Trivy是一个简单而且功能完整的容器漏洞扫描工具,特别使用用于持续集成。
准确性比较在AlpineLinux中检测的漏洞 (2019/05/12)
详细的比较请看 Comparisonwithotherscanners
特性全面检测漏洞操作系统(Alpine, RedHatUniversalBaseImage,RedHatEnterpriseLinux,CentOS,DebianandUbuntu)应用依赖 (Bundler,Composer,Pipenv,npm,yarnandCargo)简单Specifyonlyanimagename详情请看 QuickStart 和 Examples易于安装Noneedforprerequirements suchasinstallationofDB,libraries,etc.apt-getinstall, yuminstall and brewinstall ispossible(See Installation)准确度高EspeciallyAlpineLinuxandRHEL/CentOS (See Comparisonwithotherscanners)OtherOSesarealsohighDevSecOpsSuitableforCI suchasTravisCI,CircleCI,Jenkins,etc.See CIExample安装RHEL/CentOSAddrepositorysettingto /etc/yum.repos.d.
$sudovim/etc/yum.repos.d/trivy.repo[trivy]name=Trivyrepositorybaseurl=https://knqyf263.github.io/trivy-repo/rpm/releases/$releasever/$basearch/gpgcheck=0enabled=1$sudoyum-yupdate$sudoyum-yinstalltrivyor
$rpm-ivhhttps://github.com/knqyf263/trivy/releases/download/v0.0.13/trivy_0.0.13_Linux-64bit.rpmDebian/UbuntuReplace [CODE_NAME] withyourcodename
CODE_NAME:wheezy,jessie,stretch,buster,trusty,xenial,bionic
$sudoapt-getinstallapt-transport-httpsgnupg$wget-qO-https://knqyf263.github.io/trivy-repo/deb/public.key|sudoapt-keyadd-$echodebhttps://knqyf263.github.io/trivy-repo/deb[CODE_NAME]main|sudotee-a/etc/apt/sources.list.d/trivy.list$sudoapt-getupdate$sudoapt-getinstalltrivyor
$sudoapt-getinstallrpm$wgethttps://github.com/knqyf263/trivy/releases/download/v0.0.13/trivy_0.0.13_Linux-64bit.deb$sudodpkg-itrivy_0.0.13_Linux-64bit.debMacOSX/HomebrewYoucanusehomebrewonOSX.
$brewtapknqyf263/trivy$brewinstallknqyf263/trivy/trivy二进制(包括Windows)进入 releases页面,找到相应的把柄,解压并增加可执行权限。
从源码安装$goget-ugithub.com/knqyf263/trivy
评论