gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-22 15:16:33 -08:00
Code Issues Packages Projects Releases Wiki Activity
Files
9da33b5aed1269f5fdcfc5b34ba3df59ca86e51b
trivy/docs/guide/coverage/os/alpine.md
Owen Rumney 9da33b5aed docs: restructure docs for new hosting (#9799)
2025-11-18 15:45:49 +00:00

60 lines
2.2 KiB
Markdown
Raw Blame History

# Alpine Linux
Trivy supports the following scanners for OS packages.
| Scanner | Supported |
| :-----------: | :-------: |
| SBOM | ✓ |
| Vulnerability | ✓ |
| License | ✓ |
Please see [here](index.md#supported-os) for supported versions.
The table below outlines the features offered by Trivy.
| Feature | Supported |
|:------------------------------------:|:---------:|
| Unfixed vulnerabilities | - |
| [Dependency graph][dependency-graph] | ✓ |
| End of life awareness | ✓ |
## SBOM
Trivy detects packages that have been installed through `apk`.
## Vulnerability
Alpine Linux offers its own security advisories, and these are utilized when scanning Alpine for vulnerabilities.
### Data Source
See [here](../../scanner/vulnerability.md#data-sources).
### Fixed Version
When looking at fixed versions, it's crucial to consider the patches supplied by Alpine.
For example, for CVE-2023-0464, the fixed version for Alpine Linux is listed as `3.1.0-r1` in [the secfixes][CVE-2023-0464].
Note that this is different from the upstream fixed version, which is `3.1.1`.
Typically, only the upstream information gets listed on [NVD], so it's important not to get confused.
### Severity
For Alpine vulnerabilities, the severity is determined using the values set by NVD.
### Status
Trivy supports the following [vulnerability statuses] for Alpine.
| Status | Supported |
| :-----------------: | :-------: |
| Fixed | ✓ |
| Affected | ✓ |
| Under Investigation | |
| Will Not Fix | |
| Fix Deferred | |
| End of Life | |
## License
Trivy identifies licenses by examining the metadata of APK packages.
[dependency-graph]: ../../configuration/reporting.md#show-origins-of-vulnerable-dependencies
[secdb]: https://secdb.alpinelinux.org/
[CVE-2023-0464]: https://gitlab.alpinelinux.org/alpine/aports/-/blob/dad5b7380ab3be705951ce6fd2d7bba513d6a744/main/openssl/APKBUILD#L36-37
[NVD]: https://nvd.nist.gov/vuln/detail/CVE-2023-0464
[vulnerability statuses]: ../../configuration/filtering.md#by-status
Reference in New Issue View Git Blame Copy Permalink