PyJWT has sample in METADATA #8199
atombrella
started this conversation in
False Detection
Replies: 1 comment
-
|
It's a correct behavior for Trivy to detect a valid JWT. As you said, you can suppress the finding on your end. What do you suggest? |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
IDs
Secret detection
Description
https://pypi.org/project/PyJWT/
Trivy finds a secret in the METADATA. I think that's a false positive that should be excluded.
But perhaps this report should go to https://github.com/owenrumney/squealer ?
I can silence the warning of course, but we are using https://learn.microsoft.com/en-us/azure/aks/image-cleaner which uses Trivy.
Reproduction Steps
https://dev.to/sukkergris/install-azure-cli-in-an-alpine-container-4b2e You can use the Dockerfile in this blog post to test.Target
Container Image
Scanner
Vulnerability
Target OS
No response
Debug Output
Version
Checklist
-f jsonthat shows data sources and confirmed that the security advisory in data sources was correctBeta Was this translation helpful? Give feedback.
All reactions