trivy
dockle
trivy | dockle | |
---|---|---|
88 | 2 | |
23,115 | 2,761 | |
2.2% | 0.8% | |
9.8 | 4.2 | |
7 days ago | about 2 months ago | |
Go | Go | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
trivy
- 🛡️ Effective Vulnerability Monitoring in Kubernetes
-
Dockerfile Best Practices: Building Efficient and Secure Containers
Regularly scan your Docker images for vulnerabilities using tools like Trivy or Clair.
-
Day 25: Container Security with Trivy - My 90 Days of DevOps Journey
Since I'm working on a Windows machine, I went straight to the Trivy website (https://aquasecurity.github.io/trivy/) to download the latest release. The official website is the best place to get the latest version of Trivy. This direct approach gives me more control over the installation process.
-
How to secure Terraform code with Trivy
There are also pre-built packages available for various Linux distros, or grab the binary from GitHub releases: https://github.com/aquasecurity/trivy/releases
-
Enhancing Kubernetes Security with Trivy : Day 15 of 50 days DevOps Tools Series
name: CI on: [push, pull_request] jobs: trivy: runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v2 - name: Set up Trivy run: | sudo apt-get update && sudo apt-get install -y wget wget https://github.com/aquasecurity/trivy/releases/download/v0.28.1/trivy_0.28.1_Linux-64bit.deb sudo dpkg -i trivy_0.28.1_Linux-64bit.deb - name: Scan Docker image run: | docker build -t my-docker-image:latest . trivy image my-docker-image:latest - name: Scan Kubernetes manifests run: | trivy k8s --file /path/to/manifest.yaml
-
Cloud Security and Resilience: DevSecOps Tools and Practices
4. Trivy: https://github.com/aquasecurity/trivy Trivy is a versatile tool that scans for vulnerabilities in your containers, and also checks for vulnerabilities in your application dependencies.
-
A Deep Dive Into Terraform Static Code Analysis Tools: Features and Comparisons
Trivy Owner/Maintainer: Aqua Security Age: First released on GitHub on May 7th, 2019 License: Apache License 2.0 backward-compatible with tfsec
- Suas imagens de container não estão seguras!
-
General Docker Troubleshooting, Best Practices & Where to Go From Here
Trivy. A Simple and Comprehensive Vulnerability Scanner for Containers.
-
Distroless images using melange and apko
Using Trivy:
dockle
-
A beginner's question : am I doing things the right way ?
Check out dockle; https://github.com/goodwithtech/dockle
-
21 Best Practises in 2021 for Dockerfile
Dockle
What are some alternatives?
snyk - Snyk CLI scans and monitors your projects for security vulnerabilities. [Moved to: https://github.com/snyk/cli]
hadolint - Dockerfile linter, validate inline bash, written in Haskell
grype - A vulnerability scanner for container images and filesystems
gitleaks - Protect and discover secrets using Gitleaks 🔑
clair - Vulnerability Static Analysis for Containers
repo-security-scanner - CLI tool that finds secrets accidentally committed to a git repo, eg passwords, private keys
checkov - Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
dnstake - DNSTake — A fast tool to check missing hosted DNS zones that can lead to subdomain takeover
syft - CLI tool and library for generating a Software Bill of Materials from container images and filesystems
errchkjson - Go linter that checks types that are json encoded - reports unsupported types and unnecessary error checks
falco - Cloud Native Runtime Security
klar - Integration of Clair and Docker Registry