0

I have the following problem:
I generate an SBOM CycloneDX (both manually and automatically) from .dll files and then use open-source tools (OST) to search for vulnerabilities.

The relevant CVEs are present in my vulnerability database (Newtonsoft.Json 10), but the scanners (in my case, Grype / Trivy) do not report any hits.

How can I get open source tools to automatically detect these existing vulnerabilities? What typical causes and debugging steps should I check?

Improve this question
Related questions
2
Generate SBOM using CycloneDX for repository containing multiple languages
314
DLL and LIB files - what and why?
0
How to identify the respective package location from CycloneDX SBOM
Load 4 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.