Tuesday, January 21, 2025

How to Setup AquaSec Trivy Vulnerability Scanner | How to install AquaSec Trivy Scanner on Linux OS | Security Scanning Tool | DevSecOps Tutorials

What is Trivy?

  • open-source security scanner tool developed by Aqua Security. 
  • Used for vulnerability scanning in such as 
    • container images 
    • file systems/folders 
    • Git repositories
    • Kubernetes clusters
    • misconfiguration in files such as Terraform, K8S manifest files
  • Trivy helps identify security issues and misconfigurations early in the software development lifecycle.

How to Install Trivy scanner on Linux OS?

Trivy scanner can be installed so many ways. Check here for more information. But we will using APT package manager to install on Ubuntu.

sudo apt-get install wget gnupg -y
wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | gpg --dearmor | sudo tee /usr/share/keyrings/trivy.gpg > /dev/null 
echo "deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb generic main" | sudo tee -a /etc/apt/sources.list.d/trivy.list 
sudo apt-get update 
sudo apt-get install trivy -y

Check Trivy got installed
trivy --version


This confirm that Trivy got installed successfully.

Perform Docker image scan locally
trivy image nginx:latest

where nginx is name of the docker image

You can also pass arguments to filter based on severity
trivy image --severity HIGH,CRITICAL,MEDIUM nginx:latest

Perform scanning a Git Repo

where repo_url is the public git repo that you want to scan

Perform scanning a file system locally
trivy fs your_folder

where your_folder is directory on your machine where you have installed Trivy.

Additional links:
If you want to integrate Trivy with Jenkins CICD pipeline for automating docker image scanning, please click here.
If you want to integrate Trivy with Azure DevOps CICD pipeline for automating docker image scanning, please click here.

Watch the video in my YouTube channel:

No comments:

Post a Comment

DevSecOps Bootcamp Feb 2025 Schedule | DevOps & AWS Azure Cloud Coaching by Coach AK | DevSecOps and Cloud Computing Online Classes

🚀 Join the Ultimate DevSecOps Bootcamp – February 2025! 🔥 Are you ready to supercharge your career in DevSecOps ? Whether you're a be...