Difference between revisions of "Trivy"
Jump to navigation
Jump to search
| Line 4: | Line 4: | ||
* [[Trivy secret scanning]] | * [[Trivy secret scanning]] | ||
* <code>[[brew install trivy]]</code> | * <code>[[brew install trivy]]</code> | ||
| + | * <code>[[trivy --help]]</code> | ||
== Examples == | == Examples == | ||
Revision as of 12:12, 8 November 2024
wikipedia:Trivy security scanner
Examples
trivy
Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues and hard-coded secrets
Usage:
trivy [global flags] command [flags] target
trivy [command]
Examples:
# Scan a container image
$ trivy image python:3.4-alpine
# Scan a container image from a tar archive
$ trivy image --input ruby-3.1.tar
# Scan local filesystem
$ trivy fs .
# Run in server mode
$ trivy server
Scanning Commands
config Scan config files for misconfigurations
filesystem Scan local filesystem
image Scan a container image
kubernetes [EXPERIMENTAL] Scan kubernetes cluster
repository Scan a repository
rootfs Scan rootfs
sbom Scan SBOM for vulnerabilities and licenses
vm [EXPERIMENTAL] Scan a virtual machine image
Management Commands
module Manage modules
plugin Manage plugins
vex [EXPERIMENTAL] VEX utilities
Utility Commands
clean Remove cached files
completion Generate the autocompletion script for the specified shell
convert Convert Trivy JSON report into a different format
help Help about any command
server Server mode
version Print the version
Flags:
--cache-dir string cache directory (default "/Users/user/Library/Caches/trivy")
-c, --config string config path (default "trivy.yaml")
-d, --debug debug mode
-f, --format string version format (json)
--generate-default-config write the default config to trivy-default.yaml
-h, --help help for trivy
--insecure allow insecure server connections
-q, --quiet suppress progress bar and log output
--timeout duration timeout (default 5m0s)
-v, --version show version
Use "trivy [command] --help" for more information about a command.
Related
- Lens Desktop, enable Trivy operator
- Trivy operator
securityContext:- Container hardening
See also
- Trivy, Trivy secret scanning,
trivy filesystem - Kubernetes security, OPA, EKS security, PSA, PSS, CKS,
SecurityContext, Trivy, KubeBench, Kubernetes Admission Controllersadmissionregistration.k8s.io, Hardeneks, Gatekeeper (Kubernetes),kubernetes.io/enforce-mountable-secrets, Auditing - Container scanning, AWS ECR security image scanning, Docker Scout, dependabot, Grype, Coguard
- Aquasec, Trivy,
aquasecurity.github.io, kind: ConfigAuditReport, Aqua Enforcers,tfsec, Kube Enforcer
Advertising:
