- Trivy is an open-source vulnerability scanner specifically designed for containerized environments.
- It focuses on identifying security issues in container images, such as Docker images.
- The tool is developed by Aqua Security, and its primary purpose is to help users find vulnerabilities in the software packages and dependencies included in container images.
Trivy has scanners that look for security issues, and targets where it can find those issues.
Targets (what Trivy can scan):
- Container Image
- Filesystem
- Git Repository (remote)
- Virtual Machine Image
- Kubernetes
- AWS
Scanners (what Trivy can find there):
- OS packages and software dependencies in use (SBOM)
- Known vulnerabilities (CVEs)
- IaC issues and misconfigurations
- Sensitive information and secrets
- Software licenses
# Installing Docker from the Default Repositories
Step 1: Update the Repository
Ensure that the local system package repository is updated by running:
sudo apt update
Step 2: Install Docker
Run the following command to install Docker:
sudo apt install docker.io -y
Step 3: Install Dependencies
Install all the Docker dependency packages by running the following command:
sudo snap install docker
Step 4: Check Installation
Check whether Docker was properly installed by running the status command or checking the program version. To see the Docker daemon status, run:
sudo systemctl status docker
docker — version
## Trivy Installation
Link: Installation — Trivy (aquasecurity.github.io)
sudo apt-get install wget apt-transport-https gnupg lsb-release
wget -qO — https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -
echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list.d/trivy.list
sudo apt-get update
Scan a Docker Image:
After installing Trivy, you can use it to scan a Docker image:
trivy image <image_name>
Example: This command will analyze the specified Docker image for vulnerabilities.
trivy image nginx:latest
Scan Local Directory (e.g., Dockerfile):
Trivy can also scan a local directory containing Dockerfiles:
trivy filesystem /path/to/dockerfile
Example: This command will analyze the local directory for vulnerabilities.
trivy filesystem .
Output Formats:
Trivy supports multiple output formats, including JSON, table, and template. You can specify the output format using the -f flag.
Example: This command will output the scan results in JSON format to a file named results.json.
trivy -f json -o results.json nginx:latest
COMMANDS
trivy image imagename
trivy fs — security-checks vuln,config Folder_name_OR_Path
trivy image — severity HIGH,CRITICAL image_name
trivy image -f json -o results.json image_name
trivy repo repo-url
trivy k8s — report summary cluster
===============================================================
The above information is up to my understanding. Suggestions are always welcome.
Thank you.
Sudheer Baraker.