CKS D3C3 Vulnerability Scanner for Containers and other Artifacts

# CKS D3C3 Vulnerability Scanner for Containers and other Artifacts ###### tags: `CKS Day3` ## Trivy 参考链接:[Trivy - Overview](https://aquasecurity.github.io/trivy/latest/) Trivy (tri pronounced like trigger, vy pronounced like envy) is a simple and comprehensive vulnerability scanner for containers and other artifacts. A software vulnerability is a glitch, flaw, or weakness present in the software or in an Operating System. Trivy detects vulnerabilities of OS packages (Alpine, RHEL, CentOS, etc.) and application dependencies (Bundler, Composer, npm, yarn, etc.). Trivy is easy to use. Just install the binary and you're ready to scan. All you need to do for scanning is to specify a target such as an image name of the container. ![Trivy - Overview](https://i.imgur.com/TPnDlil.png) ## Install 参考链接: [Trivy - Installation](https://aquasecurity.github.io/trivy/latest/installation/) ## Usage ![Trivy - Usage](https://i.imgur.com/1FMymMl.gif) 直接扫描: ``` trivy image rock981119/net-tools:v2 ``` 根据漏洞等级过滤: 1. 内置参数过滤 ``` trivy image --severity HIGH,CRITICAL rock981119/net-tools:v2 ``` 2. 使用Grep ``` trivy image rock981119/net-tools:v2 |grep -iE "HIGH | CRITICAL" Total: 108 (UNKNOWN: 0, LOW: 39, MEDIUM: 64, HIGH: 5, CRITICAL: 0) | libgnutls30 | CVE-2020-13777 | HIGH | 3.6.13-2ubuntu1 | 3.6.13-2ubuntu1.1 | gnutls: session resumption works | | libssl1.1 | CVE-2020-1971 | HIGH | 1.1.1f-1ubuntu2 | 1.1.1f-1ubuntu2.1 | openssl: EDIPARTYNAME | | openssl | CVE-2020-1971 | HIGH | 1.1.1f-1ubuntu2 | 1.1.1f-1ubuntu2.1 | openssl: EDIPARTYNAME | ```