Trivy 介绍
Trivy 是一个简单而且功能完整的容器漏洞扫描工具,特别使用用于持续集成。
准确性比较
在 Alpine Linux 中检测的漏洞 (2019/05/12)
详细的比较请看 Comparison with other
scanners
特性
- 全面检测漏洞
- 操作系统 (Alpine, Red Hat Universal Base Image , Red Hat Enterprise Linux, CentOS, Debian and Ubuntu)
- 应用依赖 (Bundler, Composer, Pipenv, npm, yarn and Cargo)
- 简单
- Specify only an image name
- 详情请看 Quick Start 和 Examples
- 易于安装
- No need for prerequirements such as installation of DB, libraries, etc.
- apt-get install, yum install and brew install is possible (See Installation)
- 准确度高
- Especially Alpine Linux and RHEL/CentOS (See Comparison with other scanners)
- Other OSes are also high
- DevSecOps
- Suitable for CI such as Travis CI, CircleCI, Jenkins, etc.
- See CI Example
安装
RHEL/CentOS
Add repository setting to /etc/yum.repos.d.
$ sudo vim /etc/yum.repos.d/trivy.repo [trivy] name=Trivy repository baseurl=https://knqyf263.github.io/trivy-repo/rpm/releases/$releasever/$basearch/ gpgcheck=0 enabled=1 $ sudo yum -y update $ sudo yum -y install trivy
or
$ rpm -ivh https://github.com/knqyf263/trivy/releases/download/v0.0.13/trivy_0.0.13_Linux-64bit.rpm
Debian/Ubuntu
Replace [CODE_NAME] with your code name
CODE_NAME: wheezy, jessie, stretch, buster, trusty, xenial, bionic
$ sudo apt-get install apt-transport-https gnupg $ wget -qO - https://knqyf263.github.io/trivy-repo/deb/public.key | sudo apt-key add - $ echo deb https://knqyf263.github.io/trivy-repo/deb [CODE_NAME] main | sudo tee -a /etc/apt/sources.list.d/trivy.list $ sudo apt-get update $ sudo apt-get install trivy
or
$ sudo apt-get install rpm $ wget https://github.com/knqyf263/trivy/releases/download/v0.0.13/trivy_0.0.13_Linux-64bit.deb $ sudo dpkg -i trivy_0.0.13_Linux-64bit.deb
Mac OS X / Homebrew
You can use homebrew on OS X.
$ brew tap knqyf263/trivy $ brew install knqyf263/trivy/trivy
二进制 (包括 Windows)
进入 releases
页面,找到相应的把柄,解压并增加可执行权限。
从源码安装
$ go get -u github.com/knqyf263/trivy
Trivy 官网
https://github.com/knqyf263/trivy
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。