Bug 59516

Summary: Пишет "This OS version is not on the EOL list"
Product: Sisyphus Reporter: Maxim Slipenko <maxim>
Component: trivyAssignee: Alexey Shabalin <shaba>
Status: NEW --- QA Contact: qa-sisyphus
Severity: normal    
Priority: P5 CC: shaba
Version: unstable   
Hardware: x86_64   
OS: Linux   

Description Maxim Slipenko 2026-06-11 18:39:35 MSK 
При вызове trivy image --scanners vuln registry.altlinux.org/p10/alt:latest пишет "This OS version is not on the EOL list".

Хотя информация судя по исходному коду (https://altlinux.space/trivy/trivy/src/commit/3ddaf56050471955feaa1e60079bc756ad0d0903/pkg/detector/ospkg/alt/alt.go#L26-L35) должна быть.
Похоже, что надо сделать:
```
func (s *Scanner) IsSupportedVersion(ctx context.Context, osFamily ftypes.OSType, osVer string) bool {
	return osver.Supported(ctx, eolDates, osFamily, fromCPE(osVer))
}
```


$ trivy version
Version: 0.70.0
Vulnerability DB:
  Version: 2
  UpdatedAt: 2026-06-11 12:03:21.492332916 +0000 UTC
  NextUpdate: 2026-06-11 18:03:21.492332163 +0000 UTC
  DownloadedAt: 2026-06-11 14:56:05.244949352 +0000 UTC

$ trivy image --scanners vuln registry.altlinux.org/p10/alt:latest --debug
2026-06-11T18:30:41+03:00	DEBUG	No plugins loaded
2026-06-11T18:30:41+03:00	DEBUG	Default config file "file_path=trivy.yaml" not found, using built in values
2026-06-11T18:30:41+03:00	DEBUG	Cache dir	dir="/home/maxim/.cache/trivy"
2026-06-11T18:30:41+03:00	DEBUG	Cache dir	dir="/home/maxim/.cache/trivy"
2026-06-11T18:30:41+03:00	DEBUG	Parsed severities	severities=[UNKNOWN LOW MEDIUM HIGH CRITICAL]
2026-06-11T18:30:41+03:00	DEBUG	Ignore statuses	statuses=[]
2026-06-11T18:30:41+03:00	DEBUG	DB update was skipped because the local DB is the latest
2026-06-11T18:30:41+03:00	DEBUG	DB info	schema=2 updated_at=2026-06-11T12:03:21.492332916Z next_update=2026-06-11T18:03:21.492332163Z downloaded_at=2026-06-11T14:56:05.244949352Z
2026-06-11T18:30:41+03:00	DEBUG	[pkg] Package types	types=[os library]
2026-06-11T18:30:41+03:00	DEBUG	[pkg] Package relationships	relationships=[unknown root workspace direct indirect]
2026-06-11T18:30:41+03:00	INFO	[vuln] Vulnerability scanning is enabled
2026-06-11T18:30:41+03:00	DEBUG	Initializing scan cache...	type="fs"
2026-06-11T18:30:41+03:00	DEBUG	[notification] Running version check
2026-06-11T18:30:42+03:00	DEBUG	[image] Image found	image="registry.altlinux.org/p10/alt:latest" source="remote"
2026-06-11T18:30:42+03:00	DEBUG	Created process-specific temp directory	path="/tmp/.private/maxim/trivy-65530"
2026-06-11T18:30:42+03:00	DEBUG	[image] Detected image ID	image_id="sha256:7387f2d5f20f88d97c4e0b44d22916cee7434f251fe527c25a78bff7c9ce9f66"
2026-06-11T18:30:42+03:00	DEBUG	[image] Detected diff ID	diff_ids=[sha256:d5283aff84e0f6923d97a9cb96b9cd1a79f94062d7b44008b3448e1804bab0a7 sha256:fd8b7823c01c2d68d358033e0fab4d7e986b29a21382fc73a8cdfef0644c5ddc]
2026-06-11T18:30:42+03:00	DEBUG	[image] Detected base layers	diff_ids=[]
2026-06-11T18:30:42+03:00	INFO	Detected OS	family="alt" version="cpe:/o:alt:container:10"
2026-06-11T18:30:42+03:00	WARN	This OS version is not on the EOL list	family="alt" version="cpe:/o:alt:container:10"
2026-06-11T18:30:42+03:00	DEBUG	[alt] Skipping third-party packages	packages=[alt-gpgkeys alt-os-release altlinux-repos apt apt-conf-branch apt-https basesystem bash bash4 bashrc branding-alt-container-notes branding-alt-container-release bzip2 bzlib chkconfig chrooted chrooted-resolv common-licenses control coreutils cpio diffutils etcskel fakeroot file filesystem findutils gawk getopt glibc-core glibc-nss glibc-preinstall glibc-pthread glibc-utils gnupg grep gzip iproute2 iputils libacl libapt libatm libattr libaudit1 libblkid libcap libcap-ng libcap-utils libcrypt libdb4.7 libelf libffi7 libgcc1 libgcrypt20 libgmp10 libgnutls30 libgpg-error libgpm libhogweed6 libidn2 libiptables liblua5.3 liblzma libmagic libmnl libmount libncursesw libnetlink libnettle8 libp11-kit libpam0 libpasswdqc libpcre3 libpopt libprocps libreadline7 librpm7 libseccomp libselinux libsha1detectcoll1 libshell libsmartcols libstdc++6 libtasn1 libtcb libtic libtinfo libudev1 libunistring2 libuuid libzstd nss_tcb pam pam-config pam-config-control pam0_mktemp pam0_passwdqc pam0_tcb pam0_userpass passwdqc-control perl-base perl-parent procps psmisc rootfiles rpm sed service setarch setproctitle setup sh sh4 shadow-convert shadow-utils sysvinit-utils tar tcb-utils terminfo termutils usrmerge usrmerge-hier-convert usrmerge-ready util-linux util-linux-control vim-minimal vitmp xz zlib zstd]
2026-06-11T18:30:42+03:00	INFO	[alt] Detecting ALT vulnerabilities...
2026-06-11T18:30:42+03:00	DEBUG	[alt] ALT: os version: 	cpe="p10"
2026-06-11T18:30:42+03:00	DEBUG	[alt] ALT: the number of packages: 	pkg_num=0
0 [________________________________________________________________________________________________________________________________________________________________] ?% ? p/s
2026-06-11T18:30:42+03:00	INFO	Number of language-specific files	num=0
2026-06-11T18:30:42+03:00	DEBUG	Specified ignore file does not exist	file=".trivyignore"
2026-06-11T18:30:42+03:00	DEBUG	[vex] VEX filtering is disabled

Report Summary

┌────────────────────────────────────────────────────────────────────┬──────┬─────────────────┐
│                               Target                               │ Type │ Vulnerabilities │
├────────────────────────────────────────────────────────────────────┼──────┼─────────────────┤
│ registry.altlinux.org/p10/alt:latest (alt cpe:/o:alt:container:10) │ alt  │        0        │
└────────────────────────────────────────────────────────────────────┴──────┴─────────────────┘
Legend:
- '-': Not scanned
- '0': Clean (no security findings detected)

2026-06-11T18:30:42+03:00	DEBUG	Cleaning up temp directory	path="/tmp/.private/maxim/trivy-65530"