If you’re looking for a simple and comprehensive vulnerability scanner for your containers then Trivy is the best choice. In this post, we see how to scan a sample image & its key features.
Scanner | OS Packages | Application Dependencies | Easy to use | Accuracy | Suitable for CI |
---|---|---|---|---|---|
Trivy | ✅ | ✅ (5 languages) | ⭐ ⭐ ⭐ | ⭐ ⭐ ⭐ | ⭐ ⭐ ⭐ |
Clair | ✅ | × | ⭐ | ⭐ ⭐ | ⭐ ⭐ |
Anchore Engine | ✅ | ✅ (4 languages) | ⭐ ⭐ | ⭐ ⭐ | ⭐ ⭐ ⭐ |
Quay | ✅ | × | ⭐ ⭐ ⭐ | ⭐ ⭐ | × |
Docker Hub | ✅ | × | ⭐ ⭐ ⭐ | ⭐ | × |
GCR | ✅ | × | ⭐ ⭐ ⭐ | ⭐ ⭐ | × |
In the next section, we take look at how to scan a sample image for vulnerabilities.
I’m using Ubuntu, following is the script will install Trivy for me. For other distros, please do check here.
$ sudo apt-get install wget apt-transport-https gnupg lsb-release
$ wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -
$ echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list.d/trivy.list
$ sudo apt-get update
$ sudo apt-get install trivy
Now that Trivy installation completed, Next step we can scan a sample image and check vulnerabilities.
Use trivy image [IMAGE_NAME]
to initiate scanning and getting vulnerabilities here in this example I have used httpd
image. As you can see there are a total of 332 vulnerabilities with varying severities.
You can also filter the vulnerabilities by severities with --severity
option
To save the results as JSON,use -f
and -o
option
There are many options/examples, you can check out all of them here.
Like this post? Don’t forget to share it!
The cryptocurrency market is famed for its volatility, presenting each opportunity and demanding situations for…
Games since time immemorial have been winning at captivating the users and teleporting them onto…
We are living within an innovation curve wherein cutting-edge technologies are making a hustle and…
Whether it’s the healthcare industry or the automobile sector, artificial intelligence has left its impact…
Facts only- The big Artificial Intelligence push is unraveling in 2024. No, it wasn’t merely…
In the fiercely competitive world of Hire Developers for Startup, success hinges not just on…
This website uses cookies.