Unpacked Filesystem

Scan aan unpacked container image filesystem.

In this case, Trivy works the same way when scanning containers

  1. $ docker export $(docker create alpine:3.10.2) | tar -C /tmp/rootfs -xvf -
  2. $ trivy fs /tmp/rootfs

Result

  1. 2021-03-08T05:22:26.378Z INFO Need to update DB
  2. 2021-03-08T05:22:26.380Z INFO Downloading DB...
  3. 20.37 MiB / 20.37 MiB [-------------------------------------------------------------------------------------------------------------------------------------] 100.00% 8.24 MiB p/s 2s
  4. 2021-03-08T05:22:30.134Z INFO Detecting Alpine vulnerabilities...
  5. /tmp/rootfs (alpine 3.10.2)
  6. ===========================
  7. Total: 20 (UNKNOWN: 0, LOW: 2, MEDIUM: 10, HIGH: 8, CRITICAL: 0)
  8. +--------------+------------------+----------+-------------------+---------------+---------------------------------------+
  9. | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
  10. +--------------+------------------+----------+-------------------+---------------+---------------------------------------+
  11. | libcrypto1.1 | CVE-2020-1967 | HIGH | 1.1.1c-r0 | 1.1.1g-r0 | openssl: Segmentation |
  12. | | | | | | fault in SSL_check_chain |
  13. | | | | | | causes denial of service |
  14. | | | | | | -->avd.aquasec.com/nvd/cve-2020-1967 |
  15. + +------------------+ + +---------------+---------------------------------------+
  16. | | CVE-2021-23839 | | | 1.1.1j-r0 | openssl: incorrect SSLv2 |
  17. | | | | | | rollback protection |
  18. | | | | | | -->avd.aquasec.com/nvd/cve-2021-23839 |
  19. + +------------------+ + + +---------------------------------------+
  20. | | CVE-2021-23840 | | | | openssl: integer |
  21. | | | | | | overflow in CipherUpdate |
  22. | | | | | | -->avd.aquasec.com/nvd/cve-2021-23840 |
  23. + +------------------+ + + +---------------------------------------+
  24. | | CVE-2021-23841 | | | | openssl: NULL pointer dereference |
  25. | | | | | | in X509_issuer_and_serial_hash() |
  26. | | | | | | -->avd.aquasec.com/nvd/cve-2021-23841 |
  27. + +------------------+----------+ +---------------+---------------------------------------+
  28. | | CVE-2019-1547 | MEDIUM | | 1.1.1d-r0 | openssl: side-channel weak |
  29. | | | | | | encryption vulnerability |
  30. | | | | | | -->avd.aquasec.com/nvd/cve-2019-1547 |
  31. + +------------------+ + + +---------------------------------------+
  32. | | CVE-2019-1549 | | | | openssl: information |
  33. | | | | | | disclosure in fork() |
  34. | | | | | | -->avd.aquasec.com/nvd/cve-2019-1549 |
  35. + +------------------+ + +---------------+---------------------------------------+
  36. | | CVE-2019-1551 | | | 1.1.1d-r2 | openssl: Integer overflow in RSAZ |
  37. | | | | | | modular exponentiation on x86_64 |
  38. | | | | | | -->avd.aquasec.com/nvd/cve-2019-1551 |
  39. + +------------------+ + +---------------+---------------------------------------+
  40. | | CVE-2020-1971 | | | 1.1.1i-r0 | openssl: EDIPARTYNAME |
  41. | | | | | | NULL pointer de-reference |
  42. | | | | | | -->avd.aquasec.com/nvd/cve-2020-1971 |
  43. + +------------------+----------+ +---------------+---------------------------------------+
  44. | | CVE-2019-1563 | LOW | | 1.1.1d-r0 | openssl: information |
  45. | | | | | | disclosure in PKCS7_dataDecode |
  46. | | | | | | and CMS_decrypt_set1_pkey |
  47. | | | | | | -->avd.aquasec.com/nvd/cve-2019-1563 |
  48. +--------------+------------------+----------+ +---------------+---------------------------------------+
  49. | libssl1.1 | CVE-2020-1967 | HIGH | | 1.1.1g-r0 | openssl: Segmentation |
  50. | | | | | | fault in SSL_check_chain |
  51. | | | | | | causes denial of service |
  52. | | | | | | -->avd.aquasec.com/nvd/cve-2020-1967 |
  53. + +------------------+ + +---------------+---------------------------------------+
  54. | | CVE-2021-23839 | | | 1.1.1j-r0 | openssl: incorrect SSLv2 |
  55. | | | | | | rollback protection |
  56. | | | | | | -->avd.aquasec.com/nvd/cve-2021-23839 |
  57. + +------------------+ + + +---------------------------------------+
  58. | | CVE-2021-23840 | | | | openssl: integer |
  59. | | | | | | overflow in CipherUpdate |
  60. | | | | | | -->avd.aquasec.com/nvd/cve-2021-23840 |
  61. + +------------------+ + + +---------------------------------------+
  62. | | CVE-2021-23841 | | | | openssl: NULL pointer dereference |
  63. | | | | | | in X509_issuer_and_serial_hash() |
  64. | | | | | | -->avd.aquasec.com/nvd/cve-2021-23841 |
  65. + +------------------+----------+ +---------------+---------------------------------------+
  66. | | CVE-2019-1547 | MEDIUM | | 1.1.1d-r0 | openssl: side-channel weak |
  67. | | | | | | encryption vulnerability |
  68. | | | | | | -->avd.aquasec.com/nvd/cve-2019-1547 |
  69. + +------------------+ + + +---------------------------------------+
  70. | | CVE-2019-1549 | | | | openssl: information |
  71. | | | | | | disclosure in fork() |
  72. | | | | | | -->avd.aquasec.com/nvd/cve-2019-1549 |
  73. + +------------------+ + +---------------+---------------------------------------+
  74. | | CVE-2019-1551 | | | 1.1.1d-r2 | openssl: Integer overflow in RSAZ |
  75. | | | | | | modular exponentiation on x86_64 |
  76. | | | | | | -->avd.aquasec.com/nvd/cve-2019-1551 |
  77. + +------------------+ + +---------------+---------------------------------------+
  78. | | CVE-2020-1971 | | | 1.1.1i-r0 | openssl: EDIPARTYNAME |
  79. | | | | | | NULL pointer de-reference |
  80. | | | | | | -->avd.aquasec.com/nvd/cve-2020-1971 |
  81. + +------------------+----------+ +---------------+---------------------------------------+
  82. | | CVE-2019-1563 | LOW | | 1.1.1d-r0 | openssl: information |
  83. | | | | | | disclosure in PKCS7_dataDecode |
  84. | | | | | | and CMS_decrypt_set1_pkey |
  85. | | | | | | -->avd.aquasec.com/nvd/cve-2019-1563 |
  86. +--------------+------------------+----------+-------------------+---------------+---------------------------------------+
  87. | musl | CVE-2020-28928 | MEDIUM | 1.1.22-r3 | 1.1.22-r4 | In musl libc through 1.2.1, |
  88. | | | | | | wcsnrtombs mishandles particular |
  89. | | | | | | combinations of destination buffer... |
  90. | | | | | | -->avd.aquasec.com/nvd/cve-2020-28928 |
  91. +--------------+ + + + + +
  92. | musl-utils | | | | | |
  93. | | | | | | |
  94. | | | | | | |
  95. | | | | | | |
  96. +--------------+------------------+----------+-------------------+---------------+---------------------------------------+