Trivy

wikipedia:Trivy security scanner

• https://github.com/aquasecurity/trivy

• Trivy secret scanning
• brew install trivy

Examples[edit]

• trivy filesystem
• trivy repository

trivy 

Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues and hard-coded secrets

Usage:
  trivy [global flags] command [flags] target
  trivy [command]

Examples:
  # Scan a container image
  $ trivy image python:3.4-alpine

  # Scan a container image from a tar archive
  $ trivy image --input ruby-3.1.tar

  # Scan local filesystem
  $ trivy fs .

  # Run in server mode
  $ trivy server

Scanning Commands
  config      Scan config files for misconfigurations
  filesystem  Scan local filesystem
  image       Scan a container image
  kubernetes  [EXPERIMENTAL] Scan kubernetes cluster
  repository  Scan a repository
  rootfs      Scan rootfs
  sbom        Scan SBOM for vulnerabilities and licenses
  vm          [EXPERIMENTAL] Scan a virtual machine image

Management Commands
  module      Manage modules
  plugin      Manage plugins
  vex         [EXPERIMENTAL] VEX utilities

Utility Commands
  clean       Remove cached files
  completion  Generate the autocompletion script for the specified shell
  convert     Convert Trivy JSON report into a different format
  help        Help about any command
  server      Server mode
  version     Print the version

Flags:
      --cache-dir string          cache directory (default "/Users/user/Library/Caches/trivy")
  -c, --config string             config path (default "trivy.yaml")
  -d, --debug                     debug mode
  -f, --format string             version format (json)
      --generate-default-config   write the default config to trivy-default.yaml
  -h, --help                      help for trivy
      --insecure                  allow insecure server connections
  -q, --quiet                     suppress progress bar and log output
      --timeout duration          timeout (default 5m0s)
  -v, --version                   show version

Use "trivy [command] --help" for more information about a command.

Related[edit]

• Lens Desktop, enable Trivy operator
• Trivy operator
• securityContext:
• Container hardening

See also[edit]

• Trivy, Trivy secret scanning, trivy filesystem
• Kubernetes security, OPA, EKS security, PSA, PSS, CKS, SecurityContext, Trivy, KubeBench, Kubernetes Admission Controllers admissionregistration.k8s.io, Hardeneks, Gatekeeper (Kubernetes), kubernetes.io/enforce-mountable-secrets, Auditing
• Aquasec, Trivy, aquasecurity.github.io, kind: ConfigAuditReport, Aqua Enforcers, tfsec, Kube Enforcer