Continuous Container Vulnerability Testing With Trivy

• trivy

  82 21,316 9.7 Go

  Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

  

wget https://github.com/aquasecurity/trivy/releases/download/v0.20.1/trivy_0.20.1_Linux-64bit.deb sudo dpkg -i trivy_0.20.1_Linux-64bit.deb checkout docker pull "${DOCKER_USERNAME}"/semaphore-demo-ruby-kubernetes:$SEMAPHORE_WORKFLOW_ID trivy image --severity HIGH,CRITICAL "${DOCKER_USERNAME}"/semaphore-demo-ruby-kubernetes:$SEMAPHORE_WORKFLOW_ID

• semaphore-demo-ruby-kubernetes

  3 19 5.0 Ruby

  A Semaphore demo CI/CD pipeline for Kubernetes.

  

• InfluxDB

  www.influxdata.com sponsored

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• trivy-ci-test

  1 0 10.0

• appshield

  2 109 7.9 Open Policy Agent

  Discontinued Security configuration checks for popular cloud native applications and infrastructure.

  

Being proactive in this area means using IaC tools such as Terraform, so Trivy can enforce a set of rules that encode good security practices.

• trivy-plugin-kubectl

  1 23 0.0 Shell

  A Trivy plugin that scans the images of a kubernetes resource

  

Let me close up this post by mentioning that Trivy can be extended with plugins and custom policies. For example, Aqua provides the kubectl plugin to better integrate Trivy with Kubectl. The plugin lets us scan images running in a Kubernetes pod or deployment:

• WorkOS

  workos.com sponsored

  The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  

Suggest a related project