gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-23 07:29:00 -08:00
Code Issues Packages Projects Releases Wiki Activity
Files
cabd18daae14ed3ac6177eeafdc0c53e5763a700
trivy/docs/misconfiguration/filesystem.md
Teppei Fukuda 9e08bd44fb docs: add misconfiguration (#1101) 
Co-authored-by: Itay Shakury <itay@itaysk.com>
2021-07-12 03:14:17 +03:00

56 lines
3.1 KiB
Markdown
Raw Blame History

# Filesystem
## Quick start
Trivy scans a filesystem such as a virtual machine to detect misconfigurations.
You have to specify `--security-checks config` to enable misconfiguration detection.
```bash
$ trivy fs --security-checks config /path/to/dir
```
Internally, it is the same as [config subcommand](iac.md).
## Vulnerability and Misconfiguration scanning
The difference between `fs` and `config` subcommand is that `fs` can detect both vulnerabilities and misconfiguration at the same time.
You have to specify `--security-checks vuln,config` to enable vulnerability and misconfiguration detection.
``` bash
$ ls myapp/
Dockerfile Pipfile.lock
$ trivy fs --security-checks vuln,config --severity HIGH,CRITICAL myapp/
2021-07-09T12:03:27.564+0300 INFO Detected OS: unknown
2021-07-09T12:03:27.564+0300 INFO Number of language-specific files: 1
2021-07-09T12:03:27.564+0300 INFO Detecting pipenv vulnerabilities...
2021-07-09T12:03:27.566+0300 INFO Detected config files: 1
Pipfile.lock (pipenv)
=====================
Total: 1 (HIGH: 1, CRITICAL: 0)
+----------+------------------+----------+-------------------+---------------+---------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+----------+------------------+----------+-------------------+---------------+---------------------------------------+
| httplib2 | CVE-2021-21240 | HIGH | 0.12.1 | 0.19.0 | python-httplib2: Regular |
| | | | | | expression denial of |
| | | | | | service via malicious header |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-21240 |
+----------+------------------+----------+-------------------+---------------+---------------------------------------+
Dockerfile (dockerfile)
=======================
Tests: 23 (SUCCESSES: 22, FAILURES: 1, EXCEPTIONS: 0)
Failures: 1 (HIGH: 1, CRITICAL: 0)
+---------------------------+------------+----------------------+----------+------------------------------------------+
| TYPE | MISCONF ID | CHECK | SEVERITY | MESSAGE |
+---------------------------+------------+----------------------+----------+------------------------------------------+
| Dockerfile Security Check | DS002 | Image user is 'root' | HIGH | Last USER command in |
| | | | | Dockerfile should not be 'root' |
| | | | | -->avd.aquasec.com/appshield/ds002 |
+---------------------------+------------+----------------------+----------+------------------------------------------+
```
In the above example, Trivy detected vulnerabilities of Python dependencies and misconfigurations in Dockerfile.
Reference in New Issue View Git Blame Copy Permalink