我运行 root 和 jenkins 用户的 trivy 命令,如下所示;但结果并不一样。我发现 root 用户有 7 个漏洞,jenkins 用户有 4 个漏洞。我检查了权限、琐碎的配置,但没有发现任何东西。
root@yyy:~/var/lib/jenkins/jobs/xxx/branches/development/workspace# trivy fs /var/lib/jenkins/jobs/xxx/branches/development/workspace
2024-03-12T17:43:43.527+0300 INFO Vulnerability scanning is enabled
2024-03-12T17:43:43.527+0300 INFO Secret scanning is enabled
2024-03-12T17:43:43.527+0300 INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-03-12T17:43:43.527+0300 INFO Please see also https://aquasecurity.github.io/trivy/v0.42/docs/secret/scanning/#recommendation for faster secret detection
2024-03-12T17:43:44.634+0300 INFO Number of language-specific files: 1
2024-03-12T17:43:44.634+0300 INFO Detecting pom vulnerabilities...
pom.xml (pom)
Total: 7 (UNKNOWN: 0, LOW: 0, MEDIUM: 5, HIGH: 2, CRITICAL: 0)
....
jenkins@yyy:~/var/lib/jenkins/jobs/xxx/branches/development/workspace# trivy fs /var/lib/jenkins/jobs/xxx/branches/development/workspace
2024-03-12T17:43:53.616+0300 INFO Vulnerability scanning is enabled
2024-03-12T17:43:53.616+0300 INFO Secret scanning is enabled
2024-03-12T17:43:53.616+0300 INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-03-12T17:43:53.616+0300 INFO Please see also https://aquasecurity.github.io/trivy/v0.42/docs/secret/scanning/#recommendation for faster secret detection
2024-03-12T17:43:54.112+0300 INFO Number of language-specific files: 1
2024-03-12T17:43:54.112+0300 INFO Detecting pom vulnerabilities...
pom.xml (pom)
Total: 4 (UNKNOWN: 0, LOW: 0, MEDIUM: 4, HIGH: 0, CRITICAL: 0)
...
trivy --版本输出:
Version: 0.42.1
Vulnerability DB:
Version: 2
UpdatedAt: 2024-03-12 12:11:09.459246831 +0000 UTC
NextUpdate: 2024-03-12 18:11:09.459246471 +0000 UTC
DownloadedAt: 2024-03-12 14:41:57.090100001 +0000 UTC
我问这个问题是为了: 我在github找到了解决方案。