This repository was archived by the owner on Sep 20, 2024. It is now read-only.
Trivy scan results are not up to date #411
Description
What steps did you take and what happened:
Trivy scans reports are not updating with the latest CVE vulnerabilities after the first scan. The reports are only updating after purging the reports from postgres. An example:
- 12/01/2023 - Image-X is scanned for the first time and reports that CVE-XXXXX is a vulnerability that does not have a fix
- 12/05/2023 - CVE-XXXXX is released with a fix
- 12/10/2023 - Image-X is re-scanned and still reports that CVE-XXXXX is a vulnerability that does not have a fix, despite the trivy-db being updated to the latest version
What did you expect to happen:
Trivy scan reports should be updated with latest CVE vulnerability data after triggering a scan to run instead of using what I believe is cached data.
Anything else you would like to add:
I need to purge the reports from the postgres instance and re-trigger scans to get reports with the most up to date vulnerabilities. I run the following on the postgres instance and then use harbor's API to trigger/create new scans.
DELETE FROM vulnerability_record;
DELETE FROM report_vulnerability_record;
DELETE FROM scan_report;
Environment:
- Harbor version:
v2.9.1 - Harbor Scanner Adapter for Trivy version:
v0.30.18 - Harbor installation process (Installer script, Helm chart, etc.):
helm