256:8231f7ce4f265fd5fa6db0e634d95341997c7bb30022531c9b76906abd3451d3 sha256:d35e0a7b77e1004b858d3aa8759712643174cdf6f07fab067d35a1b3715cd55e sha256:e9db23ae9901d6ca788b567ec8aba20139a2ed70b675443e2266b91af9fa9ece sha256:de0f003668f55f6f8ca292af17f212cc5e8032267e51c09858eff89b9738b16b sha256:6f87d36c51955861e64d9ba4b9ac12845cb76f2216ac50af97393e507d1cb304 sha256:3c9b36e4476d30010daa027804f2b87f21c99d34031bc7cd06b82258866d0523 sha256:a0be82ee0e470f22ab5a3d34b35b68ad93739a05597c13a71dca39b5c3196865]
2024-06-27T11:49:11Z	DEBUG	[image] Detected base layers	diff_ids=[]
2024-06-27T11:49:11Z	INFO	Detected OS	family="amazon" version="2 (Karoo)"
2024-06-27T11:49:11Z	INFO	[amazon] Detecting vulnerabilities...	os_version="2" pkg_num=108
2024-06-27T11:49:11Z	INFO	Number of language-specific files	num=2
2024-06-27T11:49:11Z	INFO	[gobinary] Detecting vulnerabilities...
2024-06-27T11:49:11Z	DEBUG	[gobinary] Scanning packages for vulnerabilities	file_path="usr/local/bin/aws-lambda-rie"
2024-06-27T11:49:11Z	DEBUG	[gobinary] Skipping vulnerability scan as no version is detected for the package	name="go.amzn.com"
2024-06-27T11:49:11Z	INFO	[python-pkg] Detecting vulnerabilities...
2024-06-27T11:49:11Z	DEBUG	[python-pkg] Scanning packages for vulnerabilities	file_path=""

Operating System

linux

Version

0.52.2

Checklist

Run trivy clean --all
Read the troubleshooting

itaysk · 2024-06-27T16:37:23Z

itaysk
Jun 27, 2024
Maintainer

there are different components detected in your container image:

Operating system, Amazon Linux
Python application
Binary built with Go

Trivy can scan all of the above, and for each it will emit a seperate "Totals" line with the findings for each component

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

I always get CRITICAL: 0 report even if it Trivy also detected a critical vulnerability #7040

{{title}}

Replies: 1 comment

{{title}}

Select a reply

I always get CRITICAL: 0 report even if it Trivy also detected a critical vulnerability #7040

gracesabs Jun 27, 2024

Description

Desired Behavior

Actual Behavior

Reproduction Steps

Target

Scanner

Output Format

Mode

Debug Output

Operating System

Version

Checklist

Replies: 1 comment

itaysk Jun 27, 2024 Maintainer

gracesabs
Jun 27, 2024

itaysk
Jun 27, 2024
Maintainer