Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/owenrumney/lazytrivy
Vulnerability scanning just got lazier
https://github.com/owenrumney/lazytrivy
aws-security docker golang golang-cli misconfigurations podman scanner security-auditing-tool security-tools staticanalysis trivy tui vulnerability-scanners
Last synced: about 1 month ago
JSON representation
Vulnerability scanning just got lazier
- Host: GitHub
- URL: https://github.com/owenrumney/lazytrivy
- Owner: owenrumney
- License: apache-2.0
- Created: 2022-08-13T15:13:16.000Z (about 2 years ago)
- Default Branch: master
- Last Pushed: 2024-05-19T18:16:10.000Z (4 months ago)
- Last Synced: 2024-06-29T09:33:35.252Z (3 months ago)
- Topics: aws-security, docker, golang, golang-cli, misconfigurations, podman, scanner, security-auditing-tool, security-tools, staticanalysis, trivy, tui, vulnerability-scanners
- Language: Go
- Homepage:
- Size: 28.2 MB
- Stars: 273
- Watchers: 5
- Forks: 6
- Open Issues: 6
-
Metadata Files:
- Readme: README.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
Awesome Lists containing this project
README
[![Go Report Card](https://goreportcard.com/badge/github.com/owenrumney/lazytrivy)](https://goreportcard.com/report/github.com/owenrumney/lazytrivy)
[![License: Apache-2.0](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://github.com/owenrumney/lazytrivy/blob/master/LICENSE)
[![Github Release](https://img.shields.io/github/release/owenrumney/lazytrivy.svg)](https://github.com/owenrumney/lazytrivy/releases)
[![GitHub All Releases](https://img.shields.io/github/downloads/owenrumney/lazytrivy/total)](https://github.com/owenrumney/lazytrivy/releases)# lazytrivy
lazytrivy is a wrapper for [Trivy](https://github.com/aquasecurity/trivy) that allows you to run Trivy without
remembering the command arguments.The idea was very heavily inspired by the superb tools from [Jesse Duffield](https://github.com/jesseduffield) (
lazydocker, lazynpm, lazygit)![Scan All Images](./.github/images/scan_all.png)
## Features
- Image Scanning
- [Scan all images on your system](#scanning-all-local-images)
- [Scan a single image](#scanning-a-specific-image)
- [Scan a remote image](#scanning-a-remote-image)
- File System Scanning
- [Scan a filesystem for vulnerabilities and misconfigurations](#scanning-a-filesystem)## What does it do
lazytrivy will run Trivy in a docker container and display the results in a terminal UI, the intention is that this will make it more stable across all platforms.
When running a Filesystem scan, lazytrivy will mount the target dir in the container and run Trivy against it.
Trivy intermittently downloads the latest DB - while lazytrivy maintains a cache, if you experience a delay in the scanning of an image or filesystem, it is likely trivy is running a download.
If you're interested in seeing what's happening behind the scenes in Docker, I'd thoroughly recommend using [LazyDocker](https://github.com/jesseduffield/lazydocker).
## Installation
### Prerequisites
In order for lazytrivy to be cross-platform, it uses the Trivy docker image. This means that you will need to have Docker running on your machine for lazytrivy to work.
#### Install with Go
The quickest way to install if you have `Go` installed is to get the latest with `go install`
```bash
go install github.com/owenrumney/lazytrivy@latest
```#### Download from Releases
Alternatively, you can get the latest releases from [GitHub](https://github.com/owenrumney/lazytrivy)
### Config
A config file can be added to `~/.config/lazytrivy/config.yml` to set default options.
```yaml
vulnerability:
ignoreunfixed: false
filesystem:
scansecrets: true
scanmisconfiguration: true
scanvulnerabilities: true
cachedirectory: ~/.cache
debug: true
trace: false```
#### Config via UISettings can be adjusted via the UI by pressing the `,` key at any time.
![Settings](./.github/images/settings.gif)
By setting `debug` to true, additional logs will be generated in `/tmp/lazytrivy.log`
## Usage
`lazytrivy` is super easy to use, just run it with the following command:
```bash
lazytrivy --helpUsage:
lazytrivy [command]Available Commands:
filesystem Launch lazytrivy in filesystem scanning mode
help Help about any command
image Launch lazytrivy in image scanning modeFlags:
--debug Launch with debug logging
--docker-host string Docker host to connect to (default "unix:///var/run/docker.sock")
-h, --help help for lazytrivy
--trace Launch with trace loggingUse "lazytrivy [command] --help" for more information about a command.
```
### Viewing logs
Logs are generated in `$HOME/.lazytrivy/logs/lazytrivy.log` with the default level at `info`. You can change the log level by setting the `--debug` flag.
To get even more information (more than you need), you can set the `--trace` flag. This will generate a lot of logs, so be careful and most of it is for tracking the position of the cursor, Docker events etc.
### Setting the docker host
By default, lazytrivy will connect to the docker daemon on the local machine by looking at the current context.
The default docker host is `unix:///var/run/docker.sock`. If you are running Docker on a remote host, you can set the docker host with the `--docker-host` flag.
```bash
### Starting in a specific mode
You can start `lazytrivy` in a specific mode using `images` or `filesystem`:
For example, to scan a specific filesystem folder, you could run:
```bash
lazytrivy fs --path /home/owen/code/github/owenrumney/example
```This will start in filesystem mode pointing to the specified path. If no path is provided it will point to the current working directory.
#### Running with Podman
lazytrivy will work with podman in non-root mode, you do however need to be careful to either start podman in a different terminal to lazytrivy or pipe the podman output to `/dev/null`.
For example, you can start podman with
```bash
podman system service -t 3600 unix:///tmp/podman-run-1000/podman/podman.sock 2>/dev/null &
```then start lazytrivy with
```bash
lazytrivy --docker-host unix:///tmp/podman-run-1000/podman/podman.sock image
```### Scanning all local images
Pressing `a` will scan all the images that are shown in the left hand pane. On completion, you will be shown a
summary of any vulnerabilities found.You can then scan individual images to get more details
![Scanning all images](./.github/images/scan_all_images.gif)
### Scanning a specific image
Select an image from the left hand pane and press `s` to scan it. Use the left and right arrow keys to switch between
views and up down arrow keys to select an image.Press `s` to scan the currently selected image.
![Scanning an image](./.github/images/scan_individual_images.gif)
### Scanning a remote image
To scan an image that is not already locally on the machine, you can use the `r` key to scan a remote image.
![Scanning a remote image](./.github/images/scan_remote_image.gif)
### Scanning a filesystem
To scan a filessystem, you can use the `w` key to switch to Filesystem mode, from there you will get all the vulnerabilities, misconfigurations and secrets from the current working directory
![Scanning a filesystem](./.github/images/scan_filesystem.gif)