Trivy
wikipedia:Trivy security scanner
Examples
trivy
Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues and hard-coded secrets Usage: trivy [global flags] command [flags] target trivy [command] Examples: # Scan a container image $ trivy image python:3.4-alpine # Scan a container image from a tar archive $ trivy image --input ruby-3.1.tar # Scan local filesystem $ trivy fs . # Run in server mode $ trivy server Scanning Commands config Scan config files for misconfigurations filesystem Scan local filesystem image Scan a container image kubernetes [EXPERIMENTAL] Scan kubernetes cluster repository Scan a repository rootfs Scan rootfs sbom Scan SBOM for vulnerabilities and licenses vm [EXPERIMENTAL] Scan a virtual machine image Management Commands module Manage modules plugin Manage plugins vex [EXPERIMENTAL] VEX utilities Utility Commands clean Remove cached files completion Generate the autocompletion script for the specified shell convert Convert Trivy JSON report into a different format help Help about any command server Server mode version Print the version Flags: --cache-dir string cache directory (default "/Users/user/Library/Caches/trivy") -c, --config string config path (default "trivy.yaml") -d, --debug debug mode -f, --format string version format (json) --generate-default-config write the default config to trivy-default.yaml -h, --help help for trivy --insecure allow insecure server connections -q, --quiet suppress progress bar and log output --timeout duration timeout (default 5m0s) -v, --version show version Use "trivy [command] --help" for more information about a command.
Related
- Lens Desktop, enable Trivy operator
- Trivy operator
securityContext:
- Container hardening
See also
- Trivy, Trivy secret scanning,
trivy filesystem
- Kubernetes security, OPA, EKS security, PSA, PSS, CKS,
SecurityContext
, Trivy, KubeBench, Kubernetes Admission Controllersadmissionregistration.k8s.io
, Hardeneks, Gatekeeper (Kubernetes),kubernetes.io/enforce-mountable-secrets
, Auditing - Container scanning, AWS ECR security image scanning, Docker Scout, dependabot, Grype, Coguard
- Aquasec, Trivy,
aquasecurity.github.io, kind: ConfigAuditReport
, Aqua Enforcers,tfsec
, Kube Enforcer
Advertising: