EN VI

Azure - Microsoft Defender for Containers - Number of container vulnerabilities differs heavily between trivy and Microsoft Defender Vulnerability Management?

2024-03-15 19:30:08
How to Azure - Microsoft Defender for Containers - Number of container vulnerabilities differs heavily between trivy and Microsoft Defender Vulnerability Management

I am currently working on a POC for checking vulnerabilities in existing container images stored in azure container registries (Microsoft Defender for Cloud enabled). While the integrated azure "Microsoft Defender Vulnerability Management"-solution finds only 41, trivy identifies 224 vulnerabilities for the exact same image. For basically every image in my ACR, there is a huge difference in findings between both scan solutions. There a some overlaps in terms of CVEs found with the same severity, but it seems like, that trivy is just scanning much more CVEs and has more databases available.

I couldn't find out, if both scans are using different CVE-database sources. Does anybody know or has resources to dive a little bit deeper?

Solution:

Trivy and Microsoft Defender Vulnerability Management use different vulnerability databases and scanning methods, which can result in different numbers of identified vulnerabilities for the same image.

Trivy is an open-source scanner that uses multiple vulnerability databases, including the National Vulnerability Database (NVD) and Red Hat's vulnerability database. On the other hand, Microsoft Defender Vulnerability Management uses its own vulnerability database and scanning methods. It is possible that Trivy is identifying more vulnerabilities because it has access to a larger number of vulnerability databases. However, it is also important to note that different scanners may have different definitions of what constitutes a vulnerability, which can also contribute to differences in identified vulnerabilities.

For example, Trivy maintains a vulnerability database that is updated every six hours enter image description here and includes information from a variety of sources. On the other hand, Microsoft Defender Vulnerability Management is designed to integrate tightly with Azure services and may use a different set of criteria for scanning and identifying vulnerabilities.

References:

Tags
azure
security
containers
trivy
azure-defender
Pinned Posts
Top 5 Best High CPM Ads Networks For Publishers In 2023
Tags: ads Publishers Ads Networks
2022-05-24 10:11:32
HawkHost Coupon 2023 – Hawk Hosting Discount Code Up to 40% Lifetime Update Every Day
Tags: Server host cloud
2022-04-15 16:23:09
Author
Avatar
Best Solution
Bot Lv 9
Join Date: 2022-04-13
Keyword
Microsoft Defender for Containers - Number of container vulnerabilities differs heavily between trivy and Microsoft Defender Vulnerability Management, azure, security, containers, trivy, azure-defender
Answer

Login

Forgot Your Password?

Create Account

Lost your password? Please enter your email address. You will receive a link to create a new password.

Reset Password

Back to login