https://github.com/flavienbwk/trivy-docker-compose
Deployment-ready docker configuration and instructions to use Trivy on your infrastructure and CIs.
https://github.com/flavienbwk/trivy-docker-compose
ci docker docker-compose gitlab offline-capable trivy vulnerability-scanners
Last synced: 2 months ago
JSON representation
Deployment-ready docker configuration and instructions to use Trivy on your infrastructure and CIs.
- Host: GitHub
- URL: https://github.com/flavienbwk/trivy-docker-compose
- Owner: flavienbwk
- Created: 2022-01-23T13:10:53.000Z (over 4 years ago)
- Default Branch: main
- Last Pushed: 2022-06-29T20:14:03.000Z (almost 4 years ago)
- Last Synced: 2025-03-23T09:35:23.997Z (over 1 year ago)
- Topics: ci, docker, docker-compose, gitlab, offline-capable, trivy, vulnerability-scanners
- Language: Dockerfile
- Homepage:
- Size: 124 KB
- Stars: 3
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Trivy docker-compose
Deployment-ready docker compose configuration and instructions to use Trivy on your infrastructure and CIs.
## Installation
### Download latest vulnerabilities
Run the following commands :
```bash
mkdir trivy-data
docker run --rm -v "$(pwd)/trivy-data:/root/.cache" aquasec/trivy:0.29.2 image --download-db-only
```
### Run Trivy server
```bash
docker-compose up -d
```
## Run scan (local)
```bash
# Install client
wget https://github.com/aquasecurity/trivy/releases/download/v0.29.2/trivy_0.29.2_Linux-64bit.deb
sudo dpkg -i trivy_0.29.2_Linux-64bit.deb
# Run
trivy client --offline-scan --remote http://172.17.0.1:4030 "$FULL_IMAGE_NAME"
```
- Image avec vulnérabilité : `node:10-alpine`
- Image sans vulnérabilité : `alpine:3.12`
This will look like this :
## Run scan (CI)
Trivy can be [integrated to a GitLab CI](https://aquasecurity.github.io/trivy/v0.29.2/advanced/integrations/gitlab-ci/).
### GitLab CE
1. Download Trivy client binaries
```bash
wget https://github.com/aquasecurity/trivy/releases/download/v0.29.2/trivy_0.29.2_Linux-64bit.tar.gz
```
2. In a `docker:dind` image CI run
```bash
mkdir trivy_bin && tar xf trivy_0.29.2_Linux-64bit.tar.gz -C trivy_bin/
./trivy_bin/trivy --exit-code 1 --cache-dir .trivycache/ --severity CRITICAL --no-progress "$FULL_IMAGE_NAME"
```
This command will make the container exit 1 on CRITICAL vulnerabillity found.
### GitLab EE
Check the [template from the official documentation](https://aquasecurity.github.io/trivy/v0.29.2/advanced/integrations/gitlab-ci/) so you can benefit of a nice report formating.