Trivy · Example Payload

Trivy Vulnerability Report Example

trivy image alpine:3.15 --format json

ContainersKubernetesSBOMSecurityVulnerability ScanningOpen SourceDevSecOpsCloud Security

Trivy Vulnerability Report Example is an example object payload from Trivy, with 4 top-level fields. It illustrates the shape of data this provider's APIs accept or return.

Top-level fields

operationdescriptioncommandoutput

Example Payload

Raw ↑ 
{
  "operation": "trivyScan",
  "description": "trivy image alpine:3.15 --format json",
  "command": "trivy image alpine:3.15 --format json --severity HIGH,CRITICAL",
  "output": {
    "SchemaVersion": 2,
    "ArtifactName": "alpine:3.15",
    "ArtifactType": "container_image",
    "Metadata": {
      "OS": {
        "Family": "alpine",
        "Name": "3.15.0"
      },
      "ImageID": "sha256:c059bfaa849c4d8e4aecaeb3a10c2d9b3d85f5165c66ad3a4d937758128c4d18",
      "RepoTags": ["alpine:3.15"],
      "RepoDigests": ["alpine@sha256:21a3deaa0d32a8057914f36584b5288d2e5ecc984380bc0118285c70fa8c9300"]
    },
    "Results": [
      {
        "Target": "alpine:3.15 (alpine 3.15.0)",
        "Class": "os-pkgs",
        "Type": "alpine",
        "Vulnerabilities": [
          {
            "VulnerabilityID": "CVE-2022-28391",
            "PkgName": "busybox",
            "InstalledVersion": "1.34.1-r0",
            "FixedVersion": "1.34.1-r6",
            "Severity": "HIGH",
            "Title": "busybox: remote attackers may execute arbitrary code if netstat is used",
            "Description": "BusyBox through 1.35.0 allows remote attackers to execute arbitrary code...",
            "References": [
              "https://nvd.nist.gov/vuln/detail/CVE-2022-28391"
            ],
            "PublishedDate": "2022-04-03T21:15:00Z",
            "LastModifiedDate": "2022-04-09T14:15:00Z"
          }
        ]
      }
    ]
  }
}