Suppored OS

The unfixed/unfixable vulnerabilities mean that the patch has not yet been provided on their distribution. Trivy doesn’t support self-compiled packages/binaries, but official packages provided by vendors such as Red Hat and Debian.

OSSupported VersionsTarget PackagesDetection of unfixed vulnerabilities
Alpine Linux2.2 - 2.7, 3.0 - 3.13Installed by apkNO
Red Hat Universal Base Image7, 8Installed by yum/rpmYES
Red Hat Enterprise Linux6, 7, 8Installed by yum/rpmYES
CentOS6, 7Installed by yum/rpmYES
Oracle Linux5, 6, 7, 8Installed by yum/rpmNO
Amazon Linux1, 2Installed by yum/rpmNO
openSUSE Leap42, 15Installed by zypper/rpmNO
SUSE Enterprise Linux11, 12, 15Installed by zypper/rpmNO
Photon OS1.0, 2.0, 3.0Installed by tdnf/yum/rpmNO
Debian GNU/Linuxwheezy, jessie, stretch, busterInstalled by apt/apt-get/dpkgYES
UbuntuSupported versions by Canonical 1Installed by apt/apt-get/dpkgYES
Distroless 2AnyInstalled by apt/apt-get/dpkgYES

1 Trivy no longer detects vulnerabilities in versions that have reached End of Life. 2 Distroless: https://github.com/GoogleContainerTools/distroless