Container security
Trivy
Usage
Show the different trivy component versions (core, Vulnerability DB, Check Bundle) together with download times:
trivy --version
Scan local filesystem (i.e. to check a Containerfile):
trivy sconfig .
Ignore checks
- Ignore checks with a .trivyignore.yaml
- Inline ignores
- i.e.:
#trivy:ignore:AVD-GCP-0051 - Only work in certain files, i.e. OpenTofu files
- i.e.:
pre-commit hook
Usage:
- repo: https://github.com/mxab/pre-commit-trivy.git
rev: v0.12.0
hooks:
- id: trivyconfig-docker
args:
- Containerfile