Table: trivy_vulnerability - Query Trivy Vulnerabilities using SQL
Trivy is a comprehensive vulnerability scanner for offering visibility into potential security issues within containers and file systems. It identifies vulnerabilities within Operating Systems and application dependencies, providing a critical tool for security and DevOps professionals. Trivy helps to maintain the security posture of resources by identifying and providing details about known vulnerabilities.
Table Usage Guide
The trivy_vulnerability table provides insights into potential vulnerabilities within resources. As a security or DevOps professional, use this table to explore and understand the vulnerabilities that exist within your environment, including their severity, package name, and current version. This table is a valuable tool for maintaining the security posture of your resources and ensuring compliance with security best practices.
Important Notes
- To scan files or images for vulnerabilities please see the
trivy_scan_vulnerabilitytable.
Examples
List all vulnerabilities
Explore which system vulnerabilities exist, their details, and when they were published, to better understand potential security risks and prioritize remediation efforts.
select name, title, published_date, descriptionfrom trivy_vulnerabilityorder by name;select name, title, published_date, descriptionfrom trivy_vulnerabilityorder by name;Vulnerabilities published in the last 7 days
Discover the segments that have been exposed to vulnerabilities in the past week. This allows you to understand recent threats and take appropriate security measures.
select name, title, published_date, descriptionfrom trivy_vulnerabilitywhere published_date > now() - interval '7 days'order by published_date desc;select name, title, published_date, descriptionfrom trivy_vulnerabilitywhere published_date > datetime('now', '-7 days')order by published_date desc;Vulnerabilities by severity
Analyze the severity of vulnerabilities within your system to understand the areas that require immediate attention. This can help prioritize security measures and allocate resources effectively.
select severity, count(*)from trivy_vulnerabilitygroup by severityorder by count desc;select severity, count(*)from trivy_vulnerabilitygroup by severityorder by count(*) desc;Vulnerabilities by Common Weakness Enumeration (CWE)
Explore which weaknesses are most common in your system by counting the occurrences of each Common Weakness Enumeration (CWE). This can help prioritize security efforts by identifying the most recurring vulnerabilities.
select cwe_id, count(*) as count, array_agg(v.name)from trivy_vulnerability as v, jsonb_array_elements_text(cwe_ids) as cwe_idgroup by cwe_idorder by count desc;select cwe_id, count(*) as count, group_concat(v.name)from trivy_vulnerability as v, json_each(cwe_ids) as cwe_idgroup by cwe_id.valueorder by count desc;2022 CVEs for CWE-20 Improper Input Validation
Determine the areas in which potential vulnerabilities related to improper input validation have been identified in the year 2022. This can be useful for prioritizing and addressing security issues in your system.
select name, title, published_date, cwe_idsfrom trivy_vulnerabilitywhere name like 'CVE-2022-%' and cwe_ids ? 'CWE-20'order by name;select name, title, published_date, cwe_idsfrom trivy_vulnerabilitywhere name like 'CVE-2022-%' and json_extract(cwe_ids, '$.CWE-20') is not nullorder by name;Vulnerability types (e.g. CVE) in the database
Explore the distribution of different types of vulnerabilities within your system to better understand the areas that require enhanced security measures. This can help prioritize your responses to potential threats.
select split_part(name, '-', 1) as vuln_type, count(*)from trivy_vulnerabilitygroup by vuln_typeorder by count desc;Error: SQLite does not support splitor string_to_array functions.Vulnerabilities with a National Vulnerability Database Qualitative Severity Rating > 7
Gain insights into potential vulnerabilities that have a high severity rating according to the National Vulnerability Database. This can be particularly useful for prioritizing security measures and addressing the most critical threats first. Learn more about the Qualitative Severity Rating Scale.
select name, severity, (cvss -> 'nvd' -> 'V3Score') :: float as v3_score, titlefrom trivy_vulnerabilitywhere (cvss -> 'nvd' -> 'V3Score') :: float > 8order by v3_score desc;select name, severity, json_extract(cvss, '$.nvd.V3Score') as v3_score, titlefrom trivy_vulnerabilitywhere json_extract(cvss, '$.nvd.V3Score') > 8order by v3_score desc;Schema for trivy_vulnerability
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form, e.g. connection_name. | |
| cvss | jsonb | Common Vulnerability Scoring System details for the vulnerability. | |
| cwe_ids | jsonb | Array of Common Weakness Enumeration IDs associated with this vulnerability, e.g. [CWE-252, CWE-384]. | |
| description | text | Description of the vulnerability. | |
| last_modified_date | timestamp with time zone | Date when the vulnerability was last modified. | |
| name | text | = | Name of the vulnerability, e.g. CVE-2022-1234. |
| published_date | timestamp with time zone | Date when the vulnerability was published. | |
| references | jsonb | Reference URLs for the vulnerability. | |
| severity | text | Severity of the vulnerability, e.g. LOW, MEDIUM, HIGH, CRITICAL. | |
| title | text | Title of the vulnerability. | |
| vendor_severity | jsonb | Severity of the vulnerability as assigned by the vendor. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- trivyYou can pass the configuration to the command with the --config argument:
steampipe_export_trivy --config '<your_config>' trivy_vulnerability