In this blog, we will install and examine a new tool called Trivy, which helps identify vulnerabilities, misconfigurations, licenses, secrets, and software dependencies in the following,

1.Container image

2.Kubernetes Cluster

3.Virtual machine image


5.Git Repo



1.One Virtual Machine

2.Above mentioned tools anyone

Step 1 : Install Trivy

Exceute below command based on your OS,

For Mac : 

brew install trivy

For other OS, please refer below link,

Step 2 : Check an image with Trivy,

Let's try with the latest Nginx web server image to identify security vulnerabilities.

Execute the below command,

Syntax : trivy image <image name > : <version>

trivy image nginx:latest

It will provide a detailed view of the image, including the base image, each layer's information, and their vulnerability status in the report.

Step 3 : Check a github repo with Trivy,

Example github repo,

Execute the following command to check for vulnerabilities in the Git repo,

trivy repo

If you want to see only critical vulnerabilities, you can specify the severity using the following command,

trivy repo --severity CRITICAL

Step 4: Check a YAML file with Trivy,

I have used below yaml from k8s website to check this,

Execute the below command to find the misconfiguration in the yaml,

trivy conf nginx.yaml

Step 5 : Check terraform script with Trivy,

I have used below sample tf script to check it,

Execute the below command to find the misconfiguration in the tf script,

trivy conf 01-hello-world

Thats all, We have installed the Trivy tool and validated it in each category. Thank you for reading!!!


Post a Comment

Previous Post Next Post