09:18 $ trivy -f json -o scan.json -debug jcowey/vs-coder
2019-05-31T09:21:40.852+0100 DEBUG cache dir: /Users/jcowey/Library/Caches/trivy
2019-05-31T09:21:40.852+0100 DEBUG db path: /Users/jcowey/Library/Caches/trivy/db/trivy.db
2019-05-31T09:21:40.861+0100 INFO Updating vulnerability database...
2019-05-31T09:21:40.861+0100 DEBUG git pull
2019-05-31T09:21:41.671+0100 DEBUG total updated files: 1
2019-05-31T09:21:41.709+0100 WARN You should avoid using the :latest tag as it is cached. You need to specify '--clear-cache' option when :latest image is changed
2019-05-31T09:21:51.016+0100 DEBUG OS family: ubuntu, OS version: 18.04
2019-05-31T09:21:51.018+0100 DEBUG the number of packages: 176
2019-05-31T09:21:51.018+0100 DEBUG the number of packages from commands: 0
2019-05-31T09:21:51.018+0100 DEBUG the number of packages: 176
2019-05-31T09:21:51.018+0100 INFO Detecting Ubuntu vulnerabilities...
2019-05-31T09:21:51.018+0100 DEBUG ubuntu: os version: 18.04
2019-05-31T09:21:51.018+0100 DEBUG ubuntu: the number of packages: %!s(int=176)
09:22 $ trivy -v
trivy version 0.1.0
see here the dupes. While this maybe intresting on a docker image layer level theres no hit of on which layer the vun is on i would rather have uniq CVEs on the image as a whole and not layer by layer
09:17 $ cat scan.json | grep CVE-2018-7738
"VulnerabilityID": "CVE-2018-7738",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7738",
"VulnerabilityID": "CVE-2018-7738",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7738",
"VulnerabilityID": "CVE-2018-7738",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7738",
"VulnerabilityID": "CVE-2018-7738",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7738",
"VulnerabilityID": "CVE-2018-7738",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7738",
"VulnerabilityID": "CVE-2018-7738",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7738"
"VulnerabilityID": "CVE-2018-7738",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7738"
"VulnerabilityID": "CVE-2018-7738",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7738",
"VulnerabilityID": "CVE-2018-7738",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7738",