-
Notifications
You must be signed in to change notification settings - Fork 2.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
pom.xml fs fails due to parsing failure of indirect pom.xml #3747
Comments
@eyalatox I could reproduce your issue. as a workaround you can run offline scan: $ trivy fs --offline-scan .
2023-03-02T18:13:31.576+0600 INFO Vulnerability scanning is enabled
2023-03-02T18:13:31.576+0600 INFO Secret scanning is enabled
2023-03-02T18:13:31.576+0600 INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2023-03-02T18:13:31.576+0600 INFO Please see also https://aquasecurity.github.io/trivy/v0.38/docs/secret/scanning/#recommendation for faster secret detection
2023-03-02T18:13:31.577+0600 INFO Number of language-specific files: 1
2023-03-02T18:13:31.577+0600 INFO Detecting pom vulnerabilities...
pom.xml (pom)
Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0)
┌───────────────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────┐
│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │
├───────────────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────┤
│ org.apache.hive:hive-exec │ CVE-2018-11777 │ HIGH │ 2.3.3 │ 2.3.4 │ Improper Authentication in hive:hive-exec │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-11777 │
└───────────────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────┘
|
thanks @afdesk |
@afdesk is the above suggestion something that trivy considers? |
I opened a PR for this issue - aquasecurity/go-dep-parser#210 by skipping those missing modules |
Description
What did you expect to happen?
trivy fs pom.xml should yield results
the pom content is pasted here:
What happened instead?
Number of language-specific files: 0
Output of run with
-debug
:Output of
trivy -v
:Additional details (base image name, container registry info...):
Apple M1 Pro
The text was updated successfully, but these errors were encountered: