Trivy · JSON Structure

Trivy Scan Structure

JSON structure documentation for Trivy vulnerability reports and scan results

Type: Properties: 0
ContainersKubernetesSBOMSecurityVulnerability ScanningOpen SourceDevSecOpsCloud Security

Trivy Scan Structure is a JSON Structure definition published by Trivy.

Meta-schema:

JSON Structure

Raw ↑ 
{
  "title": "Trivy Scan Structure",
  "description": "JSON structure documentation for Trivy vulnerability reports and scan results",
  "version": "2.0.0",
  "structures": [
    {
      "name": "VulnerabilityReport",
      "description": "Top-level Trivy scan output with metadata and results",
      "fields": [
        { "name": "SchemaVersion", "type": "integer", "required": false, "description": "Report schema version (2)" },
        { "name": "ArtifactName", "type": "string", "required": false, "description": "Scanned artifact name" },
        { "name": "ArtifactType", "type": "string", "required": false, "description": "container_image, filesystem, repository, sbom" },
        { "name": "Metadata", "type": "object", "required": false, "description": "OS, image ID, repo tags" },
        { "name": "Results", "type": "array[Result]", "required": false, "description": "Per-layer or per-component scan results" }
      ]
    },
    {
      "name": "Result",
      "description": "Scan results for a single target layer or component",
      "fields": [
        { "name": "Target", "type": "string", "required": true, "description": "Layer or file target name" },
        { "name": "Class", "type": "string", "required": false, "description": "os-pkgs, lang-pkgs, config, secret, license" },
        { "name": "Type", "type": "string", "required": false, "description": "Package ecosystem (alpine, npm, pip, etc.)" },
        { "name": "Vulnerabilities", "type": "array[Vulnerability]", "required": false, "description": "Detected CVEs" },
        { "name": "Misconfigurations", "type": "array[Misconfiguration]", "required": false, "description": "IaC misconfigurations" },
        { "name": "Secrets", "type": "array[Secret]", "required": false, "description": "Exposed credentials" }
      ]
    },
    {
      "name": "Vulnerability",
      "description": "A single detected vulnerability (CVE)",
      "fields": [
        { "name": "VulnerabilityID", "type": "string", "required": true, "description": "CVE identifier" },
        { "name": "PkgName", "type": "string", "required": false, "description": "Affected package" },
        { "name": "PkgVersion", "type": "string", "required": false, "description": "Installed version" },
        { "name": "FixedVersion", "type": "string", "required": false, "description": "Version with fix" },
        { "name": "Severity", "type": "string", "required": true, "description": "CRITICAL, HIGH, MEDIUM, LOW, UNKNOWN" },
        { "name": "Title", "type": "string", "required": false, "description": "Short description" },
        { "name": "CVSS", "type": "object", "required": false, "description": "CVSS scores" }
      ]
    },
    {
      "name": "TrivyOperatorVulnerabilityReport",
      "description": "Kubernetes CRD report generated by Trivy Operator",
      "fields": [
        { "name": "apiVersion", "type": "string", "required": true, "description": "aquasecurity.github.io/v1alpha1" },
        { "name": "kind", "type": "string", "required": true, "description": "VulnerabilityReport" },
        { "name": "metadata", "type": "object", "required": true, "description": "Kubernetes resource metadata" },
        { "name": "report", "type": "object", "required": true, "description": "Report content with vulnerabilities list" }
      ]
    }
  ]
}