trivy v0.21.1 releases: A Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI

trivy

A Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI

Trivy (tri pronounced like trigger, vy pronounced like envy) is a simple and comprehensive vulnerability scanner for containers. Trivy detects vulnerabilities of OS packages (Alpine, RHEL, CentOS, etc.) and application dependencies (Bundler, Composer, npm, yarn, etc.). Trivy is easy to use. Just install the binary and you’re ready to scan. All you need to do for scanning is to specify an image name of the container.

It is considered to be used in CI. Before pushing to a container registry, you can scan your local container image easily.

Features

• Detect comprehensive vulnerabilities
  • OS packages (Alpine, Red Hat Universal Base Image, Red Hat Enterprise Linux, CentOS, Debian, and Ubuntu)
  • Application dependencies (Bundler, Composer, Pipenv, npm, yarn, and Cargo)
• Simple
  • Specify only an image name
  • See Quick Start and Examples
• Easy installation
  • No need for pre-requirements such as the installation of DB, libraries, etc.
  • apt-get install, yum install and brew install is possible (See Installation)
• High accuracy
  • Especially Alpine Linux and RHEL/CentOS (See Comparison with other scanners)
  • Other OSes are also high
• DevSecOps
  • Suitable for CI such as Travis CI, CircleCI, Jenkins, etc.
  • See CI Example

Vulnerability Detection

OS Packages

The unfixed/unfixable vulnerabilities mean that the patch has not yet been provided on their distribution.

Changelog v0.21.1

b9a51de chore(mod): tidy (#1415)
7f24834 fix(rpc): fix nil layer transmit (#1410)
af3eaef Lang advisory order (#1409)
07c9200 chore: add support for s390x arch (#1304)
8bc8a4a fix(chart): ingress helm manifest-update trivy image (#1323)
9076a49 docs: Add comparison for cfsec (#1388)
bb316d9 remove: delete unused functions in utils package (#1379)

Install && Use

Copyright (C) 2019 Teppei Fukuda (knqyf263)