Table: trivy_advisory - Query Trivy Advisories using SQL
Trivy is a simple and comprehensive vulnerability scanner for containers. It detects vulnerabilities of OS packages (Alpine, RHEL, CentOS, etc.) and application dependencies (Bundler, Composer, npm, yarn, etc.). Trivy is particularly designed to scan containers, but it can also scan filesystems.
Table Usage Guide
The trivy_advisory
table offers insights into the vulnerabilities detected by Trivy. As a security analyst, use this table to explore details about the vulnerabilities, including their severity, vendor status, and related references. This can be instrumental in identifying and mitigating potential security risks in your container environments.
Examples
List all advisories
Explore the various advisories available, organized by their source and name. This allows for efficient tracking and management of advisories, ensuring that none are overlooked.
select source, name, keyfrom trivy_advisoryorder by source, name, key;
select source, name, keyfrom trivy_advisoryorder by source, name, key;
Count of advisories by source
Determine the areas in which security advisories originate to understand where the most vulnerabilities are found. This helps in prioritizing security measures and resources effectively.
select source, count(*)from trivy_advisorygroup by sourceorder by count desc;
select source, count(*)from trivy_advisorygroup by sourceorder by count(*) desc;
All advisories for xen
Uncover the details of all advisories related to 'xen' to ensure system vulnerabilities are addressed. This allows for a comprehensive review of potential security risks and the necessary steps to mitigate them.
select name, key, source, fixed_versionfrom trivy_advisorywhere name = 'xen'order by name, key, source, fixed_version;
select name, key, source, fixed_versionfrom trivy_advisorywhere name = 'xen'order by name, key, source, fixed_version;
Advisories not fixed as the package was "end-of-life"
Explore which advisories haven't been resolved due to the package reaching its end-of-life. This can be useful to identify potential security risks that need to be addressed through other means.
select source, name, key, fixed_versionfrom trivy_advisorywhere state = 'end-of-life';
select source, name, key, fixed_versionfrom trivy_advisorywhere state = 'end-of-life';
Schema for trivy_advisory
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
affected_version | text | Versions when the vulnerability is affected. Only for Arch Linux. | |
fixed_version | text | Version when the vulnerability is fixed. | |
key | text | = | Key referencing the vulnerability, e.g. CVE-2021-27506. |
name | text | = | Name of the package with the vulnerability, e.g. ansible. |
patched_versions | jsonb | Versions that patch this vulnerability. | |
severity | bigint | Severity rating (0, 1, 2, 3) for the advisory. | |
source | text | = | Operating system or package the advisory is for, e.g. alpine 3.10. |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. | |
state | text | State of the advisory. Empty if fixed version is set. e.g. Will not fix and Affected. | |
unaffected_versions | jsonb | Versions that are not affected. | |
vendor_ids | text | RHSA-ID and DSA-ID. | |
vulnerability_id | text | CVE-ID or vendor ID. | |
vulnerable_versions | jsonb | Versions that are vulnerable. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- trivy
You can pass the configuration to the command with the --config
argument:
steampipe_export_trivy --config '<your_config>' trivy_advisory