GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → aquasecurity → Trivy

aquasecurity / Trivy

Licence: apache-2.0
Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues

Programming Languages

go
31211 projects - #10 most used programming language
Smarty
1635 projects
shell
77523 projects
Open Policy Agent
39 projects
Makefile
30231 projects
Mustache
554 projects

Labels

hacktoberfestdockersecuritykubernetescontainerssecurity-toolsvulnerabilityvulnerability-scannersvulnerability-detectioniacinfrastructure-as-codedevsecopsmisconfiguration

Projects that are alternatives of or similar to Trivy

Tfsec
Security scanner for your Terraform code
Stars: ✭ 3,622 (-62.56%)
Mutual labels:  hacktoberfest, vulnerability-scanners, infrastructure-as-code, devsecops, misconfiguration
Terrascan
Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
Stars: ✭ 2,687 (-72.22%)
Mutual labels:  security-tools, iac, infrastructure-as-code, devsecops
Nerve
NERVE Continuous Vulnerability Scanner
Stars: ✭ 267 (-97.24%)
Mutual labels:  security-tools, vulnerability-scanners, vulnerability-detection
Faraday
Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.
Stars: ✭ 3,198 (-66.94%)
Mutual labels:  vulnerability, vulnerability-scanners, devsecops
Vfeed
The Correlated CVE Vulnerability And Threat Intelligence Database API
Stars: ✭ 826 (-91.46%)
Mutual labels:  vulnerability, vulnerability-scanners, vulnerability-detection
vulnerablecode
A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/
Stars: ✭ 269 (-97.22%)
Mutual labels:  vulnerability, vulnerability-detection, vulnerability-scanners
browserrecon-php
Advanced Web Browser Fingerprinting
Stars: ✭ 29 (-99.7%)
Mutual labels:  vulnerability, vulnerability-detection, vulnerability-scanners
Rapidscan
🆕 The Multi-Tool Web Vulnerability Scanner.
Stars: ✭ 775 (-91.99%)
Mutual labels:  security-tools, vulnerability-scanners, vulnerability-detection
Checkov
Prevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew.
Stars: ✭ 3,572 (-63.07%)
Mutual labels:  hacktoberfest, infrastructure-as-code, devsecops
Secretscanner
Find secrets and passwords in container images and file systems
Stars: ✭ 895 (-90.75%)
Mutual labels:  security-tools, vulnerability-scanners, containers
Patrowlmanager
PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform
Stars: ✭ 363 (-96.25%)
Mutual labels:  security-tools, vulnerability-scanners, vulnerability-detection
Whour
Tool for information gathering, IPReverse, AdminFInder, DNS, WHOIS, SQLi Scanner with google.
Stars: ✭ 18 (-99.81%)
Mutual labels:  vulnerability, vulnerability-scanners, vulnerability-detection
scan-cli-plugin
Docker Scan is a Command Line Interface to run vulnerability detection on your Dockerfiles and Docker images
Stars: ✭ 135 (-98.6%)
Mutual labels:  vulnerability, vulnerability-detection, vulnerability-scanners
ggshield
Find and fix 360+ types of hardcoded secrets and 70+ types of infrastructure-as-code misconfigurations.
Stars: ✭ 1,272 (-86.85%)
Mutual labels:  iac, infrastructure-as-code, devsecops
SQL Injection Payload
SQL Injection Payload List
Stars: ✭ 62 (-99.36%)
Mutual labels:  vulnerability, vulnerability-detection, vulnerability-scanners
Securecodebox
secureCodeBox (SCB) - continuous secure delivery out of the box
Stars: ✭ 279 (-97.12%)
Mutual labels:  hacktoberfest, security-tools, devsecops
Vulscan
vulscan 扫描系统:最新的poc&exp漏洞扫描,redis未授权、敏感文件、java反序列化、tomcat命令执行及各种未授权扫描等...
Stars: ✭ 486 (-94.98%)
Mutual labels:  security-tools, vulnerability, vulnerability-scanners
Rebel Framework
Advanced and easy to use penetration testing framework 💣🔎
Stars: ✭ 183 (-98.11%)
Mutual labels:  security-tools, vulnerability-scanners, vulnerability-detection
Containerssh
ContainerSSH: Launch containers on demand
Stars: ✭ 195 (-97.98%)
Mutual labels:  security-tools, containers, devsecops
My Links
Knowledge seeks no man
Stars: ✭ 311 (-96.78%)
Mutual labels:  containers, infrastructure-as-code, devsecops
View All Similar Projects ➔

Documentation

Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues

GitHub Release Test Go Report Card License: Apache-2.0 GitHub All Releases Docker Pulls

Abstract

Trivy (tri pronounced like trigger, vy pronounced like envy) is a simple and comprehensive scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues. Trivy detects vulnerabilities of OS packages (Alpine, RHEL, CentOS, etc.) and language-specific packages (Bundler, Composer, npm, yarn, etc.). In addition, Trivy scans Infrastructure as Code (IaC) files such as Terraform, Dockerfile and Kubernetes, to detect potential configuration issues that expose your deployments to the risk of attack. Trivy is easy to use. Just install the binary and you're ready to scan.

Trivy Overview

Demo: Vulnerability Detection (Container Image)

Vulnerability Detection

Demo: Misconfiguration Detection (IaC Files)

Misconfiguration Detection

Quick Start

Scan Image for Vulnerabilities

Simply specify an image name (and a tag).

$ trivy image [YOUR_IMAGE_NAME]

For example:

$ trivy image python:3.4-alpine
Result 
2019-05-16T01:20:43.180+0900    INFO    Updating vulnerability database...
2019-05-16T01:20:53.029+0900    INFO    Detecting Alpine vulnerabilities...

python:3.4-alpine3.9 (alpine 3.9.2)
===================================
Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0)

+---------+------------------+----------+-------------------+---------------+--------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION |             TITLE              |
+---------+------------------+----------+-------------------+---------------+--------------------------------+
| openssl | CVE-2019-1543    | MEDIUM   | 1.1.1a-r1         | 1.1.1b-r1     | openssl: ChaCha20-Poly1305     |
|         |                  |          |                   |               | with long nonces               |
+---------+------------------+----------+-------------------+---------------+--------------------------------+

Scan Filesystem for Vulnerabilities and Misconfigurations

Simply specify a directory to scan.

$ trivy fs --security-checks vuln,config [YOUR_PROJECT_DIR]

For example:

$ trivy fs --security-checks vuln,config myproject/
Result 
2021-07-09T12:03:27.564+0300    INFO    Number of language-specific files: 1
2021-07-09T12:03:27.564+0300    INFO    Detecting pipenv vulnerabilities...
2021-07-09T12:03:27.566+0300    INFO    Detected config files: 1

Pipfile.lock (pipenv)
=====================
Total: 1 (HIGH: 1, CRITICAL: 0)

+----------+------------------+----------+-------------------+---------------+---------------------------------------+
| LIBRARY  | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION |                 TITLE                 |
+----------+------------------+----------+-------------------+---------------+---------------------------------------+
| httplib2 | CVE-2021-21240   | HIGH     | 0.12.1            | 0.19.0        | python-httplib2: Regular              |
|          |                  |          |                   |               | expression denial of                  |
|          |                  |          |                   |               | service via malicious header          |
|          |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-21240 |
+----------+------------------+----------+-------------------+---------------+---------------------------------------+

Dockerfile (dockerfile)
=======================
Tests: 23 (SUCCESSES: 22, FAILURES: 1, EXCEPTIONS: 0)
Failures: 1 (HIGH: 1, CRITICAL: 0)

+---------------------------+------------+----------------------+----------+------------------------------------------+
|           TYPE            | MISCONF ID |        CHECK         | SEVERITY |                 MESSAGE                  |
+---------------------------+------------+----------------------+----------+------------------------------------------+
| Dockerfile Security Check |   DS002    | Image user is 'root' |   HIGH   | Last USER command in                     |
|                           |            |                      |          | Dockerfile should not be 'root'          |
|                           |            |                      |          | -->avd.aquasec.com/appshield/ds002       |
+---------------------------+------------+----------------------+----------+------------------------------------------+

Scan Directory for Misconfigurations

Simply specify a directory containing IaC files such as Terraform and Dockerfile.

$ trivy config [YOUR_IAC_DIR]

For example:

$ ls build/
Dockerfile
$ trivy config ./build
Result 
2021-07-09T10:06:29.188+0300    INFO    Need to update the built-in policies
2021-07-09T10:06:29.188+0300    INFO    Downloading the built-in policies...
2021-07-09T10:06:30.520+0300    INFO    Detected config files: 1

Dockerfile (dockerfile)
=======================
Tests: 23 (SUCCESSES: 22, FAILURES: 1, EXCEPTIONS: 0)
Failures: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0)

+---------------------------+------------+----------------------+----------+------------------------------------------+
|           TYPE            | MISCONF ID |        CHECK         | SEVERITY |                 MESSAGE                  |
+---------------------------+------------+----------------------+----------+------------------------------------------+
| Dockerfile Security Check |   DS002    | Image user is 'root' |   HIGH   | Last USER command in                     |
|                           |            |                      |          | Dockerfile should not be 'root'          |
|                           |            |                      |          | -->avd.aquasec.com/appshield/ds002       |
+---------------------------+------------+----------------------+----------+------------------------------------------+

Features

  • Comprehensive vulnerability detection
    • OS packages (Alpine Linux, Red Hat Universal Base Image, Red Hat Enterprise Linux, CentOS, Oracle Linux, Debian, Ubuntu, Amazon Linux, openSUSE Leap, SUSE Enterprise Linux, Photon OS and Distroless)
    • Language-specific packages (Bundler, Composer, Pipenv, Poetry, npm, yarn, Cargo, NuGet, Maven, and Go)
  • Misconfiguration detection (IaC scanning)
    • A wide variety of built-in policies are provided out of the box
      • Kubernetes, Docker, Terraform, and more coming soon
    • Support custom policies
  • Simple
    • Specify only an image name, a path to config files, or an artifact name
  • Fast
    • The first scan will finish within 10 seconds (depending on your network). Consequent scans will finish in single seconds.
  • Easy installation
    • apt-get install, yum install and brew install are possible.
    • No pre-requisites such as installation of DB, libraries, etc.
  • High accuracy
    • Especially Alpine Linux and RHEL/CentOS
    • Other OSes are also high
  • DevSecOps
    • Suitable for CI such as GitHub Actions, Jenkins, GitLab CI, etc.
  • Support multiple targets
    • container image, local filesystem and remote git repository

Integrations

Documentation

The official documentation, which provides detailed installation, configuration, and quick start guides, is available at https://aquasecurity.github.io/trivy/.

Trivy is an Aqua Security open source project.
Learn about our open source work and portfolio here.
Contact us about any matter by opening a GitHub Discussion here

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].