工具列表
- CVE https://cve.mitre.org/
- 代码扫描 https://snyk.io/
https://github.com/aquasecurity/trivy - 镜像扫描 https://github.com/aquasecurity/trivy#os-packages
trivy使用
- 安装
$ sudo vim /etc/yum.repos.d/trivy.repo
[trivy]
name=Trivy repository
baseurl=https://aquasecurity.github.io/trivy-repo/rpm/releases/$releasever/$basearch/
gpgcheck=0
enabled=1
$ sudo yum -y update
$ sudo yum -y install trivy
-
扫描镜像
trivy image [image-name:tag]
常用命令
[root@localhost compose-healthcheck-redis]# trivy
2022-01-06T21:58:06.457+0800 WARN The root command will be removed. Please migrate to 'trivy image' command. See https://github.com/aquasecurity/trivy/discussions/1515
NAME:
trivy - A simple and comprehensive vulnerability scanner for containers
USAGE:
trivy command [command options] target
COMMANDS:
image, i scan an image
filesystem, fs scan local filesystem for language-specific dependencies and config files
rootfs scan rootfs
repository, repo scan remote repository
client, c client mode
server, s server mode
config, conf scan config files
plugin, p manage plugins
help, h Shows a list of commands or help for one command
OPTIONS:
--quiet, -q suppress progress bar and log output (default: false) [$TRIVY_QUIET]
--debug, -d debug mode (default: false) [$TRIVY_DEBUG]
--cache-dir value cache directory (default: "/root/.cache/trivy") [$TRIVY_CACHE_DIR]
--help, -h show help (default: false)
--version, -v print the version (default: false)
