Current Behavior

Good afternoon. We use the ALT Linux distribution, which is not officially supported by Trivy. The distribution vendor independently enriches the Trivy databases with information about its packages and publishes them in its own Docker registry. When using these databases, we obtain a complete vulnerability report for images based on ALT Linux. I deployed a Trivy server that uses the customized vulnerability databases and configured it in the Dependency-Track analyzer settings, but no vulnerabilities are found when analyzing an SBOM.

Custom trivy-DB - docker pull registry.altlinux.org/alt/trivy-db:latest

report.html

Proposed Behavior

When custom databases are specified, Dependency-Track detects all vulnerabilities in the ALT Linux image.

Checklist

• I have read and understand the contributing guidelines
• I have checked the existing issues for whether this enhancement was already requested