mirror of
https://github.com/aquasecurity/trivy.git
synced 2025-12-22 07:10:41 -08:00
becd5088df
* mkdocs: add top level nav * mkdocs: add installation nav * mkdocs: add quick-start nav * mkdocs: add examples nav * mkdocs: add CI nav * mkdocs: add vuln-detection nav * mkdocs: add comparison nav * mkdocs: add usage nav * mkdocs: add migration nav * mkdocs: add FAQ nav * mkdocs: add mkdocs.yml * mkdocs: add github workflow * docs: update documents * fix links * chore(ci): use ORG_GITHUB_TOKEN * chore(mkdocs): use mike * chore(ci): support dev * chore(ci): documentation test Co-authored-by: knqyf263 <knqyf263@gmail.com>
893 B
893 B
Embed in Dockerfile
Scan your image as part of the build process by embedding Trivy in the Dockerfile. This approach can be used to update Dockerfiles currently using Aqua’s Microscanner.
$ cat Dockerfile
FROM alpine:3.7
RUN apk add curl \
&& curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin \
&& trivy filesystem --exit-code 1 --no-progress /
$ docker build -t vulnerable-image .
Alternatively you can use Trivy in a multistage build. Thus avoiding the
insecure curl | sh. Also the image is not changed.
[...]
# Run vulnerability scan on build image
FROM build AS vulnscan
COPY --from=aquasec/trivy:latest /usr/local/bin/trivy /usr/local/bin/trivy
RUN trivy filesystem --exit-code 1 --no-progress /
[...]