Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
102 views2 pages

Trivy

Trivy supports scanning container images for vulnerabilities, misconfigurations, secrets, and licenses. It scans files inside images and image metadata. It can generate software bill of materials (SBOMs) for images and perform scans using SBOMs to avoid pulling images. Trivy also supports scanning virtual machine images on AWS, Kubernetes clusters, and misconfigurations in AWS accounts. Anchore Enterprise stores SBOMs to enable ongoing monitoring of software for new vulnerabilities and identifies open source dependencies, nested dependencies, package details, and filesystem metadata in SBOMs.

Uploaded by

raspberries1
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
102 views2 pages

Trivy

Trivy supports scanning container images for vulnerabilities, misconfigurations, secrets, and licenses. It scans files inside images and image metadata. It can generate software bill of materials (SBOMs) for images and perform scans using SBOMs to avoid pulling images. Trivy also supports scanning virtual machine images on AWS, Kubernetes clusters, and misconfigurations in AWS accounts. Anchore Enterprise stores SBOMs to enable ongoing monitoring of software for new vulnerabilities and identifies open source dependencies, nested dependencies, package details, and filesystem metadata in SBOMs.

Uploaded by

raspberries1
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

Trivy supports two targets for container images.

 Files inside container images


 Container image metadata

Trivy scans the files inside container images for

 Vulnerabilities (enable by default, detect only known vulnerabilities)


 Misconfigurations
- (IaC misconfig such as K8s YAML or Terraform files)
- Trivy detects misconfigurations on the configuration of container images. The image
config is converted into Dockerfile and Trivy handles it as Dockerfile

 Secrets
- Trivy detects secrets on the configuration of container images. The image config is
converted into JSON and Trivy scans the file for secrets.
- scan every plaintext file, according to built-in rules or configuration. There are plenty of
built-in rules:
 AWS access key
 GCP service account
 GitHub personal access token
 GitLab personal access token
 Slack access token

 Licenses (using Google license classification)

Trivy will look for the specified image in a series of locations. By default, it will first look in
the local Docker Engine, then Containerd, Podman, and finally container registry.

Trivy supports the generation of Software Bill of Materials (SBOM) for container images

SBOM
Trivy can search for Software Bill of Materials (SBOMs) that reference container images. If
an SBOM is found, the vulnerability scan is performed using the SBOM instead of the
container image. By using the SBOM, you can perform a vulnerability scan more quickly, as
it allows you to skip pulling the container image and analyzing its layers.

Virtual Machine Image


The following targets are currently supported:
- Local file
- AWS EC2
Amazon Machine Image (AMI)
Amazon Elastic Block Store (EBS) Snapshot

Trivy can connect to your Kubernetes cluster and scan it for security issues (scope, cluster,
namespace, node

The Trivy AWS CLI allows you to scan your AWS account for misconfigurations
Anchore Enterprise stores all SBOMs in a SBOM repository to enable ongoing monitoring
of your software for new or zero-day vulnerabilities that can arise even post-deployment.

Anchore Enterprise SBOMs identify:

 Open source dependencies including ecosystem type (OS, language, and other
metadata)
 Nested dependencies in archive files (WAR files, JAR files and more)
 Package details such as name, version, creator, and license information
 Filesystem metadata such as the file name, size, permissions, creation time,
modification time, and hashes
 Malware
 Secrets, keys, and credentials

You might also like