Introduction

At Aqua Security, we’re dedicated to the continuous advancement of our cybersecurity tools, ensuring that you stay a step ahead of potential threats. Our latest update focuses on fine-tuning Trivy Premium's scanning capabilities, specifically for images based on SUSE Linux.



The Need for Enhanced Scanning

Security data for SUSE Linux has traditionally been sourced primarily from the National Vulnerability Database (NVD). While this has been effective, there's always room for precision improvement. With 2022.4 Update 28 (2024 Apr 05) 2022.4.517, we're excited to announce that Trivy Premium will now integrate SUSE Security Advisories, offering a more accurate reflection of potential vulnerabilities in your system.



Before vs. After Update 28: Understanding the Changes

With the latest Update 28 of 2022.4 for Aqua's Trivy Premium scanner, the way severity ratings are displayed has evolved for SUSE Linux-based images. 



Note: Following the latest update, our system now automatically leverages SUSE Security Advisories as the default reference for vulnerability assessments.



This enhancement is evident in the vulnerability column of the UI, where we will display SUSE Security Advisory IDs instead of CVE IDs. Users should be aware that this change could lead to notable differences in the severity of vulnerabilities within their SUSE Linux environment. For example, a vulnerability previously categorized as having 'Low' severity based on NVD's data might now be reclassified as 'High' severity when based on SUSE's advisories.


Despite this default integration of SUSE data, the "Use NVD as the preferred rating method" scanning setting retains its significance. This option allows users to choose which severity ratings they prefer to see — those provided by the global perspective of NVD or the specific insights from SUSE advisories.



Before Update 28: When scanning SUSE Linux-based images, security vulnerabilities were rated using data primarily sourced from the National Vulnerability Database (NVD), which potentially lacked specific insights from the vendor's advisory.





After Update 28 with SUSE Advisory Preference: When the "Use NVD as the preferred rating method" scanning setting is disabled, the severity rating reflects SUSE's advisory directly, which could differ significantly from NVD's assessment. For example, CVE-2023-28322, previously marked as Low, may now be indicated as High severity. 





After Update 28 with NVD Rating Preference: With the "Use NVD as the preferred rating method" scanning setting enabled, you'll continue to see the NVD’s broader severity ratings. For CVE-2023-28322, this means it will still appear as Low severity, despite the default inclusion of SUSE advisories.





This adjustable setting ensures that you can configure the severity ratings according to the preferred data source, offering flexibility to align with either the global perspective of NVD or the more targeted advisories from SUSE. Understanding the distinction between these settings will help you interpret the scan results more effectively, ensuring that your security assessments are in line with your organizational requirements.


These improvements represent Aqua’s dedication to leveraging the most relevant security data sources, ensuring that our customers receive the most accurate vulnerability assessments for their systems.



Release Notes Highlights

  • The Aqua Trivy Premium scanner now supports connectivity with Offline CyberCenter databases.

  • Enhanced scan results for SUSE Linux-based OS images now include both severity and score data from SUSE Linux vendor feeds, displaying Security Advisory IDs for all related packages.

  • The update applies exclusively to SUSE Linux-based images and may lead to minor discrepancies in scan results and compliance assessments.



Conclusion

This update signifies Aqua's commitment to providing accurate, vendor-specific security data, allowing for better-informed decisions and actions when it comes to vulnerability management. For users of SUSE Linux-based images, these changes represent a stride toward more accurate security assessments and improved compliance processes.


Stay informed about how to manage these updates within your environment by visiting our official documentation.



Additional Resources

For detailed insights into Trivy Premium and to stay informed about the capabilities introduced in the latest update, please visit the following resources:


image