mirror of https://github.com/CrimsonTome/tldr.git
37 lines
1.2 KiB
Markdown
37 lines
1.2 KiB
Markdown
# trivy
|
|
|
|
> Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues.
|
|
> More information: <https://aquasecurity.github.io/trivy>.
|
|
|
|
- Scan a Docker image for vulnerabilities and exposed secrets:
|
|
|
|
`trivy image {{image:tag}}`
|
|
|
|
- Scan a Docker image filtering the output by severity:
|
|
|
|
`trivy image --severity {{HIGH,CRITICAL}} {{alpine:3.15}}`
|
|
|
|
- Scan a Docker image ignoring any unfixed/unpatched vulnerabilities:
|
|
|
|
`trivy image --ignore-unfixed {{alpine:3.15}}`
|
|
|
|
- Scan the filesystem for vulnerabilities and misconfigurations:
|
|
|
|
`trivy fs --security-checks {{vuln,config}} {{path/to/project_directory}}`
|
|
|
|
- Scan a IaC (Terraform, CloudFormation, ARM, Helm and Dockerfile) directory for misconfigurations:
|
|
|
|
`trivy config {{path/to/iac_directory}}`
|
|
|
|
- Scan a local or remote Git repository for vulnerabilities:
|
|
|
|
`trivy repo {{path/to/local_repository_directory|remote_repository_URL}}`
|
|
|
|
- Scan a Git repository up to a specific commit hash:
|
|
|
|
`trivy repo --commit {{commit_hash}} {{repository}}`
|
|
|
|
- Generate output with a SARIF template:
|
|
|
|
`trivy image --format {{template}} --template {{"@sarif.tpl"}} -o {{path/to/report.sarif}} {{image:tag}}`
|