Trivy 是一个简单而且功能完整的容器漏洞扫描工具,特别使用用于持续集成。
准确性比较在 Alpine Linux 中检测的漏洞 (2019/05/12)
详细的比较请看 Comparison with other scanners 特性
安装RHEL/CentOSAdd repository setting to /etc/yum.repos.d . $ sudo vim /etc/yum.repos.d/trivy.repo [trivy] name=Trivy repository baseurl=https://knqyf263.github.io/trivy-repo/rpm/releases/$releasever/$basearch/ gpgcheck=0 enabled=1 $ sudo yum -y update $ sudo yum -y install trivy or $ rpm -ivh https://github.com/knqyf263/trivy/releases/download/v0.0.13/trivy_0.0.13_Linux-64bit.rpm Debian/UbuntuReplace [CODE_NAME] with your code name CODE_NAME: wheezy, jessie, stretch, buster, trusty, xenial, bionic $ sudo apt-get install apt-transport-https gnupg $ wget -qO - https://knqyf263.github.io/trivy-repo/deb/public.key | sudo apt-key add - $ echo deb https://knqyf263.github.io/trivy-repo/deb [CODE_NAME] main | sudo tee -a /etc/apt/sources.list.d/trivy.list $ sudo apt-get update $ sudo apt-get install trivy or $ sudo apt-get install rpm $ wget https://github.com/knqyf263/trivy/releases/download/v0.0.13/trivy_0.0.13_Linux-64bit.deb $ sudo dpkg -i trivy_0.0.13_Linux-64bit.deb Mac OS X / HomebrewYou can use homebrew on OS X. $ brew tap knqyf263/trivy $ brew install knqyf263/trivy/trivy 二进制 (包括 Windows)进入 releases 页面,找到相应的把柄,解压并增加可执行权限。 从源码安装$ go get -u github.com/knqyf263/trivy (责任编辑:IT) |