M2Ko

Trivy

Home
AIX
AIX
- Cluster
  Cluster
  - HACMP
- Management
  Management
  - HMC
  - Vios
- Network
  Network
  - Interface
  - NFS
  - Route
- Others
  Others
  - Mail
  - Perl
  - Printers
- Package
  Package
  - Alt RootVG
  - DVD Install
  - Library
  - Nim
  - Package/Fix
  - Upgrade
  - Yum
- Performance
  Performance
- Procedures
  Procedures
  - Install PowerPath
  - Migrate rootvg
- Service
  Service
  - Service
- Storage
  Storage
  - FC Card
  - FileSystem
  - LVM
  - MPio
  - Volume
- Troubleshooting
  Troubleshooting
  - Logs/Trace
- User
  User
  - Limits
  - User/Group
Codes
Codes
- Bash
  Bash
  - Variables
- Java
  Java
  - Jar File
- Python
  Python
  - Tips
  - Module
    Module
    
    Argparse
    
    Boto3
    
    CSV
    
    Multiprocess
    
    Regex (re)
    
    SSH
  - Tools
    Tools
    
    Convert Size
    
    Week's Day
    
    LDAP Extract
    
    Slugger
- Shell
  Shell
  - Commands
    Commands
    
    Awk
    
    Find
    
    Sed
    
    Set
  - Widget
    Widget
    
    Column
    
    Progress Bar
    
    Size Convert
- Tools
  Tools
  - JQ
- Windows
  Windows
  - Excel
Containers
Containers
- Kubernetes
  Kubernetes
  - Cert-Manager
  - KubeAdm
  - kubectl
  - Network
  - Plugins
  - Tips
- Openshift
  Openshift
  - Label/Selector
  - Network
    Network
    
    Egress
    
    Ingress
    
    Network Policy
    
    OVN Network
  - Objects
    Objects
    
    StateFulSet
  - Security
    Security
    
    Certificate
    
    Roles
    
    SCC
    
    Users/Groups and Access
  - Storage
    Storage
    
    Volumes
  - Troubleshooting
    Troubleshooting
    
    Basics
    
    Etcd
    
    KubeApi
    
    Logs/Events
    
    Management
  - Upgrade
    Upgrade
    
    Machine Configs
    
    Upgrade
- Runtime
  Runtime
  - Docker
  - Podman
- Tools
  Tools
  - Docker Compose
  - Helm
  - Kaniko
  - Kasten
  - Trivy Trivy
    Table of contents
    
    What is Trivy
    
    Commands
Linux
Linux
- Cluster
  Cluster
  - Pacemaker
- Network
  Network
  - Bonding
  - IPTables
  - Netstat
  - Network Manager
  - NFS
  - Routes
- Others
  Others
  - Crontab
  - Mail
  - TimeZone
- Package
  Package
  - DNF
  - RPM
  - Yum
- Performance
  Performance
  - Memory/Swap
- Security
  Security
  - Aide
  - CVE
  - OpenScap
  - Password
  - Permission
  - SELinux
  - SSH
  - Sudo
- Service
  Service
  - Process/Service
  - Systemd
- Storage
  Storage
- Tools
  Tools
  - Apache
  - NMON
  - OpenSSL
  - Rear
  - Rsync
  - Satellite
  - Screen
  - Tmux
  - Udev
  - Utils
  - Vi Editor
- Troubleshooting
  Troubleshooting
  - Auditd
  - Filesystem
  - Kernel
  - History/Logs
  - Network
  - Rescue/Recovery
  - SysCall
- User
  User
  - Limits
  - User/Group
Others
Others
- Cloud
  Cloud
  - GCP
    GCP
    
    Client
  - Openstack
    Openstack
    
    Client
- Database
  Database
  - Elasticsearch
  - Etcd
  - Etcd
  - MariaDB
  - MongoDB
  - Oracle
  - Patroni
  - Postgres
  - Prometheus
  - SQL
- DevOps
  DevOps
  - Git
  - GitLab
  - Vault
  - Ansible
    Ansible
    
    Ad-Hoc
    
    Callback
    
    Config
    
    Functions
    
    Meta
    
    Modules
- Hardware
  Hardware
  - ILO
    ILO
    
    Dell Idrac
- Monitoring
  Monitoring
  - Graylog
  - Logstash
- Network
  Network
  - CIDR Subnet
- Tips
  Tips
  - Clavier
- Windows
  Windows
  - Network
Storage
Storage
- Ceph
  Ceph
  - Base
  - Block Storage
  - CephFS
  - Object Storage
  - OSD
  - Troubleshooting
- EMC
  EMC
  - Unipshere
  - VMax
- S3
  S3
  - AWS Cli
  - RCLone
  - S3Cmd

Tools - Trivy

What is Trivy

Trivy (tri pronounced like trigger, vy pronounced like envy) is a simple and comprehensive scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues. Trivy detects vulnerabilities of OS packages (Alpine, RHEL, CentOS, etc.) and language-specific packages (Bundler, Composer, npm, yarn, etc.). In addition, Trivy scans Infrastructure as Code (IaC) files such as Terraform, Dockerfile and Kubernetes, to detect potential configuration issues that expose your deployments to the risk of attack. Trivy is easy to use. Just install the binary and you're ready to scan.

Github: https://github.com/aquasecurity/trivy

Commands

Scan image's vulnerabilities:

trivy image (--severity={severity}) {image}
# Examples:
#  Only CRITICAL vulnerabilities:
#    trivy image --severity=CRITICAL docker.io/graylog:3.3
#
#  All vulnerabilities:
#    trivy image docker.io/graylog:3.3