Rust / Cargo is completely broken #5308

hamiltop · 2023-10-02T18:40:42Z

hamiltop
Oct 2, 2023

Description

Raised in #5214 and aquasecurity/trivy-db#353

Something is crossed up in categorizing GHSA as rust vs cargo vulnerabilities. Because they are mistagged, they are ignored and no rust vulnerabilities are reported.

Desired Behavior

When I run a scan in a rust project with a known vulnerability, I expect it to be flagged.

Actual Behavior

Nothing is raised in rust projects.

Reproduction Steps

See https://github.com/aquasecurity/trivy/issues/5214

Target

Git Repository

Scanner

Vulnerability

Output Format

JSON

Mode

Standalone

Debug Output

See https://github.com/aquasecurity/trivy/issues/5214

Operating System

Any

Version

See https://github.com/aquasecurity/trivy/issues/5214

Checklist

Run trivy image --reset
Read the troubleshooting

knqyf263 · 2023-10-03T05:17:10Z

knqyf263
Oct 3, 2023
Maintainer

Fixed in aquasecurity/trivy-db#355

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Rust / Cargo is completely broken #5308

{{title}}

Replies: 1 comment

{{title}}

Select a reply

Rust / Cargo is completely broken #5308

hamiltop Oct 2, 2023

Description

Desired Behavior

Actual Behavior

Reproduction Steps

Target

Scanner

Output Format

Mode

Debug Output

Operating System

Version

Checklist

Replies: 1 comment

knqyf263 Oct 3, 2023 Maintainer

hamiltop
Oct 2, 2023

knqyf263
Oct 3, 2023
Maintainer