SBOM image scan missing PkgIds

[mklenbw]

Description

When scanning an image with Python packages, some packages are not getting a PkgId set in the SBOM. That's not a problem by itself but the SBOM vulnerability scanner doesn't seem to respect those. None of the Packages without PkgId is getting CVEs attached.

Desired Behavior

All packages get an PkgId and get scanned by the SBOM vulnerability scanner.

Actual Behavior

Some packages are not getting a PkgId in the SBOM and are not scanned.

Reproduction Steps

1. Build an image with python components
2. Run the image scanner to create an SBOM
3. Use the SBOM scanner to scan for vulnerabilities

Target

Container Image

Scanner

Vulnerability

Output Format

JSON

Mode

Standalone

Debug Output

2025-09-15T08:40:09+02:00       DEBUG   No plugins loaded
2025-09-15T08:40:09+02:00       DEBUG   Default config file "file_path=trivy.yaml" not found, using built in values
2025-09-15T08:40:09+02:00       DEBUG   Cache dir       dir="/home/mkl/.cache/trivy"
2025-09-15T08:40:09+02:00       DEBUG   Cache dir       dir="/home/mkl/.cache/trivy"
2025-09-15T08:40:09+02:00       DEBUG   Parsed severities       severities=[UNKNOWN LOW MEDIUM HIGH CRITICAL]
2025-09-15T08:40:09+02:00       DEBUG   Ignore statuses statuses=[]
2025-09-15T08:40:09+02:00       INFO    "--format spdx-json" disables security scanning. Specify "--scanners vuln" explicitly if you want to include vulnerabilities in the "spdx-json" report.
2025-09-15T08:40:09+02:00       DEBUG   [pkg] Package types     types=[os library]
2025-09-15T08:40:09+02:00       DEBUG   [pkg] Package relationships     relationships=[unknown root workspace direct indirect]
2025-09-15T08:40:09+02:00       DEBUG   Initializing scan cache...      type="fs"
2025-09-15T08:40:09+02:00       DEBUG   [notification] Running version check
2025-09-15T08:40:09+02:00       DEBUG   [notification] Version check completed  latest_version="0.66.0"
2025-09-15T08:40:09+02:00       DEBUG   Created process-specific temp directory path="/tmp/trivy-1959"
2025-09-15T08:40:09+02:00       DEBUG   [image] Image found     image="docker-scan-test" source="docker"
2025-09-15T08:40:09+02:00       DEBUG   [image] Detected image ID       image_id="sha256:35bd6dcdce3c1b946a465d7d3e5d4cdc2f1ecb15dc3ddc335d65a6ff7c1cef6d"
2025-09-15T08:40:09+02:00       DEBUG   [image] Detected diff ID        diff_ids=[sha256:36f5f951f60a9fa1d51878e76fc16ba7b752f4d464a21b758a8ac88f0992c488 sha256:db50b384e7f6bcbbc21381a55314e750bb84698433d9a639ab7b95e45f2e311f sha256:2f1f04e0e5ee6275544a1a9afbe73278dc236d5815f10cd84f7bac0514504bf2 sha256:0f257b00cec96f8914841d5f10af74587190cebd6ddfff6cedbc9813dcc2539b sha256:b274c075b3ac56aef1f3df39ecf2bb9f279b6731bf04e0f2fa9228fef7695c7d sha256:80feda18191c7a0e99fed26da3a3bbad853d0ec19a36e1041670227fe551b351 sha256:3783d912afdf9c83255e0aaddc2ce97c949c19812b4c9837389ed07c9149ad16 sha256:5cc783032768f4eead99d2e576312bb11c7a435a26e4aed4a384d5cb3e13cc71]
2025-09-15T08:40:09+02:00       DEBUG   [image] Detected base layers    diff_ids=[sha256:36f5f951f60a9fa1d51878e76fc16ba7b752f4d464a21b758a8ac88f0992c488 sha256:db50b384e7f6bcbbc21381a55314e750bb84698433d9a639ab7b95e45f2e311f sha256:2f1f04e0e5ee6275544a1a9afbe73278dc236d5815f10cd84f7bac0514504bf2 sha256:0f257b00cec96f8914841d5f10af74587190cebd6ddfff6cedbc9813dcc2539b sha256:b274c075b3ac56aef1f3df39ecf2bb9f279b6731bf04e0f2fa9228fef7695c7d sha256:80feda18191c7a0e99fed26da3a3bbad853d0ec19a36e1041670227fe551b351 sha256:3783d912afdf9c83255e0aaddc2ce97c949c19812b4c9837389ed07c9149ad16]
2025-09-15T08:40:09+02:00       INFO    Detected OS     family="debian" version="12.12"
2025-09-15T08:40:09+02:00       INFO    Number of language-specific files       num=1
2025-09-15T08:40:09+02:00       DEBUG   Specified ignore file does not exist    file=".trivyignore"
2025-09-15T08:40:09+02:00       DEBUG   [vex] VEX filtering is disabled
2025-09-15T08:40:09+02:00       DEBUG   Cleaning up temp directory      path="/tmp/trivy-1959"

Operating System

Ubuntu

Version

Version: 0.66.0
Vulnerability DB:
  Version: 2
  UpdatedAt: 2025-09-15 00:30:03.628786182 +0000 UTC
  NextUpdate: 2025-09-16 00:30:03.628785932 +0000 UTC
  DownloadedAt: 2025-09-15 06:31:56.118088389 +0000 UTC

Checklist

• Run trivy clean --all
• Read the troubleshooting

[DmitriyLewen]

Hello @mklenbw
Thanks for your report!

I couldn't reproduce your case:

➜ trivy -q image python:9476-test --pkg-types library --table-mode detailed

Python (python-pkg)

Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0)

┌──────────────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐
│     Library      │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version │                           Title                            │
├──────────────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤
│ wheel (METADATA) │ CVE-2022-40898 │ HIGH     │ fixed  │ 0.38.0            │ 0.38.1        │ python-wheel: remote attackers can cause denial of service │
│                  │                │          │        │                   │               │ via attacker controlled input...                           │
│                  │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2022-40898                 │
└──────────────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘
➜ trivy -q image python:9476-test --pkg-types library -f cyclonedx -o report.cdx.json
➜ jq '.components[] | select(."bom-ref"=="pkg:pypi/[email protected]") | .properties' report.cdx.json
[
  {
    "name": "aquasecurity:trivy:FilePath",
    "value": "usr/local/lib/python3.13/site-packages/wheel-0.38.0.dist-info/METADATA"
  },
  {
    "name": "aquasecurity:trivy:LayerDiffID",
    "value": "sha256:8142f41252ba2178e2ad5b5c2ca4d1b1217bcf0cc24cf9f3d64265dd60a1205d"
  },
  {
    "name": "aquasecurity:trivy:PkgType",
    "value": "python-pkg"
  }
]
➜ trivy -q sbom report.cdx.json --table-mode detailed

Python (python-pkg)

Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0)

┌──────────────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐
│     Library      │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version │                           Title                            │
├──────────────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤
│ wheel (METADATA) │ CVE-2022-40898 │ HIGH     │ fixed  │ 0.38.0            │ 0.38.1        │ python-wheel: remote attackers can cause denial of service │
│                  │                │          │        │                   │               │ via attacker controlled input...                           │
│                  │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2022-40898                 │
└──────────────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘

Can you share small test image with this problem?

Regards, Dmitriy

[mklenbw]

I tested it with a simple image and it seems to be limited to disputed CVEs. Is there a way to add these too?

As of the PkgId i can confirm that libraries with missing PkgIDs are included in the vulnerabilities record.

I picked some libraries with disputed CVEs.

FROM python:3.12-slim-bookworm
RUN pip install "joblib==1.5.2" "urllib3==1.26.20" "PyJWT==2.10.1" "SQLAlchemy==2.0.43"

[DmitriyLewen]

Trivy works as expected:

➜ trivy -q image --table-mode detailed --scanners vuln --pkg-types library python:9476-test2

Python (python-pkg)

Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0)

┌────────────────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐
│      Library       │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version │                            Title                             │
├────────────────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ urllib3 (METADATA) │ CVE-2025-50181 │ MEDIUM   │ fixed  │ 1.26.20           │ 2.5.0         │ urllib3: urllib3 redirects are not disabled when retries are │
│                    │                │          │        │                   │               │ disabled on PoolManager...                                   │
│                    │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2025-50181                   │
└────────────────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘
➜ trivy -q image --pkg-types library python:9476-test2 -f cyclonedx -o report.cdx.json           
➜ trivy -q sbom --table-mode detailed --scanners vuln --pkg-types library ./report.cdx.json

Python (python-pkg)

Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0)

┌────────────────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐
│      Library       │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version │                            Title                             │
├────────────────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ urllib3 (METADATA) │ CVE-2025-50181 │ MEDIUM   │ fixed  │ 1.26.20           │ 2.5.0         │ urllib3: urllib3 redirects are not disabled when retries are │
│                    │                │          │        │                   │               │ disabled on PoolManager...                                   │
│                    │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2025-50181                   │
└────────────────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘

to disputed CVEs. Is there a way to add these too?

Can you write more about this?

[mklenbw]

sure.
joblib has https://nvd.nist.gov/vuln/detail/CVE-2024-34997 -> disputed.
pyjwt has https://nvd.nist.gov/vuln/detail/CVE-2025-45768 -> disputed.
sqlalchemy has https://nvd.nist.gov/vuln/detail/CVE-2021-0025 -> rejected.
urllib3 has https://nvd.nist.gov/vuln/detail/CVE-2025-50181 -> analysis.

the only one found is urllib3.

[DmitriyLewen]

Trivy uses the GitHub advisory database for Python advisories — https://trivy.dev/latest/docs/scanner/vulnerability/#langpkg-data-source.

For example, the advisory GHSA-rf65-fc2p-2gjv is still unreviewed.