gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-21 23:00:42 -08:00
Code Issues Packages Projects Releases Wiki Activity

docs: reorganize ecosystem section (#3025)

Browse Source
This commit is contained in:
Itay Shakury
2022-11-16 10:06:13 +02:00
committed by GitHub
parent 1ddd6d30b8
commit cb5744dcaf
8 changed files with 148 additions and 113 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
docs/docs/integrations/woodpecker-ci.md
View File

@@ -1,17 +0,0 @@
# Woodpecker CI
This is a simple example configuration `.woodpecker/trivy.yml` that shows how you could get started:
```yml
pipeline:
securitycheck:
image: aquasec/trivy:latest
commands:
# use any trivy command, if exit code is 0 woodpecker marks it as passed, else it assumes it failed
- trivy fs --exit-code 1 --skip-dirs web/ --skip-dirs docs/ --severity MEDIUM,HIGH,CRITICAL .
```
Woodpecker does use Trivy itself so you can see an [Example][example] run at its [Repository][repository] and how it was [added](https://github.com/woodpecker-ci/woodpecker/pull/1163).
[example]: https://ci.woodpecker-ci.org/woodpecker-ci/woodpecker/build/3520/37
[repository]: https://github.com/woodpecker-ci/woodpecker

59
docs/ecosystem/cicd.md Normal file
View File

@@ -0,0 +1,59 @@
# CI/CD Integrations
## GitHub Actions
[GitHub Actions](https://github.com/features/actions) is GitHub's native CI/CD and job orchestration service.
### trivy-action (Official)
GitHub Action for integrating Trivy into your GitHub pipeline
👉 Get it at: <https://github.com/aquasecurity/trivy-action>
### trivy-action (Community)
GitHub Action to scan vulnerability using Trivy. If vulnerabilities are found by Trivy, it creates a GitHub Issue.
👉 Get it at: <https://github.com/marketplace/actions/trivy-action>
### trivy-github-issues (Community)
In this action, Trivy scans the dependency files such as package-lock.json and go.sum in your repository, then create GitHub issues according to the result.
👉 Get it at: <https://github.com/marketplace/actions/trivy-github-issues>
## Azure DevOps (Official)
[Azure Devops](https://azure.microsoft.com/en-us/products/devops/#overview) is Microsoft Azure cloud native CI/CD service.
Trivy has a "Azure Devops Pipelines Task" for Trivy, that lets you easily introduce security scanning into your workflow, with an integrated Azure Devops UI.
👉 Get it at: <https://github.com/aquasecurity/trivy-azure-pipelines-task>
## Semaphore (Community)
[Semaphore](https://semaphoreci.com/) is a CI/CD service.
You can use Trivy in Semaphore for scanning code, containers, infrastructure, and Kubernetes in Semaphore workflow.
👉 Get it at: <https://semaphoreci.com/blog/continuous-container-vulnerability-testing-with-trivy>
## CircleCI (Community)
[CircleCI](https://circleci.com/) is a CI/CD service.
You can use the Trivy Orb for Circle CI to introduce security scanning into your workflow.
👉 Get it at: <https://circleci.com/developer/orbs/orb/fifteen5/trivy-orb>
Source: <https://github.com/15five/trivy-orb>
## Woodpecker CI (Community)
Example Trivy step in pipeline
```yml
pipeline:
securitycheck:
image: aquasec/trivy:latest
commands:
# use any trivy command, if exit code is 0 woodpecker marks it as passed, else it assumes it failed
- trivy fs --exit-code 1 --skip-dirs web/ --skip-dirs docs/ --severity MEDIUM,HIGH,CRITICAL .
```
Woodpecker does use Trivy itself so you can [see it in use there](https://github.com/woodpecker-ci/woodpecker/pull/1163).

50
docs/ecosystem/ide.md Normal file
View File

@@ -0,0 +1,50 @@
# IDE and developer tools Integrations
## VSCode (Official)
[Visual Studio Code](https://code.visualstudio.com/) is an open source versatile code editor and development environment.
👉 Get it at: <https://github.com/aquasecurity/trivy-vscode-extension>
## JetBrains (Official)
[JetBrains](https://jetbrains.com) makes IDEs such as Goland, Pycharm, IntelliJ, Webstorm, and more.
The Trivy plugin for JetBrains IDEs lets you use Trivy right from your development environment.
👉 Get it at: <https://plugins.jetbrains.com/plugin/18690-trivy-findings-explorer>
## Kubernetes Lens (Official)
[Kubernetes Lens](https://k8slens.dev/) is a management application for Kubernetes clusters.
Trivy has an extension for Kubernetes Lens that lets you scan Kubernetes workloads and view the results in the Lens UI.
👉 Get it at: <https://github.com/aquasecurity/trivy-operator-lens-extension>
## Vim (Community)
[Vim](https://www.vim.org/) is a terminal based text editor.
Vim plugin for Trivy to install and run Trivy.
👉 Get it at: <https://github.com/aquasecurity/vim-trivy>
## Docker Desktop (Community)
[Docker Desktop](https://www.docker.com/products/docker-desktop/) is an easy way to install [Docker]() container engine on your development machine, and manage it in a GUI .
Trivy Docker Desktop extension for scanning container images for vulnerabilities and generating SBOMs
👉 Get it at: <https://github.com/aquasecurity/trivy-docker-extension>
## Rancher Desktop (Community)
[Rancher Desktop](https://rancherdesktop.io/) is an easy way to use containers and Kubernetes on your development machine, and mange it in a GUI.
Trivy is natively integrated with Rancher, no installation is needed. More info in Rancher documentation: <https://docs.rancherdesktop.io/getting-started/features#scanning-images>
## LazyTrivy (Community)
A terminal native UI for Trivy
👉 Get it at: <https://github.com/owenrumney/lazytrivy>
## Trivy Vulnerability explorer (Community)
Web application that allows to load a Trivy report in json format and displays the vulnerabilities of a single target in an interactive data table
👉 Get it at: <https://github.com/dbsystel/trivy-vulnerability-explorer>

10
docs/ecosystem/index.md Normal file
View File

@@ -0,0 +1,10 @@
# Ecosystem
Trivy is already integrated into many popular tools and applications, so that you can easily add security to your workflow.
In this section you will find an aggregation of the different integrations. Integrations are listed as either "official" or "community". Official integrations are developed by the core Trivy team and supported by it. Community integrations are integrations developed by the community, and collected here for your convenience. For support or questions about community integrations, please contact the original developers.
👈 Choose a category from the side menu to browse integrations.
## Add missing integration
We are happy to showcase community integrations in this section. To suggest an addition simply make a Pull Request to add the missing integration.

23
docs/ecosystem/prod.md Normal file
View File

@@ -0,0 +1,23 @@
# Production and cloud Integrations
## Kubernetes
[Kubernetes](https://kubernetes.io/) is an open-source system for automating deployment, scaling, and management of containerized applications.
### Trivy Operator (Official)
Using the Trivy Operator you can install Trivy into a Kubernetes cluster so that it automatically and continuously scan your workloads and cluster for security issues.
👉 Get it at: <https://github.com/aquasecurity/trivy-operator>
## Harbor (Official)
[Harbor](https://goharbor.io/) is an open source cloud native container and artifact registry.
Trivy is natively integrated into Harbor, no installation is needed. More info in Harbor documentation: <https://goharbor.io/docs/2.6.0/administration/vulnerability-scanning>
## Kyverno (Community)
[Kyverno](https://kyverno.io/) is a policy management tool for Kubernetes.
You can use Kyverno to ensure and enforce that deployed workloads' images are scanned for vulnerabilities.
👉 Get it at: <https://neonmirrors.net/post/2022-07/attesting-image-scans-kyverno>

93
docs/ecosystem/tools.md
View File

@@ -1,93 +0,0 @@
# Tools
This section includes several tools either added by the core maintainers from Aqua Security or the open source community.
## Official Trivy Tools
### GitHub Actions
| Actions | Description |
| ---------------------------- | -------------------------------------------------------------- |
| [trivy-action][trivy-action] | GitHub Actions for integrating Trivy into your GitHub pipeline |
### VSCode Extension
| Orb | Description |
| ------------------ | --------------------------- |
| [vs-code][vs-code] | VS Code extension for trivy |
### Vim Plugin
| Orb | Description |
| ---------------------- | -------------------- |
| [vim-trivy][vim-trivy] | Vim plugin for trivy |
### Docker Desktop Extension
| Orb | Description |
| ---------------------------------| ----------------------------------------------------------------------------------------------------- |
| [docker-desktop][docker-desktop] | Trivy Docker Desktop extension for scanning container images for vulnerabilities and generating SBOMs |
### Azure DevOps Pipelines Task
| Orb | Description |
| ---------------------------- | --------------------------------------------------------------- |
| [azure-devops][azure-devops] | An Azure DevOps Pipelines Task for Trivy, with an integrated UI |
### Trivy Kubernetes Operator
| Orb | Description |
| ---------------------------------| ---------------------------------------- |
| [trivy-operator][trivy-operator] | Kubernetes Operator for installing Trivy |
### Kubernetes Lens Extension
| Orb | Description |
| ---------------------------- | ----------------------------------- |
| [lens-extension][trivy-lens] | Trivy Extension for Kubernetes Lens |
## Community Tools
### GitHub Actions
| Actions | Description |
| ------------------------------------------ | -------------------------------------------------------------------------------- |
| [gitrivy][gitrivy] | GitHub Issue + Trivy |
| [trivy-github-issues][trivy-github-issues] | GitHub Actions for creating GitHub Issues according to the Trivy scanning result |
### Semaphore
| Name | Description |
| -------------------------------------------------------| ----------------------------------------- |
| [Continuous Vulnerability Testing with Trivy][semaphore-tutorial] | Tutorial on scanning code, containers, infrastructure, and Kubernetes with Semaphore CI/CD. |
### CircleCI
| Orb | Description |
| -----------------------------------------| ----------------------------------------- |
| [fifteen5/trivy-orb][fifteen5/trivy-orb] | Orb for running Trivy, a security scanner |
### Others
| Name | Description |
| -----------------------------------------| ----------------------------------------- |
| [Trivy Vulnerability Explorer][explorer] | Explore trivy vulnerability reports in your browser and create .trivyignore files interactively. Can be integrated in your CI/CD tooling with deep links. |
[trivy-github-issues]: https://github.com/marketplace/actions/trivy-github-issues
[fifteen5/trivy-orb]: https://circleci.com/developer/orbs/orb/fifteen5/trivy-orb
[gitrivy]: https://github.com/marketplace/actions/trivy-action
[explorer]: https://dbsystel.github.io/trivy-vulnerability-explorer/
[semaphore-tutorial]: https://semaphoreci.com/blog/continuous-container-vulnerability-testing-with-trivy
[trivy-action]: https://github.com/aquasecurity/trivy-action
[vs-code]: https://github.com/aquasecurity/trivy-vscode-extension
[vim-trivy]: https://github.com/aquasecurity/vim-trivy
[docker-desktop]: https://github.com/aquasecurity/trivy-docker-extension
[azure-devops]: https://github.com/aquasecurity/trivy-azure-pipelines-task
[trivy-operator]: https://github.com/aquasecurity/trivy-operator
[trivy-lens]: https://github.com/aquasecurity/trivy-operator-lens-extension

2
docs/getting-started/installation.md
View File

@@ -230,7 +230,7 @@ podAnnotations: {}
## Other Tools to use and deploy Trivy
For additional tools and ways to install and use Trivy in different environments such as in Docker Desktop and Kubernetes clusters, see the links in the [Ecosystem section](../ecosystem/tools.md).
For additional tools and ways to install and use Trivy in different environments such as in Docker Desktop and Kubernetes clusters, see the links in the [Ecosystem section](../ecosystem/index.md).
[ecr]: https://gallery.ecr.aws/aquasecurity/trivy

7
mkdocs.yml
View File

@@ -23,7 +23,6 @@ nav:
- AWS CodePipeline: tutorials/integrations/aws-codepipeline.md
- AWS Security Hub: tutorials/integrations/aws-security-hub.md
- Azure: tutorials/integrations/azure-devops.md
- Woodpecker CI: docs/integrations/woodpecker-ci.md
- Signing:
- Vulnerability Scan Record Attestation: tutorials/signing/vuln-attestation.md
- Kubernetes:
@@ -140,7 +139,11 @@ nav:
- Standalone: docs/references/modes/standalone.md
- Client/Server: docs/references/modes/client-server.md
- Troubleshooting: docs/references/troubleshooting.md
- Ecosystem: ecosystem/tools.md
- Ecosystem:
- Overview: ecosystem/index.md
- CI/CD: ecosystem/cicd.md
- IDE and Dev tools: ecosystem/ide.md
- Production and Clouds: ecosystem/prod.md
- Contributing:
- How to contribute:
- Issues: community/contribute/issue.md