Bitnami images have missing target information, duplicated results #7978

bpfoster · 2024-11-21T13:04:12Z

bpfoster
Nov 21, 2024

Description

If I scan a Bitnami image that contains an SBOM (SPDX) file, I see a vulnerability discovered by the SPDX document, and the same vulnerability discovered by the gobinary scanning.

The vulnerability from SBOM scanning does not have a target reported (in either the table or JSON output).

Desired Behavior

I would expect 2 things:

The package to be reported as the target when discovered from an SBOM file
When the SPDX file documents a relationship between the package and its contained files, I would not expect additional, duplicate, vulnerability reports on those contained files.

Actual Behavior

The 2 expectations above are not met.

Reproduction Steps

Run trivy against a bitnami image with known vulnerability, for example docker.io/bitnami/grafana@sha256:5950f7be27595bccc83b70998bc44f85518a0c40c2c9bdeeaf6b29a15e6105f9
See debug output below. There are a bunch of OS package results that are not important to this issue; I removed them from the output to reduce noise.
Note the missing target information on the first gobinary, and that the second gobinary resul is the same vulnerability for a file contained in the grafana package. This relationship is described in the SPDX file inside the image.

{
    "packages": [
        {
            "SPDXID": "SPDXRef-grafana",
            "name": "grafana",
            "versionInfo": "11.3.0-2",
            "downloadLocation": "git+https://github.com/grafana/grafana#refs/tags/v11.3.0",
            "licenseConcluded": "AGPL-3.0-only",
            "licenseDeclared": "AGPL-3.0-only",
            "filesAnalyzed": false,
            "externalRefs": [
                {
                    "referenceCategory": "SECURITY",
                    "referenceType": "cpe23Type",
                    "referenceLocator": "cpe:2.3:*:grafana:grafana:11.3.0:*:*:*:*:*:*:*"
                },
                {
                    "referenceCategory": "PACKAGE-MANAGER",
                    "referenceType": "purl",
                    "referenceLocator": "pkg:bitnami/[email protected]?arch=amd64&distro=debian-12"
                }
            ],
            "copyrightText": "NOASSERTION"
        },
        {
            "name": "opt/bitnami/grafana/bin/grafana",
            "SPDXID": "SPDXRef-Application-5a701a91b6724cbb-grafana",
            "downloadLocation": "NONE",
            "filesAnalyzed": false,
            "primaryPackagePurpose": "APPLICATION",
            "copyrightText": "NOASSERTION",
            "licenseConcluded": "NOASSERTION",
            "licenseDeclared": "NOASSERTION"
        }
    ],
    "relationships": [
        {
            "spdxElementId": "SPDXRef-grafana",
            "relationshipType": "CONTAINS",
            "relatedSpdxElement": "SPDXRef-Application-5a701a91b6724cbb-grafana"
        }
    ]
}

Target

Container Image

Scanner

Vulnerability

Output Format

Table

Mode

Standalone

Debug Output

2024-11-21T07:56:01-05:00	DEBUG	Default config file "file_path=trivy.yaml" not found, using built in values
2024-11-21T07:56:01-05:00	DEBUG	Cache dir	dir="/home/me/.cache/trivy"
2024-11-21T07:56:01-05:00	DEBUG	Cache dir	dir="/home/me/.cache/trivy"
2024-11-21T07:56:01-05:00	DEBUG	Parsed severities	severities=[UNKNOWN LOW MEDIUM HIGH CRITICAL]
2024-11-21T07:56:01-05:00	DEBUG	Ignore statuses	statuses=[]
2024-11-21T07:56:01-05:00	DEBUG	[vulndb] There is no valid metadata file	err="unable to open a file: open /home/me/.cache/trivy/db/metadata.json: no such file or directory"
2024-11-21T07:56:01-05:00	INFO	[vulndb] Need to update DB
2024-11-21T07:56:01-05:00	DEBUG	[vulndb] No metadata file
2024-11-21T07:56:01-05:00	INFO	[vulndb] Downloading vulnerability DB...
2024-11-21T07:56:01-05:00	INFO	[vulndb] Downloading artifact...	repo="mirror.gcr.io/aquasec/trivy-db:2"
56.29 MiB / 56.29 MiB [--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------] 100.00% 11.36 MiB p/s 5.2s
2024-11-21T07:56:08-05:00	INFO	[vulndb] Artifact successfully downloaded	repo="mirror.gcr.io/aquasec/trivy-db:2"
2024-11-21T07:56:08-05:00	DEBUG	Updating database metadata...
2024-11-21T07:56:08-05:00	DEBUG	DB info	schema=2 updated_at=2024-11-21T06:15:30.929926099Z next_update=2024-11-22T06:15:30.929925699Z downloaded_at=2024-11-21T12:56:08.186166861Z
2024-11-21T07:56:08-05:00	DEBUG	[pkg] Package types	types=[os library]
2024-11-21T07:56:08-05:00	DEBUG	[pkg] Package relationships	relationships=[unknown root direct indirect]
2024-11-21T07:56:08-05:00	INFO	[vuln] Vulnerability scanning is enabled
2024-11-21T07:56:08-05:00	INFO	[secret] Secret scanning is enabled
2024-11-21T07:56:08-05:00	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-21T07:56:08-05:00	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-11-21T07:56:08-05:00	DEBUG	Enabling misconfiguration scanners	scanners=[azure-arm cloudformation dockerfile helm kubernetes terraform terraformplan-json terraformplan-snapshot]
2024-11-21T07:56:08-05:00	DEBUG	Initializing scan cache...	type="fs"
2024-11-21T07:56:08-05:00	DEBUG	[secret] No secret config detected	config_path="trivy-secret.yaml"
2024-11-21T07:56:08-05:00	DEBUG	[secret] No secret config detected	config_path="trivy-secret.yaml"
2024-11-21T07:56:08-05:00	DEBUG	[image] Detected image ID	image_id="sha256:88f15faf60d7c1c1d31993e53fa4a5a2549023d49834176c11af5c626193415d"
2024-11-21T07:56:08-05:00	DEBUG	[image] Detected diff ID	diff_ids=[sha256:f904d4eeea257c5355ac3817b0350420751acf0bfcf81438a7d9b2055d7ee784]
2024-11-21T07:56:08-05:00	DEBUG	[image] Detected base layers	diff_ids=[]
2024-11-21T07:56:08-05:00	DEBUG	[image] Missing image ID in cache	image_id="sha256:88f15faf60d7c1c1d31993e53fa4a5a2549023d49834176c11af5c626193415d"
2024-11-21T07:56:08-05:00	DEBUG	[image] Missing diff ID in cache	diff_id="sha256:f904d4eeea257c5355ac3817b0350420751acf0bfcf81438a7d9b2055d7ee784"
2024-11-21T07:56:18-05:00	DEBUG	[gobinary] Unable to detect main module's dependency version - `(devel)` is used	dependency="github.com/bitnami/ini-file"
2024-11-21T07:56:18-05:00	DEBUG	[gobinary] Parsing dependency's build info settings	dependency="github.com/bitnami/ini-file" -ldflags=[-X main.commit= -X 'main.buildDate=2024-11-07 01:04:36 UTC' -s -w]
2024-11-21T07:56:18-05:00	DEBUG	[gobinary] Unable to detect dependency version. `-ldflags` build info settings don't contain version flag. Empty version used.	dependency="github.com/bitnami/ini-file"
2024-11-21T07:56:18-05:00	DEBUG	[gobinary] Unable to detect main module's dependency version - `(devel)` is used	dependency="github.com/grafana/grafana"
2024-11-21T07:56:18-05:00	DEBUG	[gobinary] Parsing dependency's build info settings	dependency="github.com/grafana/grafana" -ldflags=[-w -X main.version=11.3.0-pre -X main.commit=d9455ff7 -X main.buildstamp=1729270190 -X main.buildBranch=HEAD]
2024-11-21T07:56:18-05:00	DEBUG	[gobinary] Unable to detect main module's dependency version - `(devel)` is used	dependency="github.com/grafana/grafana/apps/playlist"
2024-11-21T07:56:18-05:00	DEBUG	[gobinary] Unable to detect main module's dependency version - `(devel)` is used	dependency="github.com/grafana/grafana/pkg/aggregator"
2024-11-21T07:56:18-05:00	DEBUG	[gobinary] Unable to detect main module's dependency version - `(devel)` is used	dependency="github.com/grafana/grafana/pkg/apimachinery"
2024-11-21T07:56:18-05:00	DEBUG	[gobinary] Unable to detect main module's dependency version - `(devel)` is used	dependency="github.com/grafana/grafana/pkg/apiserver"
2024-11-21T07:56:18-05:00	DEBUG	[gobinary] Unable to detect main module's dependency version - `(devel)` is used	dependency="github.com/grafana/grafana/pkg/promlib"
2024-11-21T07:56:18-05:00	DEBUG	[gobinary] Unable to detect main module's dependency version - `(devel)` is used	dependency="github.com/grafana/grafana/pkg/semconv"
2024-11-21T07:56:18-05:00	DEBUG	[gobinary] Unable to detect main module's dependency version - `(devel)` is used	dependency="github.com/grafana/grafana/pkg/storage/unified/apistore"
2024-11-21T07:56:18-05:00	DEBUG	[gobinary] Unable to detect main module's dependency version - `(devel)` is used	dependency="github.com/grafana/grafana/pkg/storage/unified/resource"
2024-11-21T07:56:18-05:00	DEBUG	[gobinary] Unable to detect main module's dependency version - `(devel)` is used	dependency="./pkg/util/xorm"
2024-11-21T07:56:18-05:00	DEBUG	[gobinary] Unable to detect main module's dependency version - `(devel)` is used	dependency="github.com/grafana/grafana"
2024-11-21T07:56:18-05:00	DEBUG	[gobinary] Parsing dependency's build info settings	dependency="github.com/grafana/grafana" -ldflags=[-w -X main.version=11.3.0-pre -X main.commit=d9455ff7 -X main.buildstamp=1729270190 -X main.buildBranch=HEAD]
2024-11-21T07:56:18-05:00	DEBUG	[gobinary] Unable to detect main module's dependency version - `(devel)` is used	dependency="github.com/grafana/grafana"
2024-11-21T07:56:18-05:00	DEBUG	[gobinary] Parsing dependency's build info settings	dependency="github.com/grafana/grafana" -ldflags=[-w -X main.version=11.3.0-pre -X main.commit=d9455ff7 -X main.buildstamp=1729270190 -X main.buildBranch=HEAD]
2024-11-21T07:56:23-05:00	WARN	[secret] The size of the scanned file is too large. It is recommended to use `--skip-files` for this file to avoid high memory consumption.	file_path="opt/bitnami/grafana/public/build/2150.21f907cc3e0b7a685dac.js.map" size (MB)=12
2024-11-21T07:56:25-05:00	WARN	[secret] The size of the scanned file is too large. It is recommended to use `--skip-files` for this file to avoid high memory consumption.	file_path="opt/bitnami/grafana/public/build/322.9e448e90c86f8dd2907e.js.map" size (MB)=11
2024-11-21T07:56:26-05:00	WARN	[secret] The size of the scanned file is too large. It is recommended to use `--skip-files` for this file to avoid high memory consumption.	file_path="opt/bitnami/grafana/public/build/3379.020d2edcd8eb1d9f6d9a.js.map" size (MB)=12
2024-11-21T07:56:28-05:00	WARN	[secret] The size of the scanned file is too large. It is recommended to use `--skip-files` for this file to avoid high memory consumption.	file_path="opt/bitnami/grafana/public/build/3520.51156d26d7b619a9eba0.js.map" size (MB)=13
2024-11-21T07:56:42-05:00	DEBUG	No secrets found in container image config
2024-11-21T07:56:42-05:00	INFO	Detected OS	family="debian" version="12.8"
2024-11-21T07:56:42-05:00	INFO	[debian] Detecting vulnerabilities...	os_version="12" pkg_num=125
2024-11-21T07:56:42-05:00	INFO	Number of language-specific files	num=9
2024-11-21T07:56:42-05:00	INFO	[gobinary] Detecting vulnerabilities...
2024-11-21T07:56:42-05:00	DEBUG	[gobinary] Scanning packages for vulnerabilities	file_path=""
2024-11-21T07:56:42-05:00	INFO	[bitnami] Detecting vulnerabilities...
2024-11-21T07:56:42-05:00	DEBUG	[bitnami] Scanning packages for vulnerabilities	file_path="opt/bitnami/common"
2024-11-21T07:56:42-05:00	DEBUG	[gobinary] Scanning packages for vulnerabilities	file_path="opt/bitnami/common/bin/ini-file"
2024-11-21T07:56:42-05:00	DEBUG	[gobinary] Skipping vulnerability scan as no version is detected for the package	name="github.com/bitnami/ini-file"
2024-11-21T07:56:42-05:00	DEBUG	[bitnami] Scanning packages for vulnerabilities	file_path="opt/bitnami/grafana"
2024-11-21T07:56:42-05:00	DEBUG	[gobinary] Scanning packages for vulnerabilities	file_path="opt/bitnami/grafana/bin/grafana"
2024-11-21T07:56:42-05:00	DEBUG	[gobinary] Skipping vulnerability scan as no version is detected for the package	name="./pkg/util/xorm"
2024-11-21T07:56:42-05:00	DEBUG	[gobinary] Skipping vulnerability scan as no version is detected for the package	name="github.com/grafana/grafana/apps/playlist"
2024-11-21T07:56:42-05:00	DEBUG	[gobinary] Skipping vulnerability scan as no version is detected for the package	name="github.com/grafana/grafana/pkg/aggregator"
2024-11-21T07:56:42-05:00	DEBUG	[gobinary] Skipping vulnerability scan as no version is detected for the package	name="github.com/grafana/grafana/pkg/apimachinery"
2024-11-21T07:56:42-05:00	DEBUG	[gobinary] Skipping vulnerability scan as no version is detected for the package	name="github.com/grafana/grafana/pkg/apiserver"
2024-11-21T07:56:42-05:00	DEBUG	[gobinary] Skipping vulnerability scan as no version is detected for the package	name="github.com/grafana/grafana/pkg/promlib"
2024-11-21T07:56:42-05:00	DEBUG	[gobinary] Skipping vulnerability scan as no version is detected for the package	name="github.com/grafana/grafana/pkg/semconv"
2024-11-21T07:56:42-05:00	DEBUG	[gobinary] Skipping vulnerability scan as no version is detected for the package	name="github.com/grafana/grafana/pkg/storage/unified/apistore"
2024-11-21T07:56:42-05:00	DEBUG	[gobinary] Skipping vulnerability scan as no version is detected for the package	name="github.com/grafana/grafana/pkg/storage/unified/resource"
2024-11-21T07:56:42-05:00	DEBUG	[gobinary] Scanning packages for vulnerabilities	file_path="opt/bitnami/grafana/bin/grafana-cli"
2024-11-21T07:56:42-05:00	DEBUG	[gobinary] Scanning packages for vulnerabilities	file_path="opt/bitnami/grafana/bin/grafana-server"
2024-11-21T07:56:42-05:00	DEBUG	[bitnami] Scanning packages for vulnerabilities	file_path="opt/bitnami/mysql"
2024-11-21T07:56:42-05:00	INFO	[node-pkg] Detecting vulnerabilities...
2024-11-21T07:56:42-05:00	DEBUG	[node-pkg] Scanning packages for vulnerabilities	file_path=""
2024-11-21T07:56:42-05:00	WARN	Using severities from other vendors for some vulnerabilities. Read https://aquasecurity.github.io/trivy/v0.57/docs/scanner/vulnerability#severity-selection for details.
2024-11-21T07:56:42-05:00	DEBUG	[vex] VEX filtering is disabled

docker.io/bitnami/grafana@sha256:5950f7be27595bccc83b70998bc44f85518a0c40c2c9bdeeaf6b29a15e6105f9 (debian 12.8)

Total: 126 (UNKNOWN: 0, LOW: 92, MEDIUM: 18, HIGH: 15, CRITICAL: 1)
...  REMOVED OS PACKAGE RESULTS ...

2024-11-21T07:56:42-05:00	INFO	Table result includes only package filenames. Use '--format json' option to get the full path to the package file.

 (gobinary)

Total: 1 (UNKNOWN: 0, LOW: 1, MEDIUM: 0, HIGH: 0, CRITICAL: 0)

┌────────────────────────────────────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────┐
│                Library                 │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version │                       Title                        │
├────────────────────────────────────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────┤
│ github.com/golang-jwt/jwt/v4 (grafana) │ CVE-2024-51744 │ LOW      │ fixed  │ v4.5.0            │ 4.5.1         │ golang-jwt: Bad documentation of error handling in │
│                                        │                │          │        │                   │               │ ParseWithClaims can lead to potentially...         │
│                                        │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2024-51744         │
└────────────────────────────────────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────┘

opt/bitnami/grafana/bin/grafana (gobinary)

Total: 1 (UNKNOWN: 0, LOW: 1, MEDIUM: 0, HIGH: 0, CRITICAL: 0)

┌──────────────────────────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────┐
│           Library            │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version │                       Title                        │
├──────────────────────────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────┤
│ github.com/golang-jwt/jwt/v4 │ CVE-2024-51744 │ LOW      │ fixed  │ v4.5.0            │ 4.5.1         │ golang-jwt: Bad documentation of error handling in │
│                              │                │          │        │                   │               │ ParseWithClaims can lead to potentially...         │
│                              │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2024-51744         │
└──────────────────────────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────┘

Operating System

RHEL 8

Version

Version: 0.57.1
Vulnerability DB:
  Version: 2
  UpdatedAt: 2024-11-21 06:15:30.929926099 +0000 UTC
  NextUpdate: 2024-11-22 06:15:30.929925699 +0000 UTC
  DownloadedAt: 2024-11-21 12:41:58.323547408 +0000 UTC
Java DB:
  Version: 1
  UpdatedAt: 2024-11-13 03:58:52.326472745 +0000 UTC
  NextUpdate: 2024-11-16 03:58:52.326472254 +0000 UTC
  DownloadedAt: 2024-11-13 13:24:54.22902779 +0000 UTC

Checklist

Run trivy clean --all
Read the troubleshooting

knqyf263 · 2024-11-22T07:38:00Z

knqyf263
Nov 22, 2024
Maintainer

If I scan a Bitnami image that contains a VEX file, I see a vulnerability discovered by the VEX document

Do you mean SBOM?

5 replies

bpfoster Nov 22, 2024
Author

Oops, yes sorry, I got that mixed up. I will fix the verbiage in this issue.

knqyf263 Nov 25, 2024
Maintainer

Trivy is unable to identify the binary path from the Bitnami SBOM. It has sourceInfo, but IIUC, it's free-form text. We cannot assume it is a file path.
https://spdx.github.io/spdx-spec/v2.3/package-information/#712-source-information-field

        {
            "name": "github.com/facette/natsort",
            "SPDXID": "SPDXRef-Package-c687ce87de0c8ef4",
            "versionInfo": "v0.0.0-20181210072756-2cd4dd1e2dcb",
            "supplier": "NOASSERTION",
            "downloadLocation": "NONE",
            "filesAnalyzed": false,
            "sourceInfo": "opt/bitnami/grafana/bin/grafana",
            "licenseConcluded": "NONE",
            "licenseDeclared": "NONE",
            "externalRefs": [
                {
                    "referenceCategory": "PACKAGE-MANAGER",
                    "referenceType": "purl",
                    "referenceLocator": "pkg:golang/github.com/facette/[email protected]"
                }
            ],
            "primaryPackagePurpose": "LIBRARY",
            "copyrightText": "NOASSERTION"
        },

@juan131 Is there any reliable way to extract the file path? I'm sorry for tagging you. Please feel free to forward me to the appropriate person.

juan131 Nov 25, 2024

Hi @knqyf263

I'm afraid the person with more background about this structure is on sick leave, I'll try to give you an update once he's back

knqyf263 Nov 25, 2024
Maintainer

Thanks! We'll wait for that.

bpfoster Nov 26, 2024
Author

Just to make sure.. I think there are 2 different issues I lumped into this 1 discussion - the first is the missing target information on the package discovered from the SBOM doc. This seems straight forward and possibly something that can easily be addressed within trivy. In this example I would would think the target could be reported as something like grafana (the name of the package in the SPDX file) and not a blank string.

The second issue is the one you're currently discussing and I see now that this is more complex (and may involve changes on both consumer and producer). There are (at least) 3 levels of things being reported in the Bitnami SBOM:

The overarching grafana package
The executable files that were in that package
The go libraries that are in each of those executable files

My original discussion centered around the double reporting on 1 & 2, and you have brought up an example of level 3.

Rather than attempting to use the sourceInfo field of the package (which you point out is not a good way to do it), would it not be better to use the relationships within the doc? There are explicit relationships linking all the parts (shortened for readability):

{
  "packages": [
    {
      "SPDXID": "SPDXRef-grafana",
      "name": "grafana",
      "versionInfo": "11.3.0-2"
    },
    {
      "name": "opt/bitnami/grafana/bin/grafana",
      "SPDXID": "SPDXRef-Application-5a701a91b6724cbb-grafana",
      "primaryPackagePurpose": "APPLICATION"
    },
    {
      "name": "github.com/facette/natsort",
      "SPDXID": "SPDXRef-Package-c687ce87de0c8ef4",
      "versionInfo": "v0.0.0-20181210072756-2cd4dd1e2dcb",
      "primaryPackagePurpose": "LIBRARY"
    }
  ],
  "relationships": [
    {
      "spdxElementId": "SPDXRef-grafana",
      "relationshipType": "CONTAINS",
      "relatedSpdxElement": "SPDXRef-Application-5a701a91b6724cbb-grafana"
    },
    {
      "spdxElementId": "SPDXRef-Application-5a701a91b6724cbb-grafana",
      "relationshipType": "DEPENDS_ON",
      "relatedSpdxElement": "SPDXRef-Package-c687ce87de0c8ef4"
    }
  ]
}

I am looking through the specification, and the spec has a Files block, which is potentially being the better way to express what we're talking about in item 2, having first-class support for file locations.

The File Information is specified in Section 8.

They have some examples showing a package which contains files. Confusingly, the example shows this relationship through a hasFiles field on the package, but I can't find that in the spec. There are a couple questions about this: 487 and 805; that it is correct but may be deprecated in v3, and can also be expressed through a relationship.

This example could then look something like:

{
  "packages": [
    {
      "SPDXID": "SPDXRef-grafana",
      "name": "grafana",
      "versionInfo": "11.3.0-2"
    },
    {
      "name": "github.com/facette/natsort",
      "SPDXID": "SPDXRef-Package-c687ce87de0c8ef4",
      "versionInfo": "v0.0.0-20181210072756-2cd4dd1e2dcb",
      "primaryPackagePurpose": "LIBRARY"
    }
  ],
  "files": [
    {
      "SPDXID": "SPDXRef-Application-5a701a91b6724cbb-grafana",
      "fileName": "/opt/bitnami/grafana/bin/grafana",
      "fileTypes": ["BINARY"]
    }
  ],
  "relationships": [
    {
      "spdxElementId": "SPDXRef-grafana",
      "relationshipType": "CONTAINS",
      "relatedSpdxElement": "SPDXRef-Application-5a701a91b6724cbb-grafana"
    },
    {
      "spdxElementId": "SPDXRef-Application-5a701a91b6724cbb-grafana",
      "relationshipType": "CONTAINS",
      "relatedSpdxElement": "SPDXRef-Package-c687ce87de0c8ef4"
    }
  ]
}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bitnami images have missing target information, duplicated results #7978

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Replies: 1 comment 5 replies

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

Select a reply

Bitnami images have missing target information, duplicated results #7978

bpfoster Nov 21, 2024

Description

Desired Behavior

Actual Behavior

Reproduction Steps

Target

Scanner

Output Format

Mode

Debug Output

Operating System

Version

Checklist

Replies: 1 comment · 5 replies

knqyf263 Nov 22, 2024 Maintainer

bpfoster Nov 22, 2024 Author

knqyf263 Nov 25, 2024 Maintainer

juan131 Nov 25, 2024

knqyf263 Nov 25, 2024 Maintainer

bpfoster Nov 26, 2024 Author

bpfoster
Nov 21, 2024

Replies: 1 comment 5 replies

knqyf263
Nov 22, 2024
Maintainer

bpfoster Nov 22, 2024
Author

knqyf263 Nov 25, 2024
Maintainer

knqyf263 Nov 25, 2024
Maintainer

bpfoster Nov 26, 2024
Author