trivy v0.17 releases: A Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI

trivy

A Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI

Trivy (tri pronounced like trigger, vy pronounced like envy) is a simple and comprehensive vulnerability scanner for containers. Trivy detects vulnerabilities of OS packages (Alpine, RHEL, CentOS, etc.) and application dependencies (Bundler, Composer, npm, yarn, etc.). Trivy is easy to use. Just install the binary and you’re ready to scan. All you need to do for scanning is to specify an image name of the container.

It is considered to be used in CI. Before pushing to a container registry, you can scan your local container image easily.

Features

• Detect comprehensive vulnerabilities
  • OS packages (Alpine, Red Hat Universal Base Image, Red Hat Enterprise Linux, CentOS, Debian, and Ubuntu)
  • Application dependencies (Bundler, Composer, Pipenv, npm, yarn, and Cargo)
• Simple
  • Specify only an image name
  • See Quick Start and Examples
• Easy installation
  • No need for pre-requirements such as the installation of DB, libraries, etc.
  • apt-get install, yum install and brew install is possible (See Installation)
• High accuracy
  • Especially Alpine Linux and RHEL/CentOS (See Comparison with other scanners)
  • Other OSes are also high
• DevSecOps
  • Suitable for CI such as Travis CI, CircleCI, Jenkins, etc.
  • See CI Example

Vulnerability Detection

OS Packages

The unfixed/unfixable vulnerabilities mean that the patch has not yet been provided on their distribution.

Changelog v0.17

05bd261 foo
d88b7cf feat(java): support GitLab Advisory Database (aquasecurity#917)
1385fa4 feat: show help message when the context’s deadline passes (aquasecurity#955)
0346a10 chore(mkdocs): replace github token (aquasecurity#954)
60a4e7e Update SARIF report template (aquasecurity#935)
39ab6bd Update install docs to make commands consistent (aquasecurity#933)
0518d27 Docker multi-platform image build with buildx, using Goreleaser (aquasecurity#915)
a6b8ec3 Fix JUnit template for AWS CodeBuild compatibility (aquasecurity#904)
6d22387 break(cli): use StringSliceFlag for skip-dirs/files (aquasecurity#916)
7221579 docs: add white logo (aquasecurity#914)
ee29ffa add package name in ruleID (aquasecurity#913)
8935aa6 feat: gh-action for stale issues (aquasecurity#908)
288481f chore(triage): add lifecycle/active label (aquasecurity#909)
f961e99 feat: publish helm repository (aquasecurity#888)
0edf73b Fix Documentation Typo (aquasecurity#901)
f5b060a docs: migrate README to MkDocs (aquasecurity#884)
c26a3e4 refactor(internal): export internal packages (aquasecurity#887)
8b3b5d0 feat: support plugins (aquasecurity#878)
37edc66 chore(ci): deploy dev docs only for the main branch (aquasecurity#882)
becd508 add MkDocs implementation (aquasecurity#870)
e517bef docs(README): update ubuntu versions (aquasecurity#877)
da2b28a support Ubuntu 20.10 (aquasecurity#876)
965bb6d feat(cache): introduce versioned cache (aquasecurity#865)
0497286 chore: bump up Go to 1.16 (aquasecurity#861)
fcb9a93 fix: allow the latest tag (aquasecurity#864)
425eaf8 feat: disable analyzers (aquasecurity#846)
47ce996 chore(ci): push the official image to public ECR (aquasecurity#855)
e890ae0 chore(ci): migrate CircleCI to GitHub Actions (aquasecurity#850)
9bc3565 adds example with multistage build (aquasecurity#853)
a0cd5d7 remove SARIF helpUri if empty (aquasecurity#841) (aquasecurity#845)
3170dc3 Add Sprig to Template Engine (aquasecurity#832)
10ad2ed Fix “GitLab CI using Trivy container” usage example (fixes aquasecurity#843) (aquasecurity#844)
c9f22f4 feat(java): support jar/war/ear (aquasecurity#837)
3047c52 fix(app): increase the default value of timeout (aquasecurity#842)
89e5295 Update README.md (aquasecurity#838)

Install && Use

Copyright (C) 2019 Teppei Fukuda (knqyf263)