Difference between revisions of "Trivy"
Jump to navigation
Jump to search
(One intermediate revision by the same user not shown) | |||
Line 4: | Line 4: | ||
* [[Trivy secret scanning]] | * [[Trivy secret scanning]] | ||
* <code>[[brew install trivy]]</code> | * <code>[[brew install trivy]]</code> | ||
+ | * <code>[[trivy --help]]</code> | ||
== Examples == | == Examples == | ||
+ | * <code>[[trivy image]]</code> | ||
* <code>[[trivy filesystem]]</code> | * <code>[[trivy filesystem]]</code> | ||
* <code>[[trivy repository]]</code> | * <code>[[trivy repository]]</code> |
Latest revision as of 12:27, 8 November 2024
wikipedia:Trivy security scanner
Examples[edit]
trivy
Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues and hard-coded secrets Usage: trivy [global flags] command [flags] target trivy [command] Examples: # Scan a container image $ trivy image python:3.4-alpine # Scan a container image from a tar archive $ trivy image --input ruby-3.1.tar # Scan local filesystem $ trivy fs . # Run in server mode $ trivy server Scanning Commands config Scan config files for misconfigurations filesystem Scan local filesystem image Scan a container image kubernetes [EXPERIMENTAL] Scan kubernetes cluster repository Scan a repository rootfs Scan rootfs sbom Scan SBOM for vulnerabilities and licenses vm [EXPERIMENTAL] Scan a virtual machine image Management Commands module Manage modules plugin Manage plugins vex [EXPERIMENTAL] VEX utilities Utility Commands clean Remove cached files completion Generate the autocompletion script for the specified shell convert Convert Trivy JSON report into a different format help Help about any command server Server mode version Print the version Flags: --cache-dir string cache directory (default "/Users/user/Library/Caches/trivy") -c, --config string config path (default "trivy.yaml") -d, --debug debug mode -f, --format string version format (json) --generate-default-config write the default config to trivy-default.yaml -h, --help help for trivy --insecure allow insecure server connections -q, --quiet suppress progress bar and log output --timeout duration timeout (default 5m0s) -v, --version show version Use "trivy [command] --help" for more information about a command.
Related[edit]
- Lens Desktop, enable Trivy operator
- Trivy operator
securityContext:
- Container hardening
See also[edit]
- Trivy, Trivy secret scanning,
trivy filesystem
- Kubernetes security, OPA, EKS security, PSA, PSS, CKS,
SecurityContext
, Trivy, KubeBench, Kubernetes Admission Controllersadmissionregistration.k8s.io
, Hardeneks, Gatekeeper (Kubernetes),kubernetes.io/enforce-mountable-secrets
, Auditing - Container scanning, AWS ECR security image scanning, Docker Scout, dependabot, Grype, Coguard
- Aquasec, Trivy,
aquasecurity.github.io, kind: ConfigAuditReport
, Aqua Enforcers,tfsec
, Kube Enforcer
Advertising: