Skip to content

Quick Start

Scan image for vulnerabilities and secrets

Simply specify an image name (and a tag).

$ trivy image [YOUR_IMAGE_NAME]

For example:

$ trivy image myimage:1.0.0
2022-05-16T13:25:17.826+0100    INFO    Detected OS: alpine
2022-05-16T13:25:17.826+0100    INFO    Detecting Alpine vulnerabilities...
2022-05-16T13:25:17.826+0100    INFO    Number of language-specific files: 0

myimage:1.0.0 (alpine 3.15.3)

Total: 2 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 2)

┌────────────┬────────────────┬──────────┬───────────────────┬───────────────┬─────────────────────────────────────────────────────────┐
│  Library   │ Vulnerability  │ Severity │ Installed Version │ Fixed Version │                          Title                          │
├────────────┼────────────────┼──────────┼───────────────────┼───────────────┼─────────────────────────────────────────────────────────┤
│ busybox    │ CVE-2022-28391 │ CRITICAL │ 1.34.1-r4         │ 1.34.1-r5     │ busybox: remote attackers may execute arbitrary code if │
│            │                │          │                   │               │ netstat is used                                         │
│            │                │          │                   │               │ https://avd.aquasec.com/nvd/cve-2022-28391              │
├────────────┤                │          │                   │               │                                                         │
│ ssl_client │                │          │                   │               │                                                         │
│            │                │          │                   │               │                                                         │
│            │                │          │                   │               │                                                         │
└────────────┴────────────────┴──────────┴───────────────────┴───────────────┴─────────────────────────────────────────────────────────┘

app/deploy.sh (secrets)

Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 1)

┌──────────┬───────────────────┬──────────┬─────────┬────────────────────────────────┐
│ Category │    Description    │ Severity │ Line No │             Match              │
├──────────┼───────────────────┼──────────┼─────────┼────────────────────────────────┤
│   AWS    │ AWS Access Key ID │ CRITICAL │    3export AWS_ACCESS_KEY_ID=***** │
└──────────┴───────────────────┴──────────┴─────────┴────────────────────────────────┘

For more details, see vulnerability and secret pages.

Scan directory for misconfigurations

Simply specify a directory containing IaC files such as Terraform and Dockerfile.

$ trivy config [YOUR_IAC_DIR]

For example:

$ ls build/
Dockerfile
$ trivy config ./build
2022-05-16T13:29:29.952+0100    INFO    Detected config files: 1

Dockerfile (dockerfile)
=======================
Tests: 23 (SUCCESSES: 22, FAILURES: 1, EXCEPTIONS: 0)
Failures: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0)

MEDIUM: Specify a tag in the 'FROM' statement for image 'alpine'
══════════════════════════════════════════════════════════════════════════════════════════════════════════════════════
When using a 'FROM' statement you should use a specific tag to avoid uncontrolled behavior when the image is updated.

See https://avd.aquasec.com/misconfig/ds001
──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
 Dockerfile:1
──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
   1 [ FROM alpine:latest
──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

For more details, see here.