Containers Vulnerability Scanner: Trivy

This article talks about Trivy, which is a a simple and comprehensive vulnerability scanner for containers and other artifacts, suitable for Continueos Integration and Testing.

Table of Contents

·         Introduction

·         Installation

·         Scanning Git Repository

·         Scanning Container Image

·         Scanning Filesystem

·         Scanning From Inside Containers

·         Embed Trivy in Dockerfile

 

Introduction

Trivy is an open-source tool by aqua security to scan for vulnerabilities and misconfiguration errors. This tool works at various levels: it can evaluate Infrastructure as Code, inspect container images, deliver configuration file assistance, analyze Kubernetes implementations, and review the code in a Git repository. With the ease of usage, trivy can be simply be integrated in CI/CD pipeline (DevSecOps) by installing and adding binary to the project. Trivy offers thorough visibility across programming language and operating system packages and has a wide database of vulnerabilities which allows quick scans of critical CVEs. With various new advancements in the tool, it has helped pen-testers and cybersecurity researchers to ensure continuous scans making the process of DevSecOps faster and efficient.

Installation

The installation is quite simple. Follow the below given commands to install Trivy from the official repository on your ubuntu machine.

sudo apt-get install wget apt-transport-https gnupg lsb-release

wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -

echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo tee /etc/apt/sources.list.d/trivy.list

 


sudo apt-get update

sudo apt-get install trivy

Once the tool has been installed and updated, you are ready to scan files.



Scanning Git Repository

 

As I have described above, we can use trivy for scanning security loopholes amoung multiple platforms.

 If you are using Git Repository and you can scan git file directly without downloading the entire package.

sudo trivy repo https://github.com/appsecco/dvna

 


Scanning Container Image

 

Docker is an open-source project and for the IT organization docker security is a biggest concern and they are looking for docker security advisories and tools that can identify vulnerabilities inside any docker image.

You can scan the docker images to identify vulnerabilities by following the below given steps.

Step1: Check the Image ID of the Container image that you want to scan.

sudo docker images

Step2: Use the below given command to scan the container image.

sudo trivy image 4621d4fe2959

 


You can also scan the images for a particular severity of vulnerabilities and save the report in text format using the below given command.

sudo trivy image --severity HIGH 4621d4fe2959 > result.txt

tail result.txt



Scanning Filesystem

Trivy can be used to scan a filesystem (such as a host machine, a virtual machine image, or an unpacked container image filesystem).

(Note: We are using vulnerable-node from Filesystem for this practical.)

 Use the below given command to scan any filesystem for vulnerabilities.

trivy conf services/



Scanning From Inside Containers

You can easily scan running container from inside. Follow the below given steps to scan a docker file.

Step1: Run the docker file that you want to scan.

sudo docker run -it alpine

Step2: Add Trivy scanner to the file and run it.

apk add curl \

&& curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin \    && trivy filesystem --exit-code 1 --no-progress /

 


 Embed Trivy in Dockerfile

Scan your image as part of the build process by embedding Trivy in the Dockerfile. This approach can be used to update Dockerfiles currently using Aqua’s Microscanner. Follow the below given steps to scan docker file while building it.

Step1: Add trivy to the docker file.

FROM alpine:3.7

 RUN apk add curl \

    && curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/master/contrib/install.sh | sh -s -- -b /usr/local/bin \

    && trivy filesystem --exit-code 1 --no-progress /

 Step2 : Build the image.

sudo docker build -t vulnerable image .

 


 

It will scan the docker file while the image is being built and give the report as shown below.

 


Author: Mukund Mehrotra is a cybersecurity researcher , technical writer and an enthusiastic pen-tester at Hacking Articles. Contact here.  

0 comments:

Post a Comment