Trivy is an open-source security and misconfiguration scanner. It works at every level: it can check the code in a Git repository, examine container images, advise regarding configuration files, look into Kubernetes deployments, and verify Infrastructure as Code (IaC).
installation
|
|
The first time Trivy runs, it downloads the vulnerability database and creates a cache folder for results. You can clean it up with
|
|
scan
Dependency scan. Trivy detects the Gemfile in our project and searches for vulnerabilities.
|
|
Simultaneously run a scan for vulnerabilities and misconfigurations by adding --security-checks vuln,config
. The scan will include any Dockerfiles, Kubernetes, and Terraform files in the repo.
|
|
Scan a repository without cloning it
|
|
Vulnerability testing for base/container images
|
|
plugins
kubectl plugin
It scans images running in a Kubernetes pod or deployment:
|
|