Skip to content

Navigation Menu

Explore
By company size
By use case
By industry
View all solutions
Topics
- AI
- DevOps
- Security
- Software Development
- View all
Explore
- GitHub Sponsors
  Fund open source developers
- The ReadME Project
  GitHub community articles
Repositories
- Enterprise platform
  AI-powered developer platform
Available add-ons
Pricing

Search code, repositories, users, issues, pull requests...

Search

Clear

Search syntax tips

Provide feedback

We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

Saved searches

Use saved searches to filter your results more quickly

Name

Query

To see all available qualifiers, see our documentation.

You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.

Dismiss alert

aquasecurity / trivy Public

Notifications You must be signed in to change notification settings
Fork 2.3k
Star 23.7k

Code
Issues 163
Pull requests 58
Discussions
Actions
Projects 1
Security
Insights

Additional navigation options

Code
Issues
Pull requests
Discussions
Actions
Projects
Security
Insights

aquasecurity trivy False-detection Discussions

Pinned Discussions

Welcome to Trivy👋🏻
Announcements AnaisUrlichs
Share with us your favourite part about Trivy
Adopters AnaisUrlichs

Search all discussions

Clear

Sort by: Latest activity

Latest activity

Top: Past month

Filter by label

Sorry, something went wrong.

Filter

Loading

Sorry, something went wrong.

No labels found. Sorry about that.

Use alt + click/return to exclude labels.

Open
Closed
Locked
Unlocked
All

Categories, most helpful, and community links

Categories

View all discussions
Adopters
Announcements
Bugs
Development
Documentation
False Detection
Ideas
Office Hours
Q&A

Loading

Community links

Code of conduct
aquasecurity.github.io/trivy

False Detection Discussions

False positives/negatives

You must be logged in to vote

Trivy suggest upgrading to a version that doesn't exist, but exist for a similar dependency
scan/vulnerability Issues relating to vulnerability scanning
AXDOOMER started Oct 14, 2023 in False Detection

2
You must be logged in to vote

False positive for CVE-2023-33246 in apache/rocketmq:4.9.7
scan/vulnerability Issues relating to vulnerability scanning
aleksandradrobnjak started Oct 9, 2023 in False Detection

3
You must be logged in to vote

CVE-2023-0105 - request to update Trivy database impacting Keycloak
scan/vulnerability Issues relating to vulnerability scanning
abstractj started Oct 5, 2023 in False Detection · Closed

1
You must be logged in to vote

Trivy .jar image scan does not find some CVEs compared to OWASP Depedency check tool

bedla started Sep 7, 2023 in False Detection

4
You must be logged in to vote

fix(misconf): false positive avd-gcp-0029 when subnet has REGIONAL_MANAGED_PROXY or GLOBAL_MANAGED_PROXY purpose field

mcinquin started Sep 25, 2023 in False Detection · Closed

1
You must be logged in to vote

fix(misconf): false positive avd-gcp-0029 when subnet has REGIONAL_MANAGED_PROXY or GLOBAL_MANAGED_PROXY purpose field

mcinquin started Sep 25, 2023 in False Detection · Closed

1
You must be logged in to vote

False positive for CVE-2023-1108 undertow-core
kind/security-advisory Categorizes issue or PR as related to security advisories.
bvahdat started Sep 20, 2023 in False Detection · Closed

2
You must be logged in to vote

Trivy is reporting XML file "entry key" with exactly 40 chars long as AWS Secret Access Key (CRITICAL Vulnerability)

ejtavares started Sep 12, 2023 in False Detection

3
You must be logged in to vote

False positive of AVD-AWS-0010 Configure Cloudfront logging

LesterTheTester started Sep 14, 2023 in False Detection

2
You must be logged in to vote

CVE-2022-31692 detected on spring-security-core but should be spring-security-web only

mischa-n started Sep 5, 2023 in False Detection · Closed

7
You must be logged in to vote

False Positive - Code scanning - CFT- SQS Queue Unencrypted Finding
scan/misconfiguration Issues relating to misconfiguration scanning
tzurielweisberg started Sep 7, 2023 in False Detection · Closed

2
You must be logged in to vote

Trivy flagged vulnerability in my project for artifact com.google.guava version 11.0.2 which is not exit in my app

onkarnarkar started May 25, 2023 in False Detection

5
You must be logged in to vote

Trivy is reporting false vulnerability for com.fasterxml.jackson.core:jackson-databind

pranjali35 started Sep 7, 2023 in False Detection

1
You must be logged in to vote

aiohttp v3.8.5

doronguttman started Aug 7, 2023 in False Detection · Closed

1
You must be logged in to vote

Enable rotation on asymmetric keys is imposibile since AWS doesn't support that

nathanbowang started Aug 4, 2023 in False Detection

1
You must be logged in to vote

False positieve from incorrect terraform parsing for AVD-AWS-0107
scan/misconfiguration Issues relating to misconfiguration scanning
denisovval started Jul 6, 2023 in False Detection

4
You must be logged in to vote

aiohttp v3.8.5 false positive

rubur-webbeds started Jul 31, 2023 in False Detection · Closed

2
You must be logged in to vote

CVE-2023-2976 (Guava vulnerability)
scan/vulnerability Issues relating to vulnerability scanning
brfrn169 started Jul 18, 2023 in False Detection · Closed

7
You must be logged in to vote

[Edge case] Missing key for fixed version
scan/vulnerability Issues relating to vulnerability scanning
ronniee007 started Jul 7, 2023 in False Detection · Closed

3
You must be logged in to vote

False positive for bind-license package in centos:7 image

tspearconquest started Jul 20, 2023 in False Detection · Closed

3
You must be logged in to vote

Trivy misdetecting ehcache 2.10.9.2 as being jackson and other Java libraries

chadlwilson started Jul 23, 2023 in False Detection · Closed

1
You must be logged in to vote

CVE-2022-3715 reported as LOW when it's actually HIGH

huornlmj started Jul 17, 2023 in False Detection · Closed

4
You must be logged in to vote

CVE-2023-33170 (.Net vulnerability) indicated for .Net 6.0.20, but referenced data source indicates this version is fixed

HughSayer started Jul 13, 2023 in False Detection · Closed

3
You must be logged in to vote

CRITICAL: AWS (aws-access-key-id)

pete911 started Jul 14, 2023 in False Detection · Closed

1
You must be logged in to vote

CVE-2023-33170 false positive in net 6.0.20 app
triage/duplicate Indicates an issue is a duplicate of other open issue.
Ismael-Pep started Jul 14, 2023 in False Detection · Closed

2

Previous 1 2 3 4 5 6 Next

Footer

© 2024 GitHub, Inc.

Footer navigation

Terms
Privacy
Security
Status
Docs
Contact

You can’t perform that action at this time.