Behaviour of Trivy Analyzer switch "Ignore unfixed vulnerabilities" #4157

larsriehn · 2024-09-18T12:15:38Z

larsriehn
Sep 18, 2024

We use the Trivy analyzer and have imported the SBOM's with "Ignore unfixed vulnerabilities" switched off.
I now set the switch to "Ignore unfixed vulnerabilities", and nothing changed. I expected that during the next daily "Portfolio vulnerability analysis" the number of CVE's would drop and only Trivy CVE's with an existing fix are shown. But this is not the case. All CVE's remain.
Is this the intended behaviour?
Can I achieve a new (clear) CVE evaluation in any way?

larsriehn · 2025-04-02T09:18:00Z

larsriehn
Apr 2, 2025
Author

Anyone?

0 replies

fupgang · 2025-04-04T07:53:53Z

fupgang
Apr 4, 2025

Can I achieve a new (clear) CVE evaluation in any way?

Workaround: Remove all components, this purges all vulnerabilities. Then upload the sbom again to restore the components and trigger a new analysis.

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Behaviour of Trivy Analyzer switch "Ignore unfixed vulnerabilities" #4157

Uh oh!

{{title}}

Uh oh!

Replies: 2 comments

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Uh oh!

Behaviour of Trivy Analyzer switch "Ignore unfixed vulnerabilities" #4157

Uh oh!

larsriehn Sep 18, 2024

Replies: 2 comments

Uh oh!

larsriehn Apr 2, 2025 Author

Uh oh!

fupgang Apr 4, 2025

larsriehn
Sep 18, 2024

larsriehn
Apr 2, 2025
Author

fupgang
Apr 4, 2025