Trivy
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
- Site : https://trivy.dev/
Features
NuGet Scanner (#686)
Trivy now supports a lock file packages.lock.json of NuGet.
packages.lock.json
==================
Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0)
+-------------+------------------+----------+-------------------+----------------+--------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+-------------+------------------+----------+-------------------+----------------+--------------------------------------+
| MessagePack | CVE-2020-5234 | MEDIUM | 1.9.10 | 2.1.90, 1.9.11 | Untrusted data can lead to DoS |
| | | | | | attack due to hash collisions and... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-5234 |
+-------------+------------------+----------+-------------------+----------------+--------------------------------------+
Thanks to @Johannestegner
Redis support as the cache backend (#770)
For the detail, see here
$ docker run -d --name redis -p 6379:6379 redis:5.0
$ trivy server --cache-backend redis://localhost:6379
$ trivy client alpine:3.11
HTML template (#567)
$ trivy image -f template --template "@contrib/html.tpl" -o report.html alpine:3.12
Thanks to @irrandon
Helm chart (#751, #769)
For the detail, see here
$ cd helm/trivy
$ helm install my-release .
Thanks to @czunker
Fixes
redhat: skip modular packages (#776)
Close https://github.com/aquasecurity/trivy/issues/771 and https://github.com/aquasecurity/trivy/issues/741
Thanks to @masahiro331
Make the table output less wide. (#763)
alpine:3.10 (alpine 3.10.5)
===========================
Total: 4 (UNKNOWN: 0, LOW: 0, MEDIUM: 4, HIGH: 0, CRITICAL: 0)
+--------------+------------------+----------+-------------------+---------------+---------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+--------------+------------------+----------+-------------------+---------------+---------------------------------------+
| libcrypto1.1 | CVE-2020-1971 | MEDIUM | 1.1.1g-r0 | 1.1.1i-r0 | openssl: EDIPARTYNAME |
| | | | | | NULL pointer de-reference |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-1971 |
+--------------+ + + + + +
| libssl1.1 | | | | | |
| | | | | | |
| | | | | | |
+--------------+------------------+ +-------------------+---------------+---------------------------------------+
| musl | CVE-2020-28928 | | 1.1.22-r3 | 1.1.22-r4 | In musl libc through 1.2.1, |
| | | | | | wcsnrtombs mishandles particular |
| | | | | | combinations of destination buffer... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-28928 |
+--------------+ + + + + +
| musl-utils | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
+--------------+------------------+----------+-------------------+---------------+---------------------------------------+
Changelog
08ca1b0 Feat: NuGet Scanner (#686) 7b86f81 feat(cache): support Redis (#770) 8cd4afe fix(redhat): skip module packages (#776) b606b62 chore: migrate from master to main (#778) 5c2b14b chore(circleci): remove gofmt (#777) a19a023 chore(README): remove experimental (#775) e6cef75 NVD: Add timestamps. (#761) 1371f72 (fix): Make the table output less wide. (#763) 8ecaa2f Add gitHubToken to prevent rate limit problems (#769) 8132174 Add helm chart to install trivy in server mode. (#751) bcc2850 chore(docs): add nix install (#762) cb36972 HTML template (#567)
Docker images
docker pull docker.io/aquasec/trivy:0.15.0docker pull docker.io/aquasec/trivy:latestdocker pull ghcr.io/aquasecurity/trivy:0.15.0docker pull ghcr.io/aquasecurity/trivy:latest