Trivy 容器漏洞扫描工具

Trivy 是一个简单而且功能完整的容器漏洞扫描工具，特别使用用于持续集成。准确性比较在 Alpine Linux 中检测的漏洞 (2019/05/12)详细的比较请看 Comparison with other scanners 特性全面检测漏洞 操作系统 (Alpine, Red Hat Universal Base Image, Red Hat Enterprise Linux, CentOS, Debian and Ubuntu) 应用依赖 (Bundler, Composer, Pipenv, npm, yarn and Cargo) 简单 Specify only an image name 详情请看 Quick Start 和 Examples 易于安装 No need for prerequirements such as installation of DB, libraries, etc. apt-get install ,  yum install  and  brew install  is possible (See Installation) 准确度高 Especially Alpine Linux and RHEL/CentOS (See Comparison with other scanners) Other OSes are also high DevSecOps Suitable for CI such as Travis CI, CircleCI, Jenkins, etc. See CI Example 安装RHEL/CentOSAdd repository setting to  /etc/yum.repos.d .$ sudo vim /etc/yum.repos.d/trivy.repo
[trivy]
name=Trivy repository
baseurl=https://knqyf263.github.io/trivy-repo/rpm/releases/$releasever/$basearch/
gpgcheck=0
enabled=1
$ sudo yum -y update
$ sudo yum -y install trivyor$ rpm -ivh https://github.com/knqyf263/trivy/releases/download/v0.0.13/trivy_0.0.13_Linux-64bit.rpmDebian/UbuntuReplace  [CODE_NAME]  with your code nameCODE_NAME: wheezy, jessie, stretch, buster, trusty, xenial, bionic$ sudo apt-get install apt-transport-https gnupg
$ wget -qO - https://knqyf263.github.io/trivy-repo/deb/public.key | sudo apt-key add -
$ echo deb https://knqyf263.github.io/trivy-repo/deb [CODE_NAME] main | sudo tee -a /etc/apt/sources.list.d/trivy.list
$ sudo apt-get update
$ sudo apt-get install trivyor$ sudo apt-get install rpm
$ wget https://github.com/knqyf263/trivy/releases/download/v0.0.13/trivy_0.0.13_Linux-64bit.deb
$ sudo dpkg -i trivy_0.0.13_Linux-64bit.debMac OS X / HomebrewYou can use homebrew on OS X.$ brew tap knqyf263/trivy
$ brew install knqyf263/trivy/trivy二进制 (包括 Windows)进入 releases 页面，找到相应的把柄，解压并增加可执行权限。从源码安装$ go get -u github.com/knqyf263/trivy