TABLE OF CONTENTS

Introduction

This article explains how the Trivy Premium scanner handles version detection for packages and executables, highlighting differences in the information it extracts. This distinction is important for understanding the scanning results and capabilities of Trivy Premium’s package and executable analyzers.


Applicability

This article applies to all supported versions of both Aqua SaaS Edition and Aqua Self-Hosted Edition.


Description

Packages

When scanning packages, Trivy Premium appends release information to the version and patch level. For example:

If the package version is 2.34 and the release information is 100.el9_4.3, Trivy Premium displays the version as
2.34-100.el9_4.3


This detailed versioning provides more accurate context for identifying vulnerabilities and relevant updates tied to specific OS or package releases.


Executables

In contrast, when scanning executables, Trivy Premium detects only the version and does not include release information. For example, an executable with version 2.34 will be shown simply as 2.34.


This is because Trivy Premium scans the executable’s context using regular expressions to extract version strings. However, the release version is typically not embedded within the executable’s context, making it unavailable for extraction.


Why the Difference?

The difference in behavior arises from the nature of Trivy Premium’s analyzers:

  • Package Analyzer: Extracts metadata that includes both version and release information.

  • Executable Analyzer: Relies on the context and version strings found in the binary itself. Since executables usually don’t contain structured release metadata, Trivy Premium can’t extract that information.

Given this limitation, retrieving release data from executables is not currently feasible.


Additional Resources

Refer to the product documentation for more information on scanning:
https://docs.aquasec.com/v2022.4/image-and-function-scanning/image-scanning/image-scanning-process/


image