Supported OS

The unfixed/unfixable vulnerabilities mean that the patch has not yet been provided on their distribution. Trivy doesn’t support self-compiled packages/binaries, but official packages provided by vendors such as Red Hat and Debian.

OSSupported VersionsTarget PackagesDetection of unfixed vulnerabilities
Alpine Linux2.2 - 2.7, 3.0 - 3.15Installed by apkNO
Red Hat Universal Base Image17, 8Installed by yum/rpmYES
Red Hat Enterprise Linux6, 7, 8Installed by yum/rpmYES
CentOS6, 7Installed by yum/rpmYES
Oracle Linux5, 6, 7, 8Installed by yum/rpmNO
Amazon Linux1, 2Installed by yum/rpmNO
openSUSE Leap42, 15Installed by zypper/rpmNO
SUSE Enterprise Linux11, 12, 15Installed by zypper/rpmNO
Photon OS1.0, 2.0, 3.0Installed by tdnf/yum/rpmNO
Debian GNU/Linuxwheezy, jessie, stretch, busterInstalled by apt/apt-get/dpkgYES
UbuntuAll versions supported by CanonicalInstalled by apt/apt-get/dpkgYES
Distroless2AnyInstalled by apt/apt-get/dpkgYES

  1. https://developers.redhat.com/products/rhel/ubi

  2. https://github.com/GoogleContainerTools/distroless