Does Trivy report CVE fixes that don't imply a package version bump? #1276
Unanswered
pablogalegoc
asked this question in
Q&A
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi all!
I'd like to know if Trivy reports fixes to vulnerabilities that may not imply a version bump but instead, for example, a specific change in a configuration parameter already available in the package version affected. I'm aware that, in many instances, configuration changes are just workarounds but, in those cases where they truly are fixes, how does Trivy report them? Are they even considered? Thanks!
Beta Was this translation helpful? Give feedback.
All reactions