What is Trivy?
- open-source security scanner tool developed by Aqua Security.
- Used for vulnerability scanning in such as
- container images
- file systems/folders
- Git repositories
- Kubernetes clusters
- misconfiguration in files such as Terraform, K8S manifest files
- Trivy helps identify security issues and misconfigurations early in the software development lifecycle.
How to Install Trivy scanner on Linux OS?
Trivy scanner can be installed so many ways. Check here for more information. But we will using APT package manager to
install on Ubuntu.
sudo apt-get install wget gnupg -y
wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | gpg
--dearmor | sudo tee /usr/share/keyrings/trivy.gpg >
/dev/null
echo "deb [signed-by=/usr/share/keyrings/trivy.gpg]
https://aquasecurity.github.io/trivy-repo/deb generic main" | sudo tee -a
/etc/apt/sources.list.d/trivy.list
sudo apt-get update
sudo apt-get install trivy -y
Check Trivy got installed
trivy --version
This confirm that Trivy got installed successfully.
Perform Docker image scan locally
trivy image nginx:latest
where nginx is name of the docker image
You can also pass arguments to filter based on severity
trivy image --severity HIGH,CRITICAL,MEDIUM nginx:latest
Perform scanning a Git Repo
where repo_url is the public git repo that you want to scan
Perform scanning a file system locally
trivy fs your_folder
where your_folder is directory on your machine where you have installed
Trivy.
Additional links:
If you want to integrate Trivy with Jenkins CICD pipeline for automating
docker image scanning, please click
here.
If you want to integrate Trivy with Azure DevOps CICD pipeline for
automating docker image scanning, please click here.
Watch the video in my YouTube channel:
No comments:
Post a Comment