No Vulnerability Summary - empty SBOMs

[marilenakokkini06]

Description

• In some cases when running trivy with the fs or repo mode there is no summary for vulnerabilities
• The SBOM is generated but is empty

Desired Behavior

I would expect the output summary and the full SBOM

Actual Behavior

for the vulnerability scanning:

for the SBOM:

Reproduction Steps

1.trivy fs . (same beahaviour with repo)
2.trivy fs --format cyclonedx --output sbom_cyclonedx.json .

Target

Filesystem

Scanner

Vulnerability

Output Format

CycloneDX

Mode

None

Debug Output

seen in the screenshot above

Operating System

redhat

Version

Version: 0.58.0

Checklist

• Run trivy clean --all
• Read the troubleshooting

[knqyf263]

Did you make sure your requirements.txt has pinned versions?
https://trivy.dev/latest/docs/coverage/language/python/#pip