Security Scanning with Docker

Hackerspace
1

Trivy

A Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI

https://github.com/knqyf263/trivy/raw/master/imgs/usage.gif

How to use with Travis CI

---
# ./.travis.yml

services:
  - docker #include docker

env:
  global:
    - COMMIT=${TRAVIS_COMMIT::8}

before_install:
  - docker image build -t trivy-ci-test:${COMMIT} .  # build image
  - curl -sSLk https://github.com/knqyf263/trivy/releases/download/v0.0.13/trivy_0.0.13_Linux-64bit.tar.gz | tar zxv # extract trivy release
script:
  - ./trivy --exit-code 0 --severity HIGH --quiet trivy-ci-test:${COMMIT}
  - ./trivy --exit-code 1 --severity CRITICAL --quiet trivy-ci-test:${COMMIT}
cache:
  directories:
    - $HOME/.cache/trivy
...
1 Like