Difference between revisions of "Trivy"
Jump to navigation
Jump to search
| (15 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
[[wikipedia:Trivy]] [[security scanner]] | [[wikipedia:Trivy]] [[security scanner]] | ||
* https://github.com/aquasecurity/trivy | * https://github.com/aquasecurity/trivy | ||
| + | |||
| + | * [[Trivy secret scanning]] | ||
| + | * <code>[[brew install trivy]]</code> | ||
| + | * <code>[[trivy --help]]</code> | ||
| + | |||
| + | == Examples == | ||
| + | * <code>[[trivy image]]</code> | ||
| + | * <code>[[trivy filesystem]]</code> | ||
| + | * <code>[[trivy repository]]</code> | ||
| + | |||
| + | [[trivy]] | ||
| + | <pre> | ||
| + | Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues and hard-coded secrets | ||
| + | |||
| + | Usage: | ||
| + | trivy [global flags] command [flags] target | ||
| + | trivy [command] | ||
| + | |||
| + | Examples: | ||
| + | # Scan a container image | ||
| + | $ trivy image python:3.4-alpine | ||
| + | |||
| + | # Scan a container image from a tar archive | ||
| + | $ trivy image --input ruby-3.1.tar | ||
| + | |||
| + | # Scan local filesystem | ||
| + | $ trivy fs . | ||
| + | |||
| + | # Run in server mode | ||
| + | $ trivy server | ||
| + | |||
| + | Scanning Commands | ||
| + | config Scan config files for misconfigurations | ||
| + | filesystem Scan local filesystem | ||
| + | image Scan a container image | ||
| + | kubernetes [EXPERIMENTAL] Scan kubernetes cluster | ||
| + | repository Scan a repository | ||
| + | rootfs Scan rootfs | ||
| + | sbom Scan SBOM for vulnerabilities and licenses | ||
| + | vm [EXPERIMENTAL] Scan a virtual machine image | ||
| + | |||
| + | Management Commands | ||
| + | module Manage modules | ||
| + | plugin Manage plugins | ||
| + | vex [EXPERIMENTAL] VEX utilities | ||
| + | |||
| + | Utility Commands | ||
| + | clean Remove cached files | ||
| + | completion Generate the autocompletion script for the specified shell | ||
| + | convert Convert Trivy JSON report into a different format | ||
| + | help Help about any command | ||
| + | server Server mode | ||
| + | version Print the version | ||
| + | |||
| + | Flags: | ||
| + | --cache-dir string cache directory (default "/Users/user/Library/Caches/trivy") | ||
| + | -c, --config string config path (default "trivy.yaml") | ||
| + | -d, --debug debug mode | ||
| + | -f, --format string version format (json) | ||
| + | --generate-default-config write the default config to trivy-default.yaml | ||
| + | -h, --help help for trivy | ||
| + | --insecure allow insecure server connections | ||
| + | -q, --quiet suppress progress bar and log output | ||
| + | --timeout duration timeout (default 5m0s) | ||
| + | -v, --version show version | ||
| + | |||
| + | Use "trivy [command] --help" for more information about a command. | ||
| + | |||
| + | </pre> | ||
== Related == | == Related == | ||
| Line 6: | Line 75: | ||
* [[Trivy operator]] | * [[Trivy operator]] | ||
* <code>[[securityContext:]]</code> | * <code>[[securityContext:]]</code> | ||
| + | * [[Container hardening]] | ||
== See also == | == See also == | ||
| + | * {{Trivy}} | ||
* {{K8s security}} | * {{K8s security}} | ||
| + | * {{Container scan}} | ||
* {{Aquasec}} | * {{Aquasec}} | ||
| − | |||
[[Category:Security]] | [[Category:Security]] | ||
Latest revision as of 12:27, 8 November 2024
wikipedia:Trivy security scanner
Examples[edit]
trivy
Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues and hard-coded secrets
Usage:
trivy [global flags] command [flags] target
trivy [command]
Examples:
# Scan a container image
$ trivy image python:3.4-alpine
# Scan a container image from a tar archive
$ trivy image --input ruby-3.1.tar
# Scan local filesystem
$ trivy fs .
# Run in server mode
$ trivy server
Scanning Commands
config Scan config files for misconfigurations
filesystem Scan local filesystem
image Scan a container image
kubernetes [EXPERIMENTAL] Scan kubernetes cluster
repository Scan a repository
rootfs Scan rootfs
sbom Scan SBOM for vulnerabilities and licenses
vm [EXPERIMENTAL] Scan a virtual machine image
Management Commands
module Manage modules
plugin Manage plugins
vex [EXPERIMENTAL] VEX utilities
Utility Commands
clean Remove cached files
completion Generate the autocompletion script for the specified shell
convert Convert Trivy JSON report into a different format
help Help about any command
server Server mode
version Print the version
Flags:
--cache-dir string cache directory (default "/Users/user/Library/Caches/trivy")
-c, --config string config path (default "trivy.yaml")
-d, --debug debug mode
-f, --format string version format (json)
--generate-default-config write the default config to trivy-default.yaml
-h, --help help for trivy
--insecure allow insecure server connections
-q, --quiet suppress progress bar and log output
--timeout duration timeout (default 5m0s)
-v, --version show version
Use "trivy [command] --help" for more information about a command.
Related[edit]
- Lens Desktop, enable Trivy operator
- Trivy operator
securityContext:- Container hardening
See also[edit]
- Trivy, Trivy secret scanning,
trivy filesystem - Kubernetes security, OPA, EKS security, PSA, PSS, CKS,
SecurityContext, Trivy, KubeBench, Kubernetes Admission Controllersadmissionregistration.k8s.io, Hardeneks, Gatekeeper (Kubernetes),kubernetes.io/enforce-mountable-secrets, Auditing - Container scanning, AWS ECR security image scanning, Docker Scout, dependabot, Grype, Coguard
- Aquasec, Trivy,
aquasecurity.github.io, kind: ConfigAuditReport, Aqua Enforcers,tfsec, Kube Enforcer
Advertising:
