steampipe plugin install trivy

Table: trivy_vulnerability - Query Trivy Vulnerabilities using SQL

Trivy is a comprehensive vulnerability scanner for offering visibility into potential security issues within containers and file systems. It identifies vulnerabilities within Operating Systems and application dependencies, providing a critical tool for security and DevOps professionals. Trivy helps to maintain the security posture of resources by identifying and providing details about known vulnerabilities.

Table Usage Guide

The trivy_vulnerability table provides insights into potential vulnerabilities within resources. As a security or DevOps professional, use this table to explore and understand the vulnerabilities that exist within your environment, including their severity, package name, and current version. This table is a valuable tool for maintaining the security posture of your resources and ensuring compliance with security best practices.

Important Notes

  • To scan files or images for vulnerabilities please see the trivy_scan_vulnerability table.

Examples

List all vulnerabilities

Explore which system vulnerabilities exist, their details, and when they were published, to better understand potential security risks and prioritize remediation efforts.

select
name,
title,
published_date,
description
from
trivy_vulnerability
order by
name;
select
name,
title,
published_date,
description
from
trivy_vulnerability
order by
name;

Vulnerabilities published in the last 7 days

Discover the segments that have been exposed to vulnerabilities in the past week. This allows you to understand recent threats and take appropriate security measures.

select
name,
title,
published_date,
description
from
trivy_vulnerability
where
published_date > now() - interval '7 days'
order by
published_date desc;
select
name,
title,
published_date,
description
from
trivy_vulnerability
where
published_date > datetime('now', '-7 days')
order by
published_date desc;

Vulnerabilities by severity

Analyze the severity of vulnerabilities within your system to understand the areas that require immediate attention. This can help prioritize security measures and allocate resources effectively.

select
severity,
count(*)
from
trivy_vulnerability
group by
severity
order by
count desc;
select
severity,
count(*)
from
trivy_vulnerability
group by
severity
order by
count(*) desc;

Vulnerabilities by Common Weakness Enumeration (CWE)

Explore which weaknesses are most common in your system by counting the occurrences of each Common Weakness Enumeration (CWE). This can help prioritize security efforts by identifying the most recurring vulnerabilities.

select
cwe_id,
count(*) as count,
array_agg(v.name)
from
trivy_vulnerability as v,
jsonb_array_elements_text(cwe_ids) as cwe_id
group by
cwe_id
order by
count desc;
select
cwe_id,
count(*) as count,
group_concat(v.name)
from
trivy_vulnerability as v,
json_each(cwe_ids) as cwe_id
group by
cwe_id.value
order by
count desc;

2022 CVEs for CWE-20 Improper Input Validation

Determine the areas in which potential vulnerabilities related to improper input validation have been identified in the year 2022. This can be useful for prioritizing and addressing security issues in your system.

select
name,
title,
published_date,
cwe_ids
from
trivy_vulnerability
where
name like 'CVE-2022-%'
and cwe_ids ? 'CWE-20'
order by
name;
select
name,
title,
published_date,
cwe_ids
from
trivy_vulnerability
where
name like 'CVE-2022-%'
and json_extract(cwe_ids, '$.CWE-20') is not null
order by
name;

Vulnerability types (e.g. CVE) in the database

Explore the distribution of different types of vulnerabilities within your system to better understand the areas that require enhanced security measures. This can help prioritize your responses to potential threats.

select
split_part(name, '-', 1) as vuln_type,
count(*)
from
trivy_vulnerability
group by
vuln_type
order by
count desc;
Error: SQLite does not support split
or string_to_array functions.

Vulnerabilities with a National Vulnerability Database Qualitative Severity Rating > 7

Gain insights into potential vulnerabilities that have a high severity rating according to the National Vulnerability Database. This can be particularly useful for prioritizing security measures and addressing the most critical threats first. Learn more about the Qualitative Severity Rating Scale.

select
name,
severity,
(cvss -> 'nvd' -> 'V3Score') :: float as v3_score,
title
from
trivy_vulnerability
where
(cvss -> 'nvd' -> 'V3Score') :: float > 8
order by
v3_score desc;
select
name,
severity,
json_extract(cvss, '$.nvd.V3Score') as v3_score,
title
from
trivy_vulnerability
where
json_extract(cvss, '$.nvd.V3Score') > 8
order by
v3_score desc;

Schema for trivy_vulnerability

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
cvssjsonbCommon Vulnerability Scoring System details for the vulnerability.
cwe_idsjsonbArray of Common Weakness Enumeration IDs associated with this vulnerability, e.g. [CWE-252, CWE-384].
descriptiontextDescription of the vulnerability.
last_modified_datetimestamp with time zoneDate when the vulnerability was last modified.
nametext=Name of the vulnerability, e.g. CVE-2022-1234.
published_datetimestamp with time zoneDate when the vulnerability was published.
referencesjsonbReference URLs for the vulnerability.
severitytextSeverity of the vulnerability, e.g. LOW, MEDIUM, HIGH, CRITICAL.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
titletextTitle of the vulnerability.
vendor_severityjsonbSeverity of the vulnerability as assigned by the vendor.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- trivy

You can pass the configuration to the command with the --config argument:

steampipe_export_trivy --config '<your_config>' trivy_vulnerability