Trivy's Scanning Capabilities Encompass:
- Container Images
- Filesystems (ex: sourse code)
- Dependency & Libraries (ex: pom.xml, package.jason)
- Remote Git Repositories (scan repo, complete source code scanning without taking clone)
- Kubernetes
What trivy will solve?
- Vulnerabilities in Base Images [docker image]
- Outdated Software Components
- Common Vulnerabilities and Exposures CVEs [eg- CVE-2022-12345 - a public datat base , people adding their findings]
- Misconfigurations [K8 manifest file scanning]
- Security Risks in File Systems [eg; sensitive data in FS]
- Package Manager Vulnerabilities [Depenedency vuln]
https://aquasecurity.github.io/trivy/v0.52/getting-started/installation/
trivy repo https://github.com/pythonkid2/Boardgame.git
generate report in a file to share -
trivy repo --format table -o report.txt https://github.com/pythonkid2/Boardgame.git
--format -> format for report -o for to give file name
trivy fs .
trivy fs --format jason -o report.jason .
trivy image image name:tag
trivy image --format table -o image.txt imagename:tag
["table" "json" "template" "sarif" "cyclonedx" "spdx" "spdx-json" "github" "cosign-vuln"]
trivy image -f html -o results.html image_name Example: trivy image -f html -o results.html my_image:latest
install tivy on jenkins server
pipeline {
agent any
stages {
stage('git checkout') {
steps {
git branch: 'main', url: 'https://github.com/pythonkid2/Boardgame.git'
}
}
stage('Trivy FS table') {
steps {
sh 'trivy fs --format table -o trivy-report.txt .'
}
}
stage('Trivy FS Json') {
steps {
sh 'trivy fs --format json -o trivy-report.json .'
}
}
stage('Trivy FS in severity format') {
steps {
sh 'trivy fs --format table -o trivy-severity-report.txt --severity HIGH,CRITICAL .'
}
}
}
}
NVD - national vulnerablity database
plugin --> Owsap dependency check
tool -->
