github aquasecurity/trivy v0.9.0
on GitHub

latest releases: v0.53.0, v0.52.2, v0.52.1...
4 years ago

New Features

[IMPORTANT] Support GitHub Advisory Database (#467)

Trivy supports GitHub Advisory Database to detect vulnerabilities of programming language libraries. It uses multiple data sources for each language as show below.

https://github.com/aquasecurity/trivy#data-source

This allows Trivy to be more accurate and affects the number of vulnerabilities Trivy detects.

Thank you for the contribution, @masahiro331!

Filesystem scan

Scan a filesystem (such as a host machine, a virtual machine image, or an unpacked container image filesystem).

When you specify the path to your project, Trivy will look for vulnerabilities based on lock files such as Gemfile.lock and package-lock.json. 

$ trivy fs /path/to/project

Also, Trivy can scan your container from inside the container. 

$ docker run --rm -it alpine:3.11
/ # apk add curl
/ # curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/master/contrib/install.sh | sh -s -- -b /usr/local/bin
/ # trivy fs /

Embed in Dockerfile 🎉

Scan your image as part of the build process by embedding Trivy in the Dockerfile. This approach can be used to update Dockerfiles currently using Aqua’s Microscanner 

$ cat Dockerfile
FROM alpine:3.7
RUN apk add --no-cache curl \
    && curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/master/contrib/install.sh | sh -s -- -b /usr/local/bin \
    && trivy filesystem --exit-code 1 --no-progress / \
    && trivy --reset && rm -f /usr/loca/bin/trivy && apk del curl
$ docker build -t vulnerable-image .

Git Repository scan

Scan your remote git repository. 

$ trivy repo https://github.com/aquasecurity/trivy-ci-test

Only public repositories are supported.

Bug fixes

CVE duplication in scanning result

Close aquasecurity/harbor-scanner-trivy#114

When Trivy scans an image containing multiple lock files regardless of OS and packages, it sometimes has false positives.

Changelog

020c4a3 fix(app): add ArgsUsage (#508)
2f2d1a9 feat: support repository and filesystem scan (#503)
03ad8a3 Add GHSA support (#467)
1218e11 refactor: define common options and embed them into the option for subcommand (#502)

Docker images

  • docker pull docker.io/aquasec/trivy:0.9.0
  • docker pull docker.io/aquasec/trivy:latest
Check out latest releases or
releases around aquasecurity/trivy v0.9.0

Don't miss a new trivy release

NewReleases is sending notifications on new releases.

Get notifications