Replies: 2 comments 1 reply
-
Hello @gongomgra This problem is related with ➜ go version -m ./acmesolver
./acmesolver: go1.21.11
path github.com/cert-manager/cert-manager/acmesolver-binary
mod github.com/cert-manager/cert-manager/acmesolver-binary (devel)
...
build -buildmode=exe
build -compiler=gc
build -trimpath=true
build CGO_ENABLED=1
build GOARCH=amd64
build GOOS=linux
build GOAMD64=v1
build vcs=git
build vcs.revision=6a0915206f61a9116bb605e58e749c2aab2d43e2
build vcs.time=2024-04-25T09:35:32Z
build vcs.modified=false That is why purl (version is optional field) doesn't contain version. For the same reason Regards, Dmitriy |
Beta Was this translation helpful? Give feedback.
-
Hi @DmitriyLewen, Thanks for looking into this and for your reply. I checked the results for another image (official
This is the information I got out of the cilium binary. Can you tell me what parameter does Trivy expect to find to provide more metadata in the generated purls?
|
Beta Was this translation helpful? Give feedback.
-
Description
Running Trivy 0.52.1, I have detected that generated purls are too generic, which doesn't allow to distinguish between versions of the same binary file. It doesn't include any information related to the app version or any other unique value like its digest. Is it possible to add it?
Additionally, I found out there are some missing metadata fields in the package's objet, like the
versionInfo
.Desired Behavior
Purls are unique so it is possible to distinguish different binary versions.
Actual Behavior
Current purls are generic
Reproduction Steps
Target
Container Image
Scanner
None
Output Format
SPDX
Mode
None
Debug Output
Operating System
macOS Sonoma
Version
Checklist
trivy image --reset
Beta Was this translation helpful? Give feedback.
All reactions