steampipe plugin install trivy

Table: trivy_advisory - Query Trivy Advisories using SQL

Trivy is a simple and comprehensive vulnerability scanner for containers. It detects vulnerabilities of OS packages (Alpine, RHEL, CentOS, etc.) and application dependencies (Bundler, Composer, npm, yarn, etc.). Trivy is particularly designed to scan containers, but it can also scan filesystems.

Table Usage Guide

The trivy_advisory table offers insights into the vulnerabilities detected by Trivy. As a security analyst, use this table to explore details about the vulnerabilities, including their severity, vendor status, and related references. This can be instrumental in identifying and mitigating potential security risks in your container environments.

Examples

List all advisories

Explore the various advisories available, organized by their source and name. This allows for efficient tracking and management of advisories, ensuring that none are overlooked.

select
source,
name,
key
from
trivy_advisory
order by
source,
name,
key;
select
source,
name,
key
from
trivy_advisory
order by
source,
name,
key;

Count of advisories by source

Determine the areas in which security advisories originate to understand where the most vulnerabilities are found. This helps in prioritizing security measures and resources effectively.

select
source,
count(*)
from
trivy_advisory
group by
source
order by
count desc;
select
source,
count(*)
from
trivy_advisory
group by
source
order by
count(*) desc;

All advisories for xen

Uncover the details of all advisories related to 'xen' to ensure system vulnerabilities are addressed. This allows for a comprehensive review of potential security risks and the necessary steps to mitigate them.

select
name,
key,
source,
fixed_version
from
trivy_advisory
where
name = 'xen'
order by
name,
key,
source,
fixed_version;
select
name,
key,
source,
fixed_version
from
trivy_advisory
where
name = 'xen'
order by
name,
key,
source,
fixed_version;

Advisories not fixed as the package was "end-of-life"

Explore which advisories haven't been resolved due to the package reaching its end-of-life. This can be useful to identify potential security risks that need to be addressed through other means.

select
source,
name,
key,
fixed_version
from
trivy_advisory
where
state = 'end-of-life';
select
source,
name,
key,
fixed_version
from
trivy_advisory
where
state = 'end-of-life';

Schema for trivy_advisory

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
affected_versiontextVersions when the vulnerability is affected. Only for Arch Linux.
fixed_versiontextVersion when the vulnerability is fixed.
keytext=Key referencing the vulnerability, e.g. CVE-2021-27506.
nametext=Name of the package with the vulnerability, e.g. ansible.
patched_versionsjsonbVersions that patch this vulnerability.
severitybigintSeverity rating (0, 1, 2, 3) for the advisory.
sourcetext=Operating system or package the advisory is for, e.g. alpine 3.10.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
statetextState of the advisory. Empty if fixed version is set. e.g. Will not fix and Affected.
unaffected_versionsjsonbVersions that are not affected.
vendor_idstextRHSA-ID and DSA-ID.
vulnerability_idtextCVE-ID or vendor ID.
vulnerable_versionsjsonbVersions that are vulnerable.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- trivy

You can pass the configuration to the command with the --config argument:

steampipe_export_trivy --config '<your_config>' trivy_advisory