blog-devto
trivy
Our great sponsors
blog-devto | trivy | |
---|---|---|
15 | 82 | |
26 | 21,316 | |
- | 3.6% | |
9.4 | 9.7 | |
10 days ago | 4 days ago | |
PowerShell | Go | |
MIT License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
blog-devto
-
Automating Terraform Documentation with Terraform-Docs and Azure DevOps
Let's take a closer look at the following Multi-Stage pipeline for windows. (for linux based build agents see this Multi-Stage pipeline for linux instead).
-
Auto generate documentation from Terraform modules
Take a look here to see what the README.md document looks like: example_README.md
-
Upload files to Azure Virtual Machines with Azure Bastion in tunnel mode
Next I will be using Azure CLI in a PowerShell script below called: Bastion_Setup.ps1 to set up the Bastion Host:
-
Implement CI/CD with GitHub - Deploy Azure Functions
Lets start by creating a resource group and a windows dotnet function app in our Azure subscription. For this step I have written a PowerShell script using Azure CLI. You can also find ths script on my GitHub repository.
-
Multi environment AZURE deployments with Terraform and GitHub (Part 2)
I hope you have enjoyed this post and have learned something new. You can find the code samples used in this blog post on my Github page. You can also look at the demo project or even create your own projects and workflows from the demo project template repository. ❤️
-
Get email alerts from serverless Azure functions using SendGrid
To set up the function app I wrote a PowerShell script using AZ CLI, that would build and configure the function app to use as a demo for this tutorial. There was one manual step however I will cover a bit later on. You can find the script I used on my github code page called Azure-Pre-Reqs.ps1.
-
Automate Azure Resource Decommissions (with tracking)
The following function app code can also be found under my github code page called run.ps1.
-
Automate Azure Service Bus SAS tokens with Github
NOTE: A complete script for all the steps/Pre-Reqs described in building the environment can be found on my GitHub code page
-
Upload Files to Azure Storage using a PowerShell Function App
To stage and setup the entire environment for my API automatically I wrote a PowerShell script using AZ CLI, that would build and configure all the things I would need to start work on my function. There was one manual step however I will cover a bit later on. But for now you can find the script I used on my github code page called setup_environment.ps1.
-
Terraform IaC Scanning with Trivy
This tutorial is based on the following Azure DevOps Repository blueprint, which will use a CI/CD YAML pipeline to deploy an Azure Virtual Network using terraform IaC configuration files.
trivy
-
A Deep Dive Into Terraform Static Code Analysis Tools: Features and Comparisons
Trivy Owner/Maintainer: Aqua Security Age: First released on GitHub on May 7th, 2019 License: Apache License 2.0 backward-compatible with tfsec
- Suas imagens de container não estão seguras!
-
General Docker Troubleshooting, Best Practices & Where to Go From Here
Trivy. A Simple and Comprehensive Vulnerability Scanner for Containers.
-
Distroless images using melange and apko
Using Trivy:
- Friends - needs help choosing solution for SBOM vulnerability
-
An Overview of Kubernetes Security Projects at KubeCon Europe 2023
Trivy is a mature and comprehensive open source tool from Aqua Security that supports scanning multiple sources, from file systems to containers and VMs. Trivy also looks beyond vulnerabilities, to scan licenses, secrets, infrastructure as code misconfiguration, and more.
- Best vulnerability scanner for DevOps
-
About Cloudflare Tunnels
I would suggest to think about the thread model that you are facing so you can have a better mental model of the weak points of your environment. The very very big majority of these attacks will be automated probing for publicly known vulnerabilities or default credentials. That means the maintainers of the software you are running and the channels on which their updates are shipped to you and deployed are very important factors. For software that is not installed from a trusted and well maintained source (e.g. Ubuntus main repository), you want to make extra sure that vulnerabilities are updated. E.g. your deployed docker containers might contain security issues, you can run checks on these with tools like trivy. The same is also true for appliances, in case your router or firewall contains a software vulnerability, how will you be notified and how will the required updates be deployed?
- Docker image vulnerabilities scanning trivy vs synk.io
What are some alternatives?
AzureDevOps.WikiPDFExport - Export Azure DevOps Wiki to PDF
snyk - Snyk CLI scans and monitors your projects for security vulnerabilities. [Moved to: https://github.com/snyk/cli]
Azure-Service-Bus-SAS-Management - Repository to maintain and manage Azure Service Bus SAS tokens
grype - A vulnerability scanner for container images and filesystems
Azure-Terraform-Deployments - Repo used to deploy Azure Resources using Terraform and GitHub Actions
clair - Vulnerability Static Analysis for Containers
AzurePipelines.wiki
checkov - Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
syft - CLI tool and library for generating a Software Bill of Materials from container images and filesystems
falco - Cloud Native Runtime Security
dockle - Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start
dependency-track - Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.