Trivy —— 使用 Go 语言开发的容器漏洞扫描工具
Trivy 是一个简单而且功能完整的容器漏洞扫描工具,特别使用用于持续集成。 准确性比较 在 Alpine Linux 中检测的漏洞(2019/05/12) 详细的比较请看Comparison with other scanners 特性 全面检测漏洞 操作系统 (Alpine,Red Hat Universal Base Image, Red Hat Enterprise Linux, CentOS, Debian and Ubuntu) 应用依赖(Bundler, Composer, Pipenv, npm, yarn and Cargo) 简单 Specify only an image name 详情请看Quick Start和Examples 易于安装 No need for prerequirementssuch as installation of DB, libraries, etc. apt-get install , yum install and brew install is possible (SeeInstallation) 准确度高 Especially Alpine Linux and RHEL/CentOS(SeeComparison with other scanners) Other OSes are also high DevSecOps Suitable for CIsuch as Travis CI, CircleCI, Jenkins, etc. SeeCI Example 安装 RHEL/CentOS Add repository setting to /etc/yum.repos.d . $ sudo vim /etc/yum.repos.d/trivy.repo [trivy] name=Trivy repository baseurl=https://knqyf263.github.io/trivy-repo/rpm/releases/$releasever/$basearch/ gpgcheck=0 enabled=1 $ sudo yum -y update $ sudo yum -y install trivy or $ rpm -ivh https://github.com/knqyf263/trivy/releases/download/v0.0.13/trivy_0.0.13_Linux-64bit.rpm Debian/Ubuntu Replace [CODE_NAME] with your code name CODE_NAME: wheezy, jessie, stretch, buster, trusty, xenial, bionic $ sudo apt-get install apt-transport-https gnupg $ wget -qO - https://knqyf263.github.io/trivy-repo/deb/public.key | sudo apt-key add - $ echo deb https://knqyf263.github.io/trivy-repo/deb [CODE_NAME] main | sudo tee -a /etc/apt/sources.list.d/trivy.list $ sudo apt-get update $ sudo apt-get install trivy or $ sudo apt-get install rpm $ wget https://github.com/knqyf263/trivy/releases/download/v0.0.13/trivy_0.0.13_Linux-64bit.deb $ sudo dpkg -i trivy_0.0.13_Linux-64bit.deb Mac OS X / Homebrew You can use homebrew on OS X. $ brew tap knqyf263/trivy $ brew install knqyf263/trivy/trivy 二进制 (包括 Windows) 进入releases 页面,找到相应的把柄,解压并增加可执行权限。 从源码安装 $ go get -u github.com/knqyf263/trivy
