Difference between revisions of "Trivy"
Jump to navigation
Jump to search
(14 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
[[wikipedia:Trivy]] [[security scanner]] | [[wikipedia:Trivy]] [[security scanner]] | ||
* https://github.com/aquasecurity/trivy | * https://github.com/aquasecurity/trivy | ||
+ | |||
+ | * [[Trivy secret scanning]] | ||
+ | * <code>[[brew install trivy]]</code> | ||
+ | * <code>[[trivy --help]]</code> | ||
+ | |||
+ | == Examples == | ||
+ | * <code>[[trivy image]]</code> | ||
+ | * <code>[[trivy filesystem]]</code> | ||
+ | * <code>[[trivy repository]]</code> | ||
+ | |||
+ | [[trivy]] | ||
+ | <pre> | ||
+ | Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues and hard-coded secrets | ||
+ | |||
+ | Usage: | ||
+ | trivy [global flags] command [flags] target | ||
+ | trivy [command] | ||
+ | |||
+ | Examples: | ||
+ | # Scan a container image | ||
+ | $ trivy image python:3.4-alpine | ||
+ | |||
+ | # Scan a container image from a tar archive | ||
+ | $ trivy image --input ruby-3.1.tar | ||
+ | |||
+ | # Scan local filesystem | ||
+ | $ trivy fs . | ||
+ | |||
+ | # Run in server mode | ||
+ | $ trivy server | ||
+ | |||
+ | Scanning Commands | ||
+ | config Scan config files for misconfigurations | ||
+ | filesystem Scan local filesystem | ||
+ | image Scan a container image | ||
+ | kubernetes [EXPERIMENTAL] Scan kubernetes cluster | ||
+ | repository Scan a repository | ||
+ | rootfs Scan rootfs | ||
+ | sbom Scan SBOM for vulnerabilities and licenses | ||
+ | vm [EXPERIMENTAL] Scan a virtual machine image | ||
+ | |||
+ | Management Commands | ||
+ | module Manage modules | ||
+ | plugin Manage plugins | ||
+ | vex [EXPERIMENTAL] VEX utilities | ||
+ | |||
+ | Utility Commands | ||
+ | clean Remove cached files | ||
+ | completion Generate the autocompletion script for the specified shell | ||
+ | convert Convert Trivy JSON report into a different format | ||
+ | help Help about any command | ||
+ | server Server mode | ||
+ | version Print the version | ||
+ | |||
+ | Flags: | ||
+ | --cache-dir string cache directory (default "/Users/user/Library/Caches/trivy") | ||
+ | -c, --config string config path (default "trivy.yaml") | ||
+ | -d, --debug debug mode | ||
+ | -f, --format string version format (json) | ||
+ | --generate-default-config write the default config to trivy-default.yaml | ||
+ | -h, --help help for trivy | ||
+ | --insecure allow insecure server connections | ||
+ | -q, --quiet suppress progress bar and log output | ||
+ | --timeout duration timeout (default 5m0s) | ||
+ | -v, --version show version | ||
+ | |||
+ | Use "trivy [command] --help" for more information about a command. | ||
+ | |||
+ | </pre> | ||
== Related == | == Related == | ||
Line 9: | Line 78: | ||
== See also == | == See also == | ||
+ | * {{Trivy}} | ||
* {{K8s security}} | * {{K8s security}} | ||
+ | * {{Container scan}} | ||
* {{Aquasec}} | * {{Aquasec}} | ||
− | |||
[[Category:Security]] | [[Category:Security]] |
Latest revision as of 12:27, 8 November 2024
wikipedia:Trivy security scanner
Examples[edit]
trivy
Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues and hard-coded secrets Usage: trivy [global flags] command [flags] target trivy [command] Examples: # Scan a container image $ trivy image python:3.4-alpine # Scan a container image from a tar archive $ trivy image --input ruby-3.1.tar # Scan local filesystem $ trivy fs . # Run in server mode $ trivy server Scanning Commands config Scan config files for misconfigurations filesystem Scan local filesystem image Scan a container image kubernetes [EXPERIMENTAL] Scan kubernetes cluster repository Scan a repository rootfs Scan rootfs sbom Scan SBOM for vulnerabilities and licenses vm [EXPERIMENTAL] Scan a virtual machine image Management Commands module Manage modules plugin Manage plugins vex [EXPERIMENTAL] VEX utilities Utility Commands clean Remove cached files completion Generate the autocompletion script for the specified shell convert Convert Trivy JSON report into a different format help Help about any command server Server mode version Print the version Flags: --cache-dir string cache directory (default "/Users/user/Library/Caches/trivy") -c, --config string config path (default "trivy.yaml") -d, --debug debug mode -f, --format string version format (json) --generate-default-config write the default config to trivy-default.yaml -h, --help help for trivy --insecure allow insecure server connections -q, --quiet suppress progress bar and log output --timeout duration timeout (default 5m0s) -v, --version show version Use "trivy [command] --help" for more information about a command.
Related[edit]
- Lens Desktop, enable Trivy operator
- Trivy operator
securityContext:
- Container hardening
See also[edit]
- Trivy, Trivy secret scanning,
trivy filesystem
- Kubernetes security, OPA, EKS security, PSA, PSS, CKS,
SecurityContext
, Trivy, KubeBench, Kubernetes Admission Controllersadmissionregistration.k8s.io
, Hardeneks, Gatekeeper (Kubernetes),kubernetes.io/enforce-mountable-secrets
, Auditing - Container scanning, AWS ECR security image scanning, Docker Scout, dependabot, Grype, Coguard
- Aquasec, Trivy,
aquasecurity.github.io, kind: ConfigAuditReport
, Aqua Enforcers,tfsec
, Kube Enforcer
Advertising: