🚀Launch Week 04, May 13th - 17th, 2024!🚀
Steampipe Hub 
Hub
Plugins
turbot/trivy
Overview
7Tables
Versions
GitHub
steampipe plugin install trivy

Table: trivy_advisory - Query Trivy Advisories using SQL

Trivy is a simple and comprehensive vulnerability scanner for containers. It detects vulnerabilities of OS packages (Alpine, RHEL, CentOS, etc.) and application dependencies (Bundler, Composer, npm, yarn, etc.). Trivy is particularly designed to scan containers, but it can also scan filesystems.

Table Usage Guide

The trivy_advisory table offers insights into the vulnerabilities detected by Trivy. As a security analyst, use this table to explore details about the vulnerabilities, including their severity, vendor status, and related references. This can be instrumental in identifying and mitigating potential security risks in your container environments.

Examples

List all advisories

Explore the various advisories available, organized by their source and name. This allows for efficient tracking and management of advisories, ensuring that none are overlooked.

select
  source,
  name,
  key
from
  trivy_advisory
order by
  source,
  name,
  key;
select
  source,
  name,
  key
from
  trivy_advisory
order by
  source,
  name,
  key;

Count of advisories by source

Determine the areas in which security advisories originate to understand where the most vulnerabilities are found. This helps in prioritizing security measures and resources effectively.

select
  source,
  count(*)
from
  trivy_advisory
group by
  source
order by
  count desc;
select
  source,
  count(*)
from
  trivy_advisory
group by
  source
order by
  count(*) desc;

All advisories for xen

Uncover the details of all advisories related to 'xen' to ensure system vulnerabilities are addressed. This allows for a comprehensive review of potential security risks and the necessary steps to mitigate them.

select
  name,
  key,
  source,
  fixed_version
from
  trivy_advisory
where
  name = 'xen'
order by
  name,
  key,
  source,
  fixed_version;
select
  name,
  key,
  source,
  fixed_version
from
  trivy_advisory
where
  name = 'xen'
order by
  name,
  key,
  source,
  fixed_version;

Advisories not fixed as the package was "end-of-life"

Explore which advisories haven't been resolved due to the package reaching its end-of-life. This can be useful to identify potential security risks that need to be addressed through other means.

select
  source,
  name,
  key,
  fixed_version
from
  trivy_advisory
where
  state = 'end-of-life';
select
  source,
  name,
  key,
  fixed_version
from
  trivy_advisory
where
  state = 'end-of-life';

Schema for trivy_advisory

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form, e.g. connection_name.
affected_versiontextVersions when the vulnerability is affected. Only for Arch Linux.
fixed_versiontextVersion when the vulnerability is fixed.
keytext=Key referencing the vulnerability, e.g. CVE-2021-27506.
nametext=Name of the package with the vulnerability, e.g. ansible.
patched_versionsjsonbVersions that patch this vulnerability.
severitybigintSeverity rating (0, 1, 2, 3) for the advisory.
sourcetext=Operating system or package the advisory is for, e.g. alpine 3.10.
statetextState of the advisory. Empty if fixed version is set. e.g. Will not fix and Affected.
unaffected_versionsjsonbVersions that are not affected.
vendor_idstextRHSA-ID and DSA-ID.
vulnerability_idtextCVE-ID or vendor ID.
vulnerable_versionsjsonbVersions that are vulnerable.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- trivy

You can pass the configuration to the command with the --config argument:

steampipe_export_trivy --config '<your_config>' trivy_advisory