gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-22 15:16:33 -08:00
Code Issues Packages Projects Releases Wiki Activity
Files
c3aca1524c174678ee7f2c1ffadade5c702a0670
trivy/docs/getting-started/quickstart.md
Teppei Fukuda 9e08bd44fb docs: add misconfiguration (#1101) 
Co-authored-by: Itay Shakury <itay@itaysk.com>
2021-07-12 03:14:17 +03:00

83 lines
2.8 KiB
Markdown
Raw Blame History

# Quick Start
## Scan image for vulnerabilities
Simply specify an image name (and a tag).
```
$ trivy image [YOUR_IMAGE_NAME]
```
For example:
```
$ trivy image python:3.4-alpine
```
<details>
<summary>Result</summary>
```
2019-05-16T01:20:43.180+0900 INFO Updating vulnerability database...
2019-05-16T01:20:53.029+0900 INFO Detecting Alpine vulnerabilities...
python:3.4-alpine3.9 (alpine 3.9.2)
===================================
Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0)
+---------+------------------+----------+-------------------+---------------+--------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+---------+------------------+----------+-------------------+---------------+--------------------------------+
| openssl | CVE-2019-1543 | MEDIUM | 1.1.1a-r1 | 1.1.1b-r1 | openssl: ChaCha20-Poly1305 |
| | | | | | with long nonces |
+---------+------------------+----------+-------------------+---------------+--------------------------------+
```
</details>
For more details, see [here][vulnerability].
## Scan directory for misconfigurations
Simply specify a directory containing IaC files such as Terraform and Dockerfile.
```
$ trivy config [YOUR_IAC_DIR]
```
For example:
```
$ ls build/
Dockerfile
$ trivy config ./build
```
<details>
<summary>Result</summary>
```
2021-07-09T10:06:29.188+0300 INFO Need to update the built-in policies
2021-07-09T10:06:29.188+0300 INFO Downloading the built-in policies...
2021-07-09T10:06:30.520+0300 INFO Detected config files: 1
Dockerfile (dockerfile)
=======================
Tests: 23 (SUCCESSES: 22, FAILURES: 1, EXCEPTIONS: 0)
Failures: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0)
+---------------------------+------------+----------------------+----------+------------------------------------------+
| TYPE | MISCONF ID | CHECK | SEVERITY | MESSAGE |
+---------------------------+------------+----------------------+----------+------------------------------------------+
| Dockerfile Security Check | DS002 | Image user is 'root' | HIGH | Last USER command in |
| | | | | Dockerfile should not be 'root' |
| | | | | -->avd.aquasec.com/appshield/ds002 |
+---------------------------+------------+----------------------+----------+------------------------------------------+
```
</details>
For more details, see [here][misconf].
[vulnerability]: ../vulnerability/scanning/index.md
[misconf]: ../misconfiguration/index.md
Reference in New Issue View Git Blame Copy Permalink