Monday, January 6, 2025

Setup AquaSec Trivy for Vulnerablity scanning | How to Set Up Trivy Scanner in Jenkins | How to scan Docker image using Trivy


What is Trivy?

  • open-source security scanner tool developed by Aqua Security. 
  • Used for vulnerability scanning in such as 
    • container images 
    • file systems/folders 
    • Git repositories
    • Kubernetes clusters
  • Trivy helps identify security issues and misconfigurations early in the software development lifecycle.
How to scan a docker image using Trivy by integrating in Jenkins CICD pipeline

Pre-requisites:
  • Jenkins up and running
  • Docker install in Jenkins
Install Trivy scanner

Trivy scanner can be installed so many ways. Check here for more information. But we will using APT package manager to install on Ubuntu.

sudo apt-get install wget gnupg -y
wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | gpg --dearmor | sudo tee /usr/share/keyrings/trivy.gpg > /dev/null 
echo "deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb generic main" | sudo tee -a /etc/apt/sources.list.d/trivy.list 
sudo apt-get update 
sudo apt-get install trivy -y


trivy --version

This confirm that Trivy got installed successfully.

Perform some scan locally:

trivy image nginx

Jenkins Pipeline for scanning docker images:



- No comments:

Friday, January 3, 2025

Complete Roadmap for 2025 to become a DevSecOps Engineer | Top DevSecOps Skills for 2025 | Skills required to become a DevSecOps engineer |

 Complete Roadmap to become a successful DevOps Engineer



We all know how DevOps is trending right now. And we know where it is going. Let's get to know what skills will make you a successful a DevOps engineer.

Top DevOps skills

1. Linux knowledge and scripting - basic troubleshooting, intermediate scripting, looking at the logs

2. Experience in Git, GitHub, Bitbucket or any version control systems such as SVN, TFVC

3. Experience in Continuous Integrations tools such as Jenkins, TeamCity, Circle CI 

4. Experience in Code quality tool/security scanning tools - Sonarqube, Aquasec Trivy

5. Experience in Infrastructure automation tools such as Terraform, AWS cloud formation

6. Experience in Configuration Management tools such as Ansible, Puppet or Chef

7. Experience in scripting languages such as YAML, groovy, Ruby, Python and Shell

8. Experience in containers such as Docker, Kubernetes and Helm

9. Experience in Monitoring tools such as Prometheus, Grafana

10. Ability to troubleshoot in case builds, deployments failure.

11. Any cloud knowledge and experience - AWS, Azure and Google cloud

Soft skills employers are looking:

These days employers are not only looking for strong technical skills but also looking "soft skills" which are essentials to become successful in IT. If you think if you are lagging on any of these skills, no worries. All these skills can be developed and improved over period of time by practicing.

1. Open minded

2. Willingness to learn new skills

3. Communication

4. Approachable

5. "Get it done" attitude

6. Being adaptable. 

- No comments:

DevSecOps Bootcamp Jan 2025 Schedule | DevOps & AWS Azure Cloud Coaching by Coach AK | DevSecOps and Cloud Computing Online Classes

  (Lot of new topics covered like GitHub Actions, Helm and Monitoring..)

The DevOps requirements in the IT market space is expected to grow by 35% by 2024. Getting a DevOps education now is a great investment into your future, which will pay off very fast!

You are in the right place to kick start your career in DevOps. DevOps is one of the top and hot IT skills right now. Currently almost all the employers are struggling to get right resources in their teams who can do the DevOps and automation work..You could be that person by attending this coaching program.

DevSecOps Coaching schedule - Jan 2025 (promotions are on, please contact Coach AK)

Date Time Type When?
Jan 7th 6:00 to 8:00 PM CST Weekdays Tuesdays/Thursdays    
Jan 19th 09:45 AM CST - 11:30 AM CST on Saturdays
10:30 AM CST - 12:30 PM CST on Sundays     		Weekends Sat/Sundays

DevOps Coaching Highlights:
Comprehensive hands on knowledge on Git, GitHub, Jenkins, Maven, SonarQube, Nexus, Terraform, Ansible, Docker, Kubernetes, Helm, Prometheus, Docker registry, AWS and Azure cloud platform.

To join DevOps Coaching classes, please contact Coach AK below:
Contact no# : +1 (469)733-5248, +1 (561) 993-0420
WhatsApp #: +1 (469)733-5248, +1 (561) 993-0420

Email id: contact.devopscoaching@gmail.com
Contact Name: Coach AK


- No comments:
Labels:
Subscribe to: Posts (Atom)

Setup AquaSec Trivy for Vulnerablity scanning | How to Set Up Trivy Scanner in Jenkins | How to scan Docker image using Trivy

What is Trivy? open-source security scanner tool developed by Aqua Security.  Used for vulnerability scanning in such as  ...