Fix Affected and Fixed Package information

Question

Fix Affected and Fixed Package information

Closed this issue 2 years ago · 2 comments

Answer 1 · 2023-03-13T13:31:44.000Z

Fixed for Grype.

Trivy does not provide this information.

Looks like Snyk does provide the information in isUpgradable/isPatchable but cannot find an example with the information populated.

Answer 2 · 2023-03-13T14:16:27.000Z

Looks like trivy CLI does not outputs that field, even when there are upgradable vulns. This won't help, but the data/trivy.json sample in the repo is now for the Ruby app image which has many fixable vuls.