include only root dependencies in result #4870
Replies: 8 comments
-
|
I guess the dependency graph for POM addresses this confusion. They get to know how transitive dependencies are introduced. |
Beta Was this translation helpful? Give feedback.
-
|
We need it ! Strong support this option !!!! Thank you ~👍🏻👍🏻👍🏻👍🏻 |
Beta Was this translation helpful? Give feedback.
-
|
I hope Trivy can add an option to report only direct dependencies. Thank you~❤️ @DmitriyLewen |
Beta Was this translation helpful? Give feedback.
-
|
Hello, I think the original Trivy function can be retained, but I think it is necessary to add this option to scan direct dependencies. From a security point of view, the previous scan results are obviously more comprehensive, but the attack and exploitation chain for dependencies is very complicated, let alone indirect dependencies. Based on the above, I would prefer to add this option. Thanks. |
Beta Was this translation helpful? Give feedback.
-
|
Hi, I hope this option can be added, I use trivy a lot at work, thanks. |
Beta Was this translation helpful? Give feedback.
-
|
Hello, I think it is good to add this option, I hope to add it as soon as possible, after all, I have encountered the same problem when scanning. |
Beta Was this translation helpful? Give feedback.
-
|
Hi all, we added --pkg-relationships flag. |
Beta Was this translation helpful? Give feedback.
-
Description
Trivy includes all indirect dependencies for
pom.xmlfiles.But some users asked about report only direct dependencies (See #4840)
I suggest discuss this options:
Target
Container Image
Scanner
Vulnerability
Beta Was this translation helpful? Give feedback.
All reactions