From e0f798426de2e781e55a6b8f1fcbe25c430fa4a3 Mon Sep 17 00:00:00 2001 From: Fazle Arefin Date: Sat, 2 Mar 2024 17:29:34 +1100 Subject: [PATCH] trivy: edit page (#12405) * trivy: edit page * Update pages/common/trivy.md Co-authored-by: Juri Dispan * Update pages/common/trivy.md Co-authored-by: Juri Dispan * Update pages/common/trivy.md --------- Co-authored-by: Juri Dispan Co-authored-by: K.B.Dharun Krishna --- pages/common/trivy.md | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/pages/common/trivy.md b/pages/common/trivy.md index 1faaf00be..f96453248 100644 --- a/pages/common/trivy.md +++ b/pages/common/trivy.md @@ -1,20 +1,36 @@ # trivy > Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues. -> More information: . +> More information: . -- Scan an image: +- Scan a Docker image for vulnerabilities and exposed secrets: `trivy image {{image:tag}}` +- Scan a Docker image filtering the output by severity: + +`trivy image --severity {{HIGH,CRITICAL}} {{alpine:3.15}}` + +- Scan a Docker image ignoring any unfixed/unpatched vulnerabilities: + +`trivy image --ignore-unfixed {{alpine:3.15}}` + - Scan the filesystem for vulnerabilities and misconfigurations: `trivy fs --security-checks {{vuln,config}} {{path/to/project_directory}}` -- Scan a directory for misconfigurations: +- Scan a IaC (Terraform, CloudFormation, ARM, Helm and Dockerfile) directory for misconfigurations: `trivy config {{path/to/iac_directory}}` +- Scan a local or remote Git repository for vulnerabilities: + +`trivy repo {{path/to/local_repository_directory|remote_repository_URL}}` + +- Scan a Git repository up to a specific commit hash: + +`trivy repo --commit {{commit_hash}} {{repository}}` + - Generate output with a SARIF template: `trivy image --format {{template}} --template {{"@sarif.tpl"}} -o {{path/to/report.sarif}} {{image:tag}}`