0

我正在尝试使用 Trivy 扫描 qcow2 图像,但它没有通过测试?

trivy --debug fs /home/user/fedora32_image.qcow2
2021-04-13T14:01:53.535-0700 DEBUG Severities: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
2021-04-13T14:01:53.557-0700 DEBUG cache dir: /home/user/.cache/trivy
2021-04-13T14:01:53.558-0700 DEBUG DB update was skipped because DB is the latest
2021-04-13T14:01:53.558-0700 DEBUG DB Schema: 1, Type: 1, UpdatedAt: 2021-04-13 12:07:40.493338704 +0000 UTC, NextUpdate: 2021-04-14 00:07:40.493338404 +0000 UTC, DownloadedAt: 2021-04-13 17:17:26.74233259 +0000 UTC
2021-04-13T14:01:53.558-0700 DEBUG Vulnerability type: [os library]
2021-04-13T14:01:53.624-0700 DEBUG Artifact ID: sha256:3404e98968ad338dc60ef74c0dd5bdd893478415cd2296b0c265a5650b3ae4d6
2021-04-13T14:01:53.624-0700 DEBUG Blob IDs: [sha256:3404e98968ad338dc60ef74c0dd5bdd893478415cd2296b0c265a5650b3ae4d6]
2021-04-13T14:01:53.624-0700 WARN OS is not detected and vulnerabilities in OS packages are not detected.
2021-04-13T14:01:53.624-0700 INFO Trivy skips scanning programming language libraries because no supported file was detected

关于调试的任何建议?

4

1 回答 1

0

Trivy 的fs模式需要一个实际的解压文件系统才能读取。您可以挂载该磁盘映像并将 Trivy 指向它,或者从 VM 内部运行 Trivy。它理解的唯一打包图像格式是容器,因为它主要是一个容器工具。

于 2021-04-14T08:38:28.103 回答