|
3 days ago | |
---|---|---|
.github | 3 weeks ago | |
ci | 2 months ago | |
cmd/trivy | 1 month ago | |
contrib | 3 days ago | |
docs | 1 week ago | |
helm/trivy | 1 month ago | |
integration | 3 days ago | |
misc | 1 month ago | |
pkg | 3 days ago | |
rpc | 2 months ago | |
.clang-format | 1 year ago | |
.dockerignore | 9 months ago | |
.gitignore | 1 month ago | |
.golangci.yaml | 1 month ago | |
CONTRIBUTING.md | 1 year ago | |
Dockerfile | 5 months ago | |
LICENSE | 1 year ago | |
Makefile | 1 month ago | |
NOTICE | 1 year ago | |
README.md | 1 month ago | |
codecov.yml | 8 months ago | |
go.mod | 1 month ago | |
go.sum | 1 month ago | |
goreleaser.yml | 3 weeks ago | |
mkdocs.yml | 4 weeks ago |
A Simple and Comprehensive Vulnerability Scanner for Containers and other Artifacts, Suitable for CI.
Trivy
(tri
pronounced like trigger, vy
pronounced like envy) is a simple and comprehensive vulnerability scanner for containers and other artifacts.
A software vulnerability is a glitch, flaw, or weakness present in the software or in an Operating System.
Trivy
detects vulnerabilities of OS packages (Alpine, RHEL, CentOS, etc.) and application dependencies (Bundler, Composer, npm, yarn, etc.).
Trivy
is easy to use. Just install the binary and you're ready to scan. All you need to do for scanning is to specify a target such as an image name of the container.
Trivy can be run in two different modes:
Trivy can scan three different artifacts:
It is considered to be used in CI. Before pushing to a container registry or deploying your application, you can scan your local container image and other artifacts easily. See here for details.
apt-get install
, yum install
and brew install
is possible (See Installation)docker save
/ podman save
formatted filePlease see LICENSE for Trivy licensing information. Note that Trivy uses vulnerability information from a variety of sources, some of which are licensed for non-commercial use only.
The official documentation, which provides detailed installation, configuration, and quick start guides, is available at https://aquasecurity.github.io/trivy/.
See here
Simply specify an image name (and a tag).
$ trivy image [YOUR_IMAGE_NAME]
For example:
$ trivy image python:3.4-alpine
2019-05-16T01:20:43.180+0900 INFO Updating vulnerability database...
2019-05-16T01:20:53.029+0900 INFO Detecting Alpine vulnerabilities...
python:3.4-alpine3.9 (alpine 3.9.2)
===================================
Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0)
+---------+------------------+----------+-------------------+---------------+--------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+---------+------------------+----------+-------------------+---------------+--------------------------------+
| openssl | CVE-2019-1543 | MEDIUM | 1.1.1a-r1 | 1.1.1b-r1 | openssl: ChaCha20-Poly1305 |
| | | | | | with long nonces |
+---------+------------------+----------+-------------------+---------------+--------------------------------+
See here
See here
See here
See here
Teppei Fukuda (knqyf263)