Trivy is a comprehensive security scanner released by AquaSec. It is reliable, fast, extremely easy to use.
Trivy has different scanners that look for different security issues, and different targets where it can find those issues.
Targets:
- Container Image
- Filesystem
- Git repository (remote)
- Kubernetes cluster or resource
Scanners:
- OS packages and software dependencies in use (SBOM)
- Known vulnerabilities (CVEs)
- IaC misconfigurations
- Sensitive information and secrets
Installing Trivy (Ubuntu):
$ sudo apt install wget apt-transport-https gnupg lsb-release
$ wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | gpg --dearmor | sudo tee /usr/share/keyrings/trivy.gpg > /dev/null
$ echo "deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main" | sudo tee -a /etc/apt/sources.list.d/trivy.list
$ sudo apt update
$ sudo apt install trivy
First use:
$ trivy image python:3.4-alpine
Links: