Member-only story
Scan for CVEs in Development on images prior to pushing up.
Locally | Trivy | Vunerbilities | Images | CI/CD | Open Container Initiative
This is really a simple article that references how to scan images with Trivy whether or not you are running on Linux or windows. This should really be a best practice to consider bringing into your teams. This article will talk about how a developer can push an image and then scan that image for CVEs without an image repository.
Trivy is a great tool to do just this if you know how to use it. Trivy has the capability to scan within a container. This is very important for Windows users as Trivy is Linux-based friendly but not windows friendly.
Letβs get started.
Scanning the Local Image
In order to run a local image within a container the docker. sock must be associated. This is very important. If the docker.sock is not set up during run time then the local image will not be found.
docker run --rm -v trivy-cache:/root/.cache/ -v /var/run/docker.sock:/var/run/docker.sock aquasec/trivy:latest image --vuln-type=os,library --format template --template "@contrib/html.tpl" ubi7-tomcat > findings/trivy/report.htmlSo what else is going on here?
