elastic / cloudbeat / 21407970165
76%
main: 76%

LAST BUILD BRANCH: renovate/main-github.com-hashicorp-nomad-api-digest
DEFAULT BRANCH: main
Ran
Jobs 1
Files 229
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 76.241% (+0.08%) from 76.164%
21407970165

push

github

web-flow 
[9.2](backport #3885) CNVM Severity UNKNOWN Fix (#3891)

### Summary of your changes
Following an SDH:
- https://github.com/elastic/sdh-beats/issues/6815

Investigated the root cause and suspected this PR:
- https://github.com/aquasecurity/trivy/pull/8269

As mentioned in comment:
-
https://github.com/elastic/sdh-beats/issues/6815#issuecomment-3751878496

Suspected the Trivy upgrade.
Introduced code to resolve this problem.

You can see two examples prior and after code changes of scanning an EBS
volume:
```
🐚 Evgbs-MBP:cloudbeat evgb$ cd /Users/evgb/Documents/GitHub/cloudbeat && go build -o ebs-vuln-scanner-old ./cmd/ebs-vuln-scanner/ && ./ebs-vuln-scanner-old --snapshot snap-ID --region us-east-2 --profile csp --verbose
Starting vulnerability scan for EBS snapshot: snap-ID in region: us-east-2
Scanning EBS snapshot (this may take several minutes)...

=== EBS Snapshot Vulnerability Scan Results ===
Snapshot:  snap-ID
Region:    us-east-2
Scan Time: 2026-01-22T14:27:28-06:00
Duration:  19m16.221003125s

Vulnerability Summary:
  CRITICAL: 0
  HIGH:     0
  MEDIUM:   0
  LOW:      0
  UNKNOWN:  44
  ─────────────
  TOTAL:    44
🐚 Evgbs-MBP:cloudbeat evgb$ cd /Users/evgb/Documents/GitHub/cloudbeat && go build -o ebs-vuln-scanner ./cmd/ebs-vuln-scanner/ && ./ebs-vuln-scanner --snapshot snap-ID --region us-east-2 --profile csp --verbose
Starting vulnerability scan for EBS snapshot: snap-ID in region: us-east-2
Scanning EBS snapshot (this may take several minutes)...

=== EBS Snapshot Vulnerability Scan Results ===
Snapshot:  snap-ID
Region:    us-east-2
Scan Time: 2026-01-22T14:52:53-06:00
Duration:  1.080233708s

Vulnerability Summary:
  CRITICAL: 0
  HIGH:     16
  MEDIUM:   24
  LOW:      4
  UNKNOWN:  0
  ─────────────
  TOTAL:    44
```

As you can see prior to changes we get UNKNOWN and after we get the
correct severities.

### Screenshot/Data



### Related Issues
- Fixes: https://github.com/elastic/kibana/issues/226881
- Fixes: https://github.com/e... (continued)

3 of 3 new or added lines in 1 file covered. (100.0%)

2 existing lines in 1 file now uncovered.

9611 of 12606 relevant lines covered (76.24%)

16.73 hits per line

Uncovered Existing Lines

Lines Coverage File
2
83.06
 0.0% internal/resources/providers/gcplib/inventory/provider.go
Jobs
ID Job ID Ran Files Coverage
1 21407970165.1 229
76.24
 GitHub Action Run
Source Files on build 21407970165