list-all-pkgs does not work for table format

[nicoabie]

Description

--list-all-pkgs=false works with --format=json but not with --format=table

Target

Container Image

Scanner

Vulnerability

[DmitriyLewen]

Hello @nicoabie,
Could you explain what you mean?

The --list-all-pkgs flag (now enabled by default) shows all detected packages, even if a package has no vulnerabilities.
This flag works only with the json format, because the report can become very large and unreadable in the table format.
Also, the vulnerability table is designed specifically to show vulnerabilities.

Regards, Dmitriy

[nicoabie]

Hi @DmitriyLewen

We run trivy on CI and sometimes locally.

It would be great for us on dev exp if there is a way to run trivy that only emits as report if there are vulnerabilities or not, instead of logging all the package it found whether or not there are vulnerabilities.

[DmitriyLewen]

I'm a bit confused — Trivy already behaves this way in the table format.

And for the json format you can disable this behavior by setting --list-all-pkgs=false.

[nicoabie]

we use aquasec/trivy image and the first table is enourmous

[DmitriyLewen]

I think I understand your problem.
The summary table shows files without vulnerabilities.

You can disable the summary table at https://trivy.dev/docs/latest/guide/configuration/reporting/#table-mode

[nicoabie]

I would like to do that but I don't see how to do it, I have tried a couple of things with no success.

Do you have a precise example?

[nicoabie]

--table-mode=detailed did the trick, which is very unintuitive but thanks a lot!!!