docker-trivy

command
v0.58.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 15, 2024 License: Apache-2.0 Imports: 11 Imported by: 0

README

Smithy Trivy Producer

This producer runs aquasec/trivy against the specified filesystem or image. It then parses the results into the Smithy format and exits.

Supported Commands

This producer has been tested with and currently supports the following trivy commands:

  • config
  • filesystem
  • image
  • repository
  • sbom

If you need support for more, please open a ticket or send a pull request.

Supported Results Formats

Trivy-Producer currently supports the following output formats:

  • json
  • sarif
  • cyclonedx-json

You can use this producer to scan an image for vulnerabilities or generate an SBOM from both images and filesystems. Accepted parameters and execution details can be found in task.yaml

Testing without Smithy

You can run this producer outside of smithy for development with

go run ./components/producers/docker-trivy -in <trivy output> -format <what you passed as trivy -f flag> -out ./trivy.pb 

Trivy can be run as a docker image by pulling aquasec/trivy

SBOM mode

If the format is cyclonedx the producer will output a LaunchToolResponse containing a single issue which will have its CycloneDXSBOM field populated with trivy's output.

Documentation

The Go Gopher

There is no documentation for this package.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL