VEX statement for multiple subcomponents broken in v0.67.2 #9754

hteichmann-strato · 2025-11-05T15:15:17Z

hteichmann-strato
Nov 5, 2025

Description

Since (approximately) Trivy version 0.66.0, OpenVEX statements that target multiple subcomponents within a single product are no longer correctly suppressing all intended vulnerabilities.

Desired Behavior

The vulnerability CVE-2019-1010022 should be suppressed for both the libc-bin and libc6 components, resulting in a Total: 2 suppressed vulnerabilities, matching the behavior seen in versions <= 0.66.0.

Actual Behavior

Actual Output (Total: 1 suppressed): Shows suppression only for libc-bin.

Reproduction Steps

1.  **Create the OpenVEX document:**
File: `/tmp/vex/Debian13-openVEX-CVE-2019-1010022.json`
{
  "@context": "https://openvex.dev/ns/v0.2.0",
  "@id": "https://openvex.dev/docs/public/vex-2e67563e128250cbcb3e98930df948dd053e43271d70dc50cfa22d57e03fe96f",
  "author": "ACME Inc",
  "statements": [
    {
      "impact_statement": "Upstream treats this as a mitigation bypass in glibc (nptl/stack guard) rather than a standalone security flaw; without a distinct stack overflow condition, there is no independent exploitability. NVD assigns a Critical (9.8) score to this theoretical bypass. The product is not affected because mandatory system hardening, specifically ASLR and PIE, prevents the prerequisite stack overflow exploit. These built-in controls nullify the canary bypass mechanism. See also https://sourceware.org/bugzilla/show_bug.cgi?id=22850",
      "justification": "inline_mitigations_already_exist",
      "products": [
        {
          "@id": "pkg:oci/debian@sha256:a347fd7510ee31a84387619a492ad6c8eb0af2f2682b916ff3e643eb076f925a",
          "subcomponents": [
            {
              "@id": "pkg:deb/debian/[email protected]?arch=amd64&distro=debian-13.1"
            },
            {
              "@id": "pkg:deb/debian/[email protected]?arch=amd64&distro=debian-13.1"
            }
          ]
        }
      ],
      "status": "not_affected",
      "vulnerability": {
        "name": "CVE-2019-1010022"
      }
    }
  ],
  "timestamp": "2025-11-05T11:47:31Z",
  "version": 1
}

Run with version 0.66.0
$ docker run -v /tmp/vex:/tmp/vex:z aquasec/trivy:0.66.0 image --vex=/tmp/vex/Debian13-openVEX-CVE-2019-1010022.json debian:trixie-slim --show-suppressed

Shows suppression for both libc-bin and libc6

=====================================
┌──────────┬──────────────────┬──────────┬──────────────┬──────────────────────────────────┬─────────────────────────────────────────────────┐
│ Library  │  Vulnerability   │ Severity │    Status    │            Statement             │                     Source                      │
├──────────┼──────────────────┼──────────┼──────────────┼──────────────────────────────────┼─────────────────────────────────────────────────┤
│ libc-bin │ CVE-2019-1010022 │ LOW      │ not_affected │ inline_mitigations_already_exist │ /tmp/vex/Debian13-openVEX-CVE-2019-1010022.json │
├──────────┤                  │          │              │                                  │                                                 │
│ libc6    │                  │          │              │                                  │                                                 │
└──────────┴──────────────────┴──────────┴──────────────┴──────────────────────────────────┴─────────────────────────────────────────────────┘

Run with version 0.67.2
$ docker run -v /tmp/vex:/tmp/vex:z aquasec/trivy:0.67.2 image --vex=/tmp/vex/Debian13-openVEX-CVE-2019-1010022.json debian:trixie-slim --show-suppressed

Shows suppression only for libc-bin.

=====================================
┌──────────┬──────────────────┬──────────┬──────────────┬──────────────────────────────────┬─────────────────────────────────────────────────┐
│ Library  │  Vulnerability   │ Severity │    Status    │            Statement             │                     Source                      │
├──────────┼──────────────────┼──────────┼──────────────┼──────────────────────────────────┼─────────────────────────────────────────────────┤
│ libc-bin │ CVE-2019-1010022 │ LOW      │ not_affected │ inline_mitigations_already_exist │ /tmp/vex/Debian13-openVEX-CVE-2019-1010022.json │
└──────────┴──────────────────┴──────────┴──────────────┴──────────────────────────────────┴─────────────────────────────────────────────────┘



### Target

Container Image

### Scanner

Vulnerability

### Output Format

Table

### Mode

Standalone

### Debug Output

```bash
(tbh, I dont think its helpful here, the vex debug output is pretty limited)

2025-11-05T15:06:45Z	DEBUG	No plugins loaded
2025-11-05T15:06:45Z	DEBUG	Default config file "file_path=trivy.yaml" not found, using built in values
2025-11-05T15:06:45Z	DEBUG	Cache dir	dir="/root/.cache/trivy"
2025-11-05T15:06:45Z	DEBUG	Cache dir	dir="/root/.cache/trivy"
2025-11-05T15:06:45Z	DEBUG	Parsed severities	severities=[UNKNOWN LOW MEDIUM HIGH CRITICAL]
2025-11-05T15:06:45Z	DEBUG	Ignore statuses	statuses=[]
2025-11-05T15:06:45Z	DEBUG	[vulndb] There is no db file
2025-11-05T15:06:45Z	DEBUG	[vulndb] There is no valid metadata file	err.message="file open error" err.err="file open error: open /root/.cache/trivy/db/metadata.json: no such file or directory" err.time=2025-11-05T15:06:45.885560426Z err.trace="01K9A8WNQXA4WGP5T3EWHG5HKA" err.context.file_path="/root/.cache/trivy/db/metadata.json" err.stacktrace="Oops: file open error\n  --- at /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/metadata/metadata.go:43 Client.Get()\n  --- at /home/runner/work/trivy/trivy/pkg/db/db.go:105 Client.NeedsUpdate()\n  --- at /home/runner/work/trivy/trivy/pkg/commands/operation/operation.go:33 DownloadDB()\n  --- at /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:324 runner.initDB()\n  --- at /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:135 NewRunner()\n  --- at /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:413 run()\n  --- at /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:396 Run()\n  --- at /home/runner/work/trivy/trivy/pkg/commands/app.go:317 NewImageCommand.func2()\n  --- at /home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:1015 Command.execute()\n  --- at /home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:1148 Command.ExecuteC()"
2025-11-05T15:06:45Z	INFO	[vulndb] Need to update DB
2025-11-05T15:06:45Z	INFO	[vulndb] Downloading vulnerability DB...
2025-11-05T15:06:45Z	INFO	[vulndb] Downloading artifact...	repo="mirror.gcr.io/aquasec/trivy-db:2"
2025-11-05T15:06:46Z	DEBUG	Created process-specific temp directory	path="/tmp/trivy-1"
3.73 MiB / 74.24 MiB [--->___________________________________________________________] 5.03% ? p/s ?21.02 MiB / 74.24 MiB [----------------->___________________________________________] 28.31% ? p/s ?38.32 MiB / 74.24 MiB [------------------------------->_____________________________] 51.62% ? p/s ?53.98 MiB / 74.24 MiB [---------------------------------->_____________] 72.71% 83.63 MiB p/s ETA 0s74.17 MiB / 74.24 MiB [----------------------------------------------->] 99.91% 83.63 MiB p/s ETA 0s74.24 MiB / 74.24 MiB [---------------------------------------------->] 100.00% 83.63 MiB p/s ETA 0s74.24 MiB / 74.24 MiB [---------------------------------------------->] 100.00% 80.42 MiB p/s ETA 0s74.24 MiB / 74.24 MiB [---------------------------------------------->] 100.00% 80.42 MiB p/s ETA 0s74.24 MiB / 74.24 MiB [---------------------------------------------->] 100.00% 80.42 MiB p/s ETA 0s74.24 MiB / 74.24 MiB [---------------------------------------------->] 100.00% 75.23 MiB p/s ETA 0s74.24 MiB / 74.24 MiB [---------------------------------------------->] 100.00% 75.23 MiB p/s ETA 0s74.24 MiB / 74.24 MiB [-------------------------------------------------] 100.00% 34.70 MiB p/s 2.3s2025-11-05T15:06:48Z	INFO	[vulndb] Artifact successfully downloaded	repo="mirror.gcr.io/aquasec/trivy-db:2"
2025-11-05T15:06:48Z	DEBUG	Updating database metadata...
2025-11-05T15:06:48Z	DEBUG	DB info	schema=2 updated_at=2025-11-05T12:32:35.366916865Z next_update=2025-11-06T12:32:35.366916604Z downloaded_at=2025-11-05T15:06:48.736998611Z
2025-11-05T15:06:48Z	DEBUG	[pkg] Package types	types=[os library]
2025-11-05T15:06:48Z	DEBUG	[pkg] Package relationships	relationships=[unknown root workspace direct indirect]
2025-11-05T15:06:48Z	INFO	[vuln] Vulnerability scanning is enabled
2025-11-05T15:06:48Z	INFO	[secret] Secret scanning is enabled
2025-11-05T15:06:48Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-11-05T15:06:48Z	INFO	[secret] Please see https://trivy.dev/v0.67/docs/scanner/secret#recommendation for faster secret detection
2025-11-05T15:06:48Z	DEBUG	Initializing scan cache...	type="fs"
2025-11-05T15:06:48Z	DEBUG	[notification] Running version check
2025-11-05T15:06:48Z	DEBUG	[notification] Version check completed	latest_version="0.67.2"
2025-11-05T15:06:49Z	DEBUG	[image] Image found	image="debian:trixie-slim" source="remote"
2025-11-05T15:06:49Z	DEBUG	[secret] No secret config detected	config_path="trivy-secret.yaml"
2025-11-05T15:06:49Z	DEBUG	[secret] No secret config detected	config_path="trivy-secret.yaml"
2025-11-05T15:06:49Z	DEBUG	[image] Detected image ID	image_id="sha256:96b963b72bb1b4e1dee4dc437fbc67c236ab6c1918a6990a5f844eecad76e284"
2025-11-05T15:06:49Z	DEBUG	[image] Detected diff ID	diff_ids=[sha256:36d06fe0cbc654e5f67d58c960ed33e53127e4a3288d8ce6f6a60a9c311794d4]
2025-11-05T15:06:49Z	DEBUG	[image] Detected base layers	diff_ids=[]
2025-11-05T15:06:49Z	DEBUG	[image] Missing image ID in cache	image_id="sha256:96b963b72bb1b4e1dee4dc437fbc67c236ab6c1918a6990a5f844eecad76e284"
2025-11-05T15:06:49Z	DEBUG	[image] Missing diff ID in cache	diff_id="sha256:36d06fe0cbc654e5f67d58c960ed33e53127e4a3288d8ce6f6a60a9c311794d4"
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/alternatives/README"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/alternatives/README" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/apt/apt.conf.d/01autoremove"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/apt/apt.conf.d/01autoremove" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/alternatives/README" content_len=100 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/apt/apt.conf.d/docker-clean"
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/apt/apt.conf.d/70debconf"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/apt/apt.conf.d/docker-clean" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/apt/apt.conf.d/70debconf" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/apt/apt.conf.d/01autoremove" content_len=399 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/apt/apt.conf.d/70debconf" content_len=182 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/apt/apt.conf.d/docker-autoremove-suggests"
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/alternatives/README" content_len=100 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/apt/apt.conf.d/docker-autoremove-suggests" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/apt/apt.conf.d/70debconf" content_len=182 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/apt/apt.conf.d/docker-clean" content_len=1175 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/apt/apt.conf.d/01autoremove" content_len=399 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/apt/apt.conf.d/docker-autoremove-suggests" content_len=759 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/apt/apt.conf.d/docker-gzip-indexes"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/apt/apt.conf.d/docker-gzip-indexes" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/apt/apt.conf.d/docker-gzip-indexes" content_len=481 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/apt/apt.conf.d/docker-no-languages"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/apt/apt.conf.d/docker-no-languages" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/apt/apt.conf.d/docker-no-languages" content_len=269 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/apt/apt.conf.d/docker-autoremove-suggests" content_len=759 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/apt/sources.list.d/debian.sources"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/apt/sources.list.d/debian.sources" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/apt/apt.conf.d/docker-clean" content_len=1175 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/apt/apt.conf.d/docker-gzip-indexes" content_len=481 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/apt/apt.conf.d/docker-no-languages" content_len=269 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/apt/sources.list.d/debian.sources" content_len=437 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/apt/sources.list.d/debian.sources" content_len=437 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/apt/trusted.gpg.d/debian-archive-bookworm-automatic.asc"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/apt/trusted.gpg.d/debian-archive-bookworm-automatic.asc" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/apt/trusted.gpg.d/debian-archive-bookworm-automatic.asc" content_len=11861 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/apt/trusted.gpg.d/debian-archive-bookworm-security-automatic.asc"
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/apt/trusted.gpg.d/debian-archive-bookworm-stable.asc"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/apt/trusted.gpg.d/debian-archive-bookworm-security-automatic.asc" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/apt/trusted.gpg.d/debian-archive-bookworm-stable.asc" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/apt/trusted.gpg.d/debian-archive-bookworm-security-automatic.asc" content_len=11873 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/apt/trusted.gpg.d/debian-archive-bullseye-automatic.asc"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/apt/trusted.gpg.d/debian-archive-bullseye-automatic.asc" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/apt/trusted.gpg.d/debian-archive-bookworm-stable.asc" content_len=461 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/apt/trusted.gpg.d/debian-archive-bullseye-automatic.asc" content_len=11861 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/apt/trusted.gpg.d/debian-archive-bookworm-stable.asc" content_len=461 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/apt/trusted.gpg.d/debian-archive-bullseye-security-automatic.asc"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/apt/trusted.gpg.d/debian-archive-bullseye-security-automatic.asc" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/apt/trusted.gpg.d/debian-archive-bullseye-stable.asc"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/apt/trusted.gpg.d/debian-archive-bullseye-stable.asc" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/apt/trusted.gpg.d/debian-archive-bullseye-security-automatic.asc" content_len=11873 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/apt/trusted.gpg.d/debian-archive-bullseye-stable.asc" content_len=3403 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/apt/trusted.gpg.d/debian-archive-bullseye-stable.asc" content_len=3403 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/apt/trusted.gpg.d/debian-archive-bullseye-automatic.asc" content_len=4096 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/apt/trusted.gpg.d/debian-archive-trixie-automatic.asc"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/apt/trusted.gpg.d/debian-archive-trixie-automatic.asc" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/apt/trusted.gpg.d/debian-archive-trixie-automatic.asc" content_len=11861 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/apt/trusted.gpg.d/debian-archive-bookworm-automatic.asc" content_len=4096 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/apt/trusted.gpg.d/debian-archive-trixie-security-automatic.asc"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/apt/trusted.gpg.d/debian-archive-trixie-security-automatic.asc" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/apt/trusted.gpg.d/debian-archive-trixie-security-automatic.asc" content_len=11873 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/apt/trusted.gpg.d/debian-archive-bullseye-security-automatic.asc" content_len=4096 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/apt/trusted.gpg.d/debian-archive-trixie-stable.asc"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/apt/trusted.gpg.d/debian-archive-trixie-stable.asc" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/apt/trusted.gpg.d/debian-archive-trixie-stable.asc" content_len=1384 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/apt/trusted.gpg.d/debian-archive-trixie-stable.asc" content_len=1384 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/bash.bashrc"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/bash.bashrc" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/bash.bashrc" content_len=1997 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/apt/trusted.gpg.d/debian-archive-bookworm-security-automatic.asc" content_len=4096 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/bash.bashrc" content_len=1997 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/bindresvport.blacklist"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/bindresvport.blacklist" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/bindresvport.blacklist" content_len=367 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/bindresvport.blacklist" content_len=367 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/cron.daily/apt-compat"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/cron.daily/apt-compat" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/cron.daily/apt-compat" content_len=1478 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/cron.daily/dpkg"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/cron.daily/dpkg" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/cron.daily/dpkg" content_len=123 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/cron.daily/dpkg" content_len=123 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/cron.daily/apt-compat" content_len=1478 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/apt/trusted.gpg.d/debian-archive-trixie-automatic.asc" content_len=4096 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/debconf.conf"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/debconf.conf" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/debconf.conf" content_len=2967 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/apt/trusted.gpg.d/debian-archive-trixie-security-automatic.asc" content_len=4096 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/default/nss"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/default/nss" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/default/nss" content_len=1756 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/default/useradd"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/default/useradd" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/default/nss" content_len=1756 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/debconf.conf" content_len=2967 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/default/useradd" content_len=1117 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/default/useradd" content_len=1117 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/dpkg/dpkg.cfg"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/dpkg/dpkg.cfg" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/dpkg/dpkg.cfg" content_len=446 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/dpkg/dpkg.cfg" content_len=446 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/dpkg/dpkg.cfg.d/docker"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/dpkg/dpkg.cfg.d/docker" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/dpkg/dpkg.cfg.d/docker" content_len=3501 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/dpkg/dpkg.cfg.d/docker-apt-speedup"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/dpkg/dpkg.cfg.d/docker-apt-speedup" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/dpkg/origins/debian"
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/gai.conf"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/dpkg/origins/debian" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/fstab"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/gai.conf" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/fstab" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/dpkg/origins/debian" content_len=83 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/dpkg/dpkg.cfg.d/docker-apt-speedup" content_len=259 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/fstab" content_len=37 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/gai.conf" content_len=2584 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/dpkg/origins/debian" content_len=83 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/dpkg/dpkg.cfg.d/docker-apt-speedup" content_len=259 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/fstab" content_len=37 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/group"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/group" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/group" content_len=434 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/group-"
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/gshadow"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/group-" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/group" content_len=434 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/gshadow" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/gshadow" content_len=364 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/group-" content_len=434 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/hostname"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/hostname" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/hostname" content_len=14 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/gshadow" content_len=364 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/group-" content_len=434 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/hostname" content_len=14 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/issue"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/issue" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/issue" content_len=27 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/gai.conf" content_len=2584 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/issue.net"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/issue.net" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/dpkg/dpkg.cfg.d/docker" content_len=3501 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/ld.so.conf"
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/issue.net" content_len=20 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/ld.so.conf" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/ld.so.conf" content_len=34 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/issue" content_len=27 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/issue.net" content_len=20 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/ld.so.conf" content_len=34 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/ld.so.conf.d/libc.conf"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/ld.so.conf.d/libc.conf" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/ld.so.conf.d/libc.conf" content_len=44 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/ld.so.conf.d/x86_64-linux-gnu.conf"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/ld.so.conf.d/x86_64-linux-gnu.conf" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/ld.so.conf.d/x86_64-linux-gnu.conf" content_len=100 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/ld.so.conf.d/libc.conf" content_len=44 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/libaudit.conf"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/libaudit.conf" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/libaudit.conf" content_len=191 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/ld.so.conf.d/x86_64-linux-gnu.conf" content_len=100 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/login.defs"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/login.defs" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/libaudit.conf" content_len=191 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/login.defs" content_len=5939 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/logrotate.d/alternatives"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/logrotate.d/alternatives" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/logrotate.d/alternatives" content_len=120 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/logrotate.d/apt"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/logrotate.d/apt" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/logrotate.d/alternatives" content_len=120 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/logrotate.d/apt" content_len=173 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/logrotate.d/dpkg"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/logrotate.d/dpkg" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/logrotate.d/dpkg" content_len=112 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/logrotate.d/apt" content_len=173 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/motd"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/motd" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/logrotate.d/dpkg" content_len=112 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/motd" content_len=286 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/nsswitch.conf"
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/motd" content_len=286 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/nsswitch.conf" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/nsswitch.conf" content_len=494 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/pam.conf"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/pam.conf" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/pam.d/chfn"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/pam.d/chfn" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/pam.conf" content_len=552 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/pam.d/chfn" content_len=384 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/pam.d/chpasswd"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/pam.d/chpasswd" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/login.defs" content_len=4096 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/pam.d/chpasswd" content_len=92 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/nsswitch.conf" content_len=494 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/pam.d/chfn" content_len=384 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/pam.conf" content_len=552 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/pam.d/chpasswd" content_len=92 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/pam.d/chsh"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/pam.d/chsh" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/pam.d/chsh" content_len=581 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/pam.d/common-account"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/pam.d/common-account" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/pam.d/common-auth"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/pam.d/common-auth" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/pam.d/common-password"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/pam.d/common-password" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/pam.d/common-account" content_len=1208 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/pam.d/common-auth" content_len=1214 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/pam.d/common-password" content_len=1620 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/pam.d/chsh" content_len=581 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/pam.d/common-account" content_len=1208 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/pam.d/common-auth" content_len=1214 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/pam.d/common-session"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/pam.d/common-session" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/pam.d/common-session" content_len=1180 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/pam.d/common-session-noninteractive"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/pam.d/common-session-noninteractive" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/pam.d/login"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/pam.d/login" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/pam.d/common-session-noninteractive" content_len=1221 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/pam.d/login" content_len=3974 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/pam.d/newusers"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/pam.d/newusers" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/pam.d/newusers" content_len=92 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/pam.d/common-password" content_len=1620 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/pam.d/common-session" content_len=1180 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/pam.d/common-session-noninteractive" content_len=1221 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/pam.d/newusers" content_len=92 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/pam.d/other"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/pam.d/other" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/pam.d/other" content_len=520 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/pam.d/login" content_len=3974 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/pam.d/other" content_len=520 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/pam.d/runuser-l"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/pam.d/runuser-l" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/pam.d/passwd"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/pam.d/passwd" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/pam.d/runuser-l" content_len=138 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/pam.d/runuser"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/pam.d/runuser" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/pam.d/passwd" content_len=92 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/pam.d/runuser" content_len=143 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/pam.d/runuser-l" content_len=138 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/pam.d/su"
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/pam.d/passwd" content_len=92 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/pam.d/su" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/pam.d/su" content_len=2259 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/pam.d/runuser" content_len=143 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/passwd"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/passwd" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/passwd" content_len=839 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/pam.d/su-l"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/pam.d/su-l" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/pam.d/su-l" content_len=137 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/passwd-"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/passwd-" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/passwd-" content_len=839 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/passwd" content_len=839 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/pam.d/su" content_len=2259 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/pam.d/su-l" content_len=137 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/passwd-" content_len=839 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/profile"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/profile" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/profile" content_len=828 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/resolv.conf"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/resolv.conf" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/resolv.conf" content_len=104 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/security/access.conf"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/security/access.conf" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/security/faillock.conf"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/security/faillock.conf" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/security/access.conf" content_len=4671 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/security/faillock.conf" content_len=2234 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/resolv.conf" content_len=104 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/profile" content_len=828 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/security/group.conf"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/security/group.conf" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/security/group.conf" content_len=3635 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/security/namespace.conf"
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/security/limits.conf"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/security/limits.conf" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/security/namespace.conf" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/security/limits.conf" content_len=2752 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/security/namespace.conf" content_len=1637 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/security/faillock.conf" content_len=2234 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/security/namespace.conf" content_len=1637 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/security/access.conf" content_len=4096 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/security/group.conf" content_len=3635 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/security/limits.conf" content_len=2752 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/security/namespace.init"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/security/namespace.init" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/security/namespace.init" content_len=1971 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/security/pam_env.conf"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/security/pam_env.conf" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/security/pam_env.conf" content_len=2971 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/security/pwhistory.conf"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/security/pwhistory.conf" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/security/pwhistory.conf" content_len=512 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/security/namespace.init" content_len=1971 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/security/sepermit.conf"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/security/sepermit.conf" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/security/time.conf"
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/security/sepermit.conf" content_len=418 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/security/time.conf" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/security/pwhistory.conf" content_len=512 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/security/time.conf" content_len=2179 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/security/sepermit.conf" content_len=418 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/selinux/semanage.conf"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/selinux/semanage.conf" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/shadow"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/shadow" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/selinux/semanage.conf" content_len=2065 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/shadow" content_len=474 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/shells"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/shells" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/shells" content_len=118 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/security/time.conf" content_len=2179 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/shadow" content_len=474 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/shells" content_len=118 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/security/pam_env.conf" content_len=2971 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/selinux/semanage.conf" content_len=2065 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/skel/.bash_logout"
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/skel/.bashrc"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/skel/.bash_logout" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/skel/.bashrc" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/skel/.bash_logout" content_len=220 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/skel/.bashrc" content_len=3526 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/skel/.bash_logout" content_len=220 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/skel/.profile"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/skel/.profile" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/skel/.profile" content_len=807 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/skel/.profile" content_len=807 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/update-motd.d/10-uname"
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/terminfo/README"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/update-motd.d/10-uname" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/terminfo/README" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/update-motd.d/10-uname" content_len=23 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/terminfo/README" content_len=212 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/etc/xattr.conf"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/etc/xattr.conf" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/root/.bashrc"
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/xattr.conf" content_len=681 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/update-motd.d/10-uname" content_len=23 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/root/.bashrc" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/terminfo/README" content_len=212 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/root/.bashrc" content_len=607 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/root/.profile"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/root/.profile" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/xattr.conf" content_len=681 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/root/.bashrc" content_len=607 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/root/.profile" content_len=132 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/etc/skel/.bashrc" content_len=3526 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/root/.profile" content_len=132 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/usr/bin/bashbug"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/usr/bin/bashbug" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/usr/bin/bashbug" content_len=6944 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/usr/bin/bashbug" content_len=4096 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/usr/bin/deb-systemd-invoke"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/usr/bin/deb-systemd-invoke" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/usr/bin/deb-systemd-invoke" content_len=7135 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/usr/bin/debconf"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/usr/bin/debconf" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/usr/bin/debconf" content_len=2870 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/usr/bin/deb-systemd-helper"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/usr/bin/deb-systemd-helper" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/usr/bin/deb-systemd-helper" content_len=24358 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/usr/bin/debconf-apt-progress"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/usr/bin/debconf-apt-progress" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/usr/bin/debconf-apt-progress" content_len=11846 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/usr/bin/debconf" content_len=2870 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/usr/bin/debconf-communicate"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/usr/bin/debconf-communicate" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/usr/bin/debconf-communicate" content_len=623 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/usr/bin/debconf-communicate" content_len=623 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/usr/bin/debconf-copydb"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/usr/bin/debconf-copydb" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/usr/bin/debconf-copydb" content_len=1718 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/usr/bin/debconf-escape"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/usr/bin/debconf-escape" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/usr/bin/debconf-escape" content_len=668 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/usr/bin/debconf-apt-progress" content_len=4096 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/usr/bin/debconf-escape" content_len=668 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/usr/bin/debconf-copydb" content_len=1718 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/usr/bin/debconf-set-selections"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/usr/bin/debconf-set-selections" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/usr/bin/debconf-set-selections" content_len=3216 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/usr/bin/debconf-show"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/usr/bin/debconf-show" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/usr/bin/debconf-show" content_len=1825 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/usr/bin/debconf-show" content_len=1825 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/usr/bin/debconf-set-selections" content_len=3216 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/usr/bin/deb-systemd-invoke" content_len=4096 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/usr/bin/deb-systemd-helper" content_len=4096 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/usr/bin/dpkg-maintscript-helper"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/usr/bin/dpkg-maintscript-helper" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/usr/bin/dpkg-maintscript-helper" content_len=21124 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/usr/bin/dpkg-maintscript-helper" content_len=4096 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/usr/bin/egrep"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/usr/bin/egrep" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/usr/bin/egrep" content_len=41 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/usr/bin/egrep" content_len=41 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] Using streaming scanner	file_path="/usr/bin/fgrep"
2025-11-05T15:06:50Z	DEBUG	[secret] scanStream called	file_path="/usr/bin/fgrep" buffer_size=65536 overlap_size=4096
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/usr/bin/fgrep" content_len=41 num_rules=87
2025-11-05T15:06:50Z	DEBUG	[secret] scanChunk called	file_path="/usr/bin/fgrep" content_len=41 num_rules=87
[...]

Operating System

Fedora 42

Version

Version: 0.67.2

Checklist

Run trivy clean --all
Read the troubleshooting

DmitriyLewen · 2025-11-06T12:26:14Z

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

VEX statement for multiple subcomponents broken in v0.67.2 #9754

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Replies: 1 comment

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

VEX statement for multiple subcomponents broken in v0.67.2 #9754

Uh oh!

Uh oh!

hteichmann-strato Nov 5, 2025

Description

Desired Behavior

Actual Behavior

Reproduction Steps

Operating System

Version

Checklist

Replies: 1 comment

Uh oh!

DmitriyLewen Nov 6, 2025 Maintainer

hteichmann-strato
Nov 5, 2025

DmitriyLewen
Nov 6, 2025
Maintainer