How to use Trivy to scan Docker Images?

Trivy is a simple and comprehensive scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues. Trivy detects vulnerabilities of OS packages (Alpine, RHEL, CentOS, etc.) and language-specific packages (Bundler, Composer, npm, yarn, etc.). In addition, Trivy scans Infrastructure as Code (IaC) files such as Terraform, Dockerfile, and Kubernetes, to detect potential configuration issues that expose your deployments to the risk of attack. Trivy is easy to use. Just install the binary and you're ready to scan. So let's install this binary.

Install Trivy

A Simple and Comprehensive Vulnerability Scanner for Containers and other Artifacts, Suitable for CI.

Source: Trivy Github Page.

Let’s install trivy tool in our Virtual Environment.

wget https://github.com/aquasecurity/trivy/releases/download/v0.18.3/trivy_0.18.3_Linux-64bit.deb

dpkg -i trivy_0.18.3_Linux-64bit.deb

After the tool is installed, we can explore the functionality of trivy using the following command.

trivy -h

Run the ScannerLet’s try pulling a python:3.4-alpine image from the docker registry to run a scan with trivy.

docker pull python:3.4-alpine

Let’s run the scanner.

trivy image python:3.4-alpine

And by default, as you can see, the output will be shown as a table.

How to Mark the HIGH severity as False Positive (FP) and save the output in JSON format?

trivy image-f json -s “LOW,MEDIUM,CRITICAl”python:3.4-alphine

How to Configure trivy such that it only throws non-zero exit code when the vulnerabilities were found

trivy image -exit-code1 image python:3.4-alphine

Hope you liked this blog please let me know what should I write about or what should I change in my blogs.