Trivy是一个简单而且功能完整的容器漏洞扫描工具,特别使用用于持续集成。
准确性比较在AlpieLiux中检测的漏洞 (2019/05/12)
详细的比较请看 Comparisowithotherscaers
特性全面检测漏洞操作系统(Alpie, RedHatUiversalBaseImage,RedHatEterpriseLiux,CetOS,DebiaadUbutu)应用依赖 (Budler,Composer,Pipev,pm,yaradCargo)简单Specifyolyaimageame详情请看 QuickStart 和 Examples易于安装Noeedforprerequiremets suchasistallatioofDB,libraries,etc.apt-getistall, yumistall ad brewistall ispossible(See Istallatio)准确度高EspeciallyAlpieLiuxadRHEL/CetOS (See Comparisowithotherscaers)OtherOSesarealsohighDevSecOpsSuitableforCI suchasTravisCI,CircleCI,Jekis,etc.See CIExample安装RHEL/CetOSAddrepositorysettigto /etc/yum.repos.d.
$sudovim/etc/yum.repos.d/trivy.repo[trivy]ame=Trivyrepositorybaseurl=https://kqyf263.github.io/trivy-repo/rpm/releases/$releasever/$basearch/gpgcheck=0eabled=1$sudoyum-yupdate$sudoyum-yistalltrivyor
$rpm-ivhhttps://github.com/kqyf263/trivy/releases/dowload/v0.0.13/trivy_0.0.13_Liux-64bit.rpmDebia/UbutuReplace [CODE_NAME] withyourcodeame
CODE_NAME:wheezy,jessie,stretch,buster,trusty,xeial,bioic
$sudoapt-getistallapt-trasport-httpsgupg$wget-qO-https://kqyf263.github.io/trivy-repo/deb/public.key|sudoapt-keyadd-$echodebhttps://kqyf263.github.io/trivy-repo/deb[CODE_NAME]mai|sudotee-a/etc/apt/sources.list.d/trivy.list$sudoapt-getupdate$sudoapt-getistalltrivyor
$sudoapt-getistallrpm$wgethttps://github.com/kqyf263/trivy/releases/dowload/v0.0.13/trivy_0.0.13_Liux-64bit.deb$sudodpkg-itrivy_0.0.13_Liux-64bit.debMacOSX/HomebrewYoucausehomebrewoOSX.
$brewtapkqyf263/trivy$brewistallkqyf263/trivy/trivy二进制(包括Widows)进入 releases页面,找到相应的把柄,解压并增加可执行权限。
从源码安装$goget-ugithub.com/kqyf263/trivy
评论