docs(issue): added docs for wrong detection issues #1961
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
afdesk
changed the title
knqyf263
reviewed
Apr 12, 2022
docs/community/contribute/issue.md
Outdated
Comment on lines
8
to
21
| ## Wrong detection | ||
| Trivy depends on Github Advisory Database and Gitlab Advisory Database. | ||
| Sometime these databases contain mistakes. | ||
|
|
||
| if Trivy can't detect any CVEs or shows false positive result, at first do the next steps: | ||
| - run Trivy with `-f json` that shows data sources. Please make sure that data source is correct. | ||
| - visit [Github Advisory Database](https://github.com/advisories) and search CVE-ID. | ||
| - visit [Gitlab Advisory Database](https://advisories.gitlab.com/) and search CVE-ID . | ||
|
|
||
| If the data source is correct and Trivy shows wrong results, please raise an issue on Trivy | ||
|
|
||
| If you find a problem, it'll be nice to fix it: | ||
| * How to contribute to a GitHub security advisory: https://github.blog/2022-02-22-github-advisory-database-now-open-to-community-contributions/ | ||
| * Create an issue to Gitlab Advisory Database: https://gitlab.com/gitlab-org/security-products/gemnasium-db/-/issues/new |
There was a problem hiding this comment.
mkdocs may show different from GitHub markdown. Please make sure that the doc is not broken by make mkdocs-serve. It seems to be broken now.
There was a problem hiding this comment.
I'll fix it this time.
oh, thanks. will be careful
Comment on lines
13
to
16
| ## Check Advisory Databases | ||
| - [ ] run Trivy with `-f json` that shows data sources. Please make sure that data source is correct. | ||
| - [ ] visit [Github Advisory Database](https://github.com/advisories) and search CVE-ID. | ||
| - [ ] visit [Gitlab Advisory Database](https://advisories.gitlab.com/) and search CVE-ID. |
There was a problem hiding this comment.
Suggested change
| ## Check Advisory Databases | |
| - [ ] run Trivy with `-f json` that shows data sources. Please make sure that data source is correct. | |
| - [ ] visit [Github Advisory Database](https://github.com/advisories) and search CVE-ID. | |
| - [ ] visit [Gitlab Advisory Database](https://advisories.gitlab.com/) and search CVE-ID. | |
| ## Checklist | |
| - [ ] Read [the documentation regarding wrong detection](https://aquasecurity.github.io/trivy/latest/community/contribute/issue/#wrong-detection) | |
| - [ ] Confirm that a security advisory in data sources is correct | |
| - run Trivy with `-f json` that shows data sources. Please make sure that the security advisory is correct. |
Comment on lines
6
to
12
| <!-- | ||
|
|
||
| Please, read the documentation before creating an issue: | ||
| https://aquasecurity.github.io/trivy/latest/community/contribute/issue/ | ||
|
|
||
| --> | ||
|
|
There was a problem hiding this comment.
We can move it to check list.
docs/community/contribute/issue.md
Outdated
| @@ -4,3 +4,18 @@ Thank you for taking interest in contributing to Trivy! | |||
| - Please spend a small amount of time giving due diligence to the issue tracker. Your issue might be a duplicate. If it is, please add your comment to the existing issue. | |||
| - Remember that users might search for your issue in the future, so please give it a meaningful title to help others. | |||
| - The issue should clearly explain the reason for opening, the proposal if you have any, and any relevant technical information. | |||
|
|
|||
| ## Wrong detection | |||
| Trivy depends on Github Advisory Database and Gitlab Advisory Database. | |||
There was a problem hiding this comment.
Suggested change
| Trivy depends on Github Advisory Database and Gitlab Advisory Database. | |
| Trivy depends on [multiple data sources](https://aquasecurity.github.io/trivy/latest/docs/vulnerability/detection/data-source/). |
docs/community/contribute/issue.md
Outdated
| Trivy depends on Github Advisory Database and Gitlab Advisory Database. | ||
| Sometime these databases contain mistakes. | ||
|
|
||
| if Trivy can't detect any CVEs or shows false positive result, at first do the next steps: |
There was a problem hiding this comment.
Suggested change
| if Trivy can't detect any CVEs or shows false positive result, at first do the next steps: | |
| If Trivy can't detect any CVE-IDs or shows false positive result, at first please follow the next steps: |
knqyf263
approved these changes
Apr 12, 2022
liamg
pushed a commit
that referenced
this pull request
Jun 7, 2022
Co-authored-by: knqyf263 <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Added information about wrong detection issues to the docs.
Checklist