Docker Guides

Detect vulnerabilities using Trivy scanner

Docker

Image – Trivy Logo

If you’re looking for a simple and comprehensive vulnerability scanner for your containers then Trivy is the best choice. In this post, we see how to scan a sample image & its key features.

Key Features :

  • Detect comprehensive vulnerabilities for most of the OS packages  like Alpine, Red Hat Universal Base Image, Red Hat Enterprise Linux, CentOS, Oracle Linux, Debian, Ubuntu, Amazon Linux, openSUSE Leap, SUSE Enterprise Linux, Photon OS and Distroless and Application dependencies such as Bundler, Composer, Pipenv, Poetry, npm, yarn and Cargo
  • Scanning is quick (1st scan might complete in less than 10 secs) and simple to use, just enter the image name and get results
  • Suitable for CI pipelines such as Travis CI, CircleCI, Jenkins, GitLab CI, etc.
  • Supports multiple formats like local image, a remote image in docker registry, image saved as tar file or OCI image format. Filesystem and Remote git repository is also supported.

Here’s a comparison with other scanners

Scanner OS
Packages		 Application
Dependencies		 Easy to use Accuracy Suitable
for CI
Trivy
(5 languages)		 ⭐ ⭐ ⭐ ⭐ ⭐ ⭐ ⭐ ⭐ ⭐
Clair × ⭐ ⭐ ⭐ ⭐
Anchore Engine
(4 languages)		 ⭐ ⭐ ⭐ ⭐ ⭐ ⭐ ⭐
Quay × ⭐ ⭐ ⭐ ⭐ ⭐ ×
Docker Hub × ⭐ ⭐ ⭐ ×
GCR × ⭐ ⭐ ⭐ ⭐ ⭐ ×

 

In the next section, we take look at how to scan a sample image for vulnerabilities.

Step #1.Install Trivy

I’m using Ubuntu, following is the script will install Trivy for me. For other distros, please do check here.

$ sudo apt-get install wget apt-transport-https gnupg lsb-release
$ wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -
$ echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list.d/trivy.list
$ sudo apt-get update
$ sudo apt-get install trivy

 

Image – Trivy Installation
Image – Trivy Installation

Now that Trivy installation completed, Next step we can scan a sample image and check vulnerabilities.

Step #2.Detect vulnerabilities

Use trivy image [IMAGE_NAME] to initiate scanning and getting vulnerabilities here in this example I have used httpd image. As you can see there are a total of 332 vulnerabilities with varying severities.

Image – Trivy vulnerability scanner

You can also filter the vulnerabilities by severities with --severity option

Image – Trivy vulnerability scanner

To save the results as JSON,use -f and -o option

Image – Trivy vulnerability scanner

There are many options/examples, you can check out all of them here.

Like this post? Don’t forget to share it!

Additional Resources :

 

Summary
Article Name
Detect vulnerabilities using Trivy scanner
Description
If you're looking for a simple and comprehensive vulnerability scanner for your containers then Trivy is the best choice.
Author
Publisher Name
Upnxtblog
Publisher Logo
Karthik

Allo! My name is Karthik,experienced IT professional.Upnxtblog covers key technology trends that impacts technology industry.This includes Cloud computing,Blockchain,Machine learning & AI,Best mobile apps, Best tools/open source libs etc.,I hope you would love it and you can be sure that each post is fantastic and will be worth your time.

Share
Published by
Karthik
Tags: securitytrivyvulnerability
4 years ago

Recent Posts

Looking Back at 2024: A Year of Innovation and Growth on Upnxtblog

As we wrap up 2024, it’s time to reflect on the incredible journey we’ve had…

3 weeks ago

Developing a Strong Disaster Recovery Plan for Your Business

Operating a business often entails balancing tight schedules, evolving market dynamics, and shifting consumer requirements.…

4 weeks ago

How to Secure Your WordPress Hosting by Upgrading Your Login URL

Of course, every site has different needs. In the end, however, there is one aspect…

4 weeks ago

Social Media Marketing: A Key to Business Success with Easy Digital Life

In today's digital-first world, businesses must adopt effective strategies to stay competitive. Social media marketing…

1 month ago

Best 7 AI Tools Every UI/UX Designer Should Know About

62% of UX designers now use AI to enhance their workflows. Artificial intelligence (AI) rapidly…

1 month ago

How AI Enhances Photoshop Workflow: A Beginner’s Guide

The integration of artificial intelligence into graphic design through tools like Adobe Photoshop can save…

2 months ago

Tag Cloud

Aadhaar (6) AI (19) Amazon (6) android (6) artificial intelligence (17) aws (4) Azure (6) Bitcoin (17) Blockchain (19) business (5) Chatbot (4) chrome (6) chrome extensions (9) coursera (46) courses (12) cryptocurrency (7) cybersecurity (4) deep learning (8) digital marketing (6) docker (31) ecommerce (6) Generative AI (4) Google (10) Healthcare (4) IoT (8) iphone (4) kubernetes (41) learning (7) machine learning (9) MicroServices (9) microsoft (4) mobile apps (6) new year (8) PDF (5) python (6) security (8) SEO (17) serverless (5) Social Media (6) ubuntu (4) udemy (7) upnxtblog (3) Video (4) vpn (5) wordpress (12)

This website uses cookies.