mirror of
https://github.com/aquasecurity/trivy.git
synced 2025-12-12 15:50:15 -08:00
trivy
Abstract
Scan containers
Features
Installation
RHEL/CentOS
Add repository setting to /etc/yum.repos.d.
$ sudo vim /etc/yum.repos.d/trivy.repo
[trivy]
name=Trivy repository
baseurl=https://knqyf263.github.io/trivy-repo/rpm/releases/$releasever/$basearch/
gpgcheck=0
enabled=1
$ sudo yum -y update
$ sudo yum -y install trivy
Debian/Ubuntu
Replace [CODE_NAME] with your code name
CODE_NAME: wheezy, jessie, stretch, buster, trusty, xenial, bionic
$ sudo apt-get install apt-transport-https gnupg
$ wget -qO - https://knqyf263.github.io/trivy-repo/deb/public.key | sudo apt-key add -
$ echo deb https://knqyf263.github.io/trivy-repo/deb [CODE_NAME] main | sudo tee -a /etc/apt/sources.list
$ sudo apt-get update
$ sudo apt-get install trivy
Mac OS X / Homebrew
You can use homebrew on OS X.
$ brew tap knqyf263/trivy
$ brew install knqyf263/trivy/trivy
Binary (Including Windows)
Go to the releases page, find the version you want, and download the zip file. Unpack the zip file, and put the binary to somewhere you want (on UNIX-y systems, /usr/local/bin or the like). Make sure it has execution bits turned on.
From source
$ go get -u github.com/knqyf263/trivy
Examples
Usage
$ trivy -h
NAME:
trivy - A simple and comprehensive vulnerability scanner for containers
USAGE:
main [options] image_name
VERSION:
0.0.1
OPTIONS:
--format value, -f value format (table, json) (default: "table")
--input value, -i value input file path instead of image name
--severity value, -s value severities of vulnerabilities to be displayed (comma separated) (default: "CRITICAL,HIGH,MEDIUM,LOW,UNKNOWN")
--output value, -o value output file name
--skip-update skip db update
--clean, -c clean all cache
--debug, -d debug mode
--help, -h show help
--version, -v print the version
Q&A
Homebrew
Error: Your macOS keychain GitHub credentials do not have sufficient scope!
$ brew tap knqyf263/trivy
Error: Your macOS keychain GitHub credentials do not have sufficient scope!
Scopes they need: none
Scopes they have:
Create a personal access token:
https://github.com/settings/tokens/new?scopes=gist,public_repo&description=Homebrew
echo 'export HOMEBREW_GITHUB_API_TOKEN=your_token_here' >> ~/.zshrc
Try:
$ printf "protocol=https\nhost=github.com\n" | git credential-osxkeychain erase
Error: knqyf263/trivy/trivy 64 already installed
$ brew upgrade
...
Error: knqyf263/trivy/trivy 64 already installed
Try:
$ brew unlink trivy && brew uninstall trivy
($ rm -rf /usr/local/Cellar/trivy/64)
$ brew install knqyf263/trivy/trivy
Contribute
- fork a repository: github.com/knqyf263/trivy to github.com/you/repo
- get original code:
go get github.com/knqyf263/trivy - work on original code
- add remote to your repo: git remote add myfork https://github.com/you/repo.git
- push your changes: git push myfork
- create a new Pull Request
License
MIT
Author
Teppei Fukuda (knqyf263)