Discussions

• 18 You must be logged in to vote

  📢

  Trivy Security incident 2026-03-19 conclusion

  itaysk announced Mar 30, 2026 in Announcements

  

  

  

  

  7
• 1 You must be logged in to vote

  🐛

  Docker Hub misses latest tag

  kind/bug Categorizes issue or PR as related to a bug.

  Falco20019 started Apr 13, 2026 in Bugs

  

  

  2
• 1 You must be logged in to vote

  🔎

  Issues are not detected in Trivy

  Iamsajidkhan started Apr 13, 2026 in False Detection

  

  

  0
• 1 You must be logged in to vote

  🐛

  Azure AI Foundry, OpenAI secret not detected

  kind/feature Categorizes issue or PR as related to a new feature. scan/secret Issues relating to secret scanning

  wahmedswl started Apr 12, 2026 in Bugs

  

  

  1
• 1 You must be logged in to vote

  🐛

  Error with SBOM via OCI referrers - SBOM download error: unacceptable media type

  kind/bug Categorizes issue or PR as related to a bug.

  rcarre started Apr 9, 2026 in Bugs

  

  

  1
• 1 You must be logged in to vote

  💡

  Support Echo Language Package Scanning

  kind/feature Categorizes issue or PR as related to a new feature. scan/vulnerability Issues relating to vulnerability scanning target/container-image Issues relating to container image scanning

  orizerah started Apr 12, 2026 in Ideas

  

  

  0
• 1 You must be logged in to vote

  📖

  apt repo still lists v0.69.4 as an upgrade available

  kind/documentation Categorizes issue or PR as related to documentation.

  9technologygroup started Apr 11, 2026 in Documentation

  

  

  1
• 44 You must be logged in to vote

  📢

  Trivy Security incident 2026-03-19

  itaysk announced Mar 20, 2026 in Announcements

  

  

  

  

  310
• 1 You must be logged in to vote

  🙏

  Trivy does not include Spring Boot 4.0.4+ JAR in SBOM

  scan/vulnerability Issues relating to vulnerability scanning

  jpalomaki asked Apr 9, 2026 in Q&A · Answered

  

  

  1
• 1 You must be logged in to vote

  💡

  [RFC] npm supply chain security: install script auditing, malicious package detection, and dependency confusion

  Gahrcoder started Apr 9, 2026 in Ideas

  

  

  0
• 1 You must be logged in to vote

  🐛

  misconfiguration with false-positive while using terraform data with for_each

  kind/bug Categorizes issue or PR as related to a bug.

  felipeng started Jan 8, 2026 in Bugs · Closed

  

  

  

  

  2
• 1 You must be logged in to vote

  💡

  Feature Request: Option to Ignore Transitive Maven Repositories during POM Resolution

  kind/feature Categorizes issue or PR as related to a new feature.

  philippe-granet started Apr 8, 2026 in Ideas

  

  

  0
• 1 You must be logged in to vote

  📖

  docs: clarify how Trivy determines Go stdlib version from go and toolchain in go.mod

  kind/documentation Categorizes issue or PR as related to documentation.

  ystkfujii started Apr 7, 2026 in Documentation

  

  

  0
• 1 You must be logged in to vote

  🐛

  Bom module in maven multimodule project is not used correctly without first installing the artifacts

  kind/bug Categorizes issue or PR as related to a bug.

  askoog started Apr 1, 2026 in Bugs

  

  

  1
• 2 You must be logged in to vote

  🙏

  The Debian Package is not available

  alinex asked Mar 23, 2026 in Q&A · Answered

  

  

  

  

  4
• 2 You must be logged in to vote

  💡

  Add some (optional) warning about unused ignored vulnerabilities

  kind/feature Categorizes issue or PR as related to a new feature.

  victornoel started Jan 23, 2023 in Ideas

  

  

  

  

  10
• 0 You must be logged in to vote

  🔎

  wal-g CVE-2021-38599: +dirty pseudo-version, FixedVersion 1.1 — expected?

  AreejMohamedSaad started Apr 3, 2026 in False Detection · Closed

  

  

  1
• 4 You must be logged in to vote

  🐛

  IP allow list blocks gh CLI in CI, preventing release integrity attestation

  kind/bug Categorizes issue or PR as related to a bug.

  633kh4ck started Mar 24, 2026 in Bugs

  

  

  

  

  12
• 1 You must be logged in to vote

  🙏

  Questions about pinning Trivy version ?

  triage/support Indicates an issue that is a support question.

  sbernard31 asked Mar 30, 2026 in Q&A · Unanswered

  

  

  

  

  6
• 1 You must be logged in to vote

  🐛

  Different result for VEX between SBOM and image scanning

  kind/bug Categorizes issue or PR as related to a bug.

  AugustusKling started Apr 1, 2026 in Bugs

  

  

  0
• 2 You must be logged in to vote

  💡

  SPDX 3?

  kind/feature Categorizes issue or PR as related to a new feature. scan/vulnerability Issues relating to vulnerability scanning

  rossburton started Mar 5, 2025 in Ideas

  

  

  

  

  4
• 9 You must be logged in to vote

  🔎

  CVE-2026-32767 assigned to libexpat, should be CVE-2026-32776

  mmusenbr started Mar 19, 2026 in False Detection

  

  

  

  

  6
• 2 You must be logged in to vote

  🙏

  Discrepancy in CVE Detection Between Grype and Trivy for the Same SBOM

  triage/support Indicates an issue that is a support question.

  carusojfr asked Mar 26, 2026 in Q&A · Answered

  

  

  1
• 2 You must be logged in to vote

  🔎

  False positive for CVE-2026-32767: libexpat on nginxproxy/nginx-proxy:1.10.1-alpine image

  coreh started Mar 26, 2026 in False Detection · Closed

  

  

  1
• 1 You must be logged in to vote

  🐛

  Trivy scans a library declared as "test" in a dependency module

  kind/bug Categorizes issue or PR as related to a bug.

  thboileau started Mar 30, 2026 in Bugs

  

  

  1