GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → dbsystel → trivy-vulnerability-explorer

dbsystel / trivy-vulnerability-explorer

Licence: Apache-2.0 license
Web application that allows to load a Trivy report in json format and displays the vulnerabilities of a single target in an interactive data table.

Programming Languages

Vue
7211 projects
typescript
32286 projects
HTML
75241 projects
javascript
184084 projects - #8 most used programming language
Dockerfile
14818 projects
shell
77523 projects

Labels

scanreportvulnerabilityhacktoberfesttrivy

Projects that are alternatives of or similar to trivy-vulnerability-explorer

Blackwidow
A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
Stars: ✭ 887 (+1307.94%)
Mutual labels:  scan, vulnerability
WPWatcher
Wordpress Watcher is a wrapper for WPScan that manages scans on multiple sites and reports by email and/or syslog. Schedule scans and get notified when vulnerabilities, outdated plugins and other risks are found.
Stars: ✭ 34 (-46.03%)
Mutual labels:  scan, report
dheater
D(HE)ater is a proof of concept implementation of the D(HE)at attack (CVE-2002-20001) through which denial-of-service can be performed by enforcing the Diffie-Hellman key exchange.
Stars: ✭ 142 (+125.4%)
Mutual labels:  vulnerability
gradejs
GradeJS analyzes production Webpack bundles without having access to the source code of a website. Instantly see vulnerabilities, outdated packages, and more just by entering a web application URL.
Stars: ✭ 362 (+474.6%)
Mutual labels:  vulnerability
npm-audit-action
GitHub Action to run `npm audit`
Stars: ✭ 30 (-52.38%)
Mutual labels:  vulnerability
aemscan
Adobe Experience Manager Vulnerability Scanner
Stars: ✭ 161 (+155.56%)
Mutual labels:  vulnerability
Medi-Consult
Diseases Checker Application 🚑 | Android Application
Stars: ✭ 38 (-39.68%)
Mutual labels:  report
cve-2016-1764
Extraction of iMessage Data via XSS
Stars: ✭ 52 (-17.46%)
Mutual labels:  vulnerability
tugarecon
Pentest: Subdomains enumeration tool for penetration testers.
Stars: ✭ 142 (+125.4%)
Mutual labels:  scan
vrt-ruby
Ruby library for interacting with Bugcrowd's VRT
Stars: ✭ 15 (-76.19%)
Mutual labels:  vulnerability
cryptonice
CryptoNice is both a command line tool and library which provides the ability to scan and report on the configuration of SSL/TLS for your internet or internal facing web services. Built using the sslyze API and ssl, http-client and dns libraries, cryptonice collects data on a given domain and performs a series of tests to check TLS configuration…
Stars: ✭ 91 (+44.44%)
Mutual labels:  report
jtl-reporter
JtlReporter is an online application that allows users to generate beautiful, customizable and easy to understand performance reports from JMeter(Taurus), Locust, and other tools.
Stars: ✭ 85 (+34.92%)
Mutual labels:  report
license-ls
Get a list of licenses used by a projects dependencies
Stars: ✭ 17 (-73.02%)
Mutual labels:  report
rsGen
rsGen is a Reverse Shell Payload Generator for hacking.
Stars: ✭ 71 (+12.7%)
Mutual labels:  vulnerability
arm-hard-fault-handler
What to do when Hard fault hits? Debugger and error reporter solution for ARM Cortex M3 and M4.
Stars: ✭ 32 (-49.21%)
Mutual labels:  report
AsBuiltReport.Core
Repository for AsBuiltReport core module
Stars: ✭ 38 (-39.68%)
Mutual labels:  report
astam-correlator
Vulnerability consolidation and management tool, enhances scan results by merging different findings of the same weakness across multiple static/dynamic scans
Stars: ✭ 22 (-65.08%)
Mutual labels:  vulnerability
sx
🖖 Fast, modern, easy-to-use network scanner
Stars: ✭ 1,267 (+1911.11%)
Mutual labels:  scan
Vulnogram
Vulnogram is a tool for creating and editing CVE information in CVE JSON format
Stars: ✭ 103 (+63.49%)
Mutual labels:  vulnerability
dnstake
DNSTake — A fast tool to check missing hosted DNS zones that can lead to subdomain takeover
Stars: ✭ 723 (+1047.62%)
Mutual labels:  vulnerability
View All Similar Projects ➔

Trivy Vulnerability Explorer

Large Trivy reports tend to become hard to grasp, that is why this project was created. It is a web application that allows to load a Trivy report in json format and displays the vulnerabilities of a single target in an interactive data table.

Overview of the application
Figure 1. Screenshot of the application

Usage

Head over to the application and load a Trivy report .json file. For example, to scan an outdated alpine image, you can run the following command to create an alpine-3.9.2.json report.

trivy i -f json -o alpine-3.9.2.json alpine:3.9.2

Now load this file in the vulnerability explorer and start exploring. You can filter by term or click one of the categories in the filter bar to dig into the data. You can also use the example file in the repo.

The data never leaves your browser, because all processing is handled inside your browser. Of course, you can feel free to fork this project and deploy your own version. If you do so, I would be happy if you leave me a comment and a star on the repository.

Integration with GitLab Job

If you are using a GitLab Job to generate the Trivy report, you can supply a direct URL to the json file. The app will fetch the report and display the results without the hassle to first download the file. You might need to provide a token for authentication, you can do that by clicking the shield symbol next to the URL field. Make sure to create a personal access token with the scope read_api. The token will be persisted in the local storage, so that you can reuse it the next time you want to load a report from the same GitLab instance.

You can pass a query parameter url to the app, and it will load a file from this url on startup. It is a good idea to print the URL of the vulnerability explorer at the end of the job log, so that the user can jump directly to the vulnerability report. If the name of the report is trivy-results.json, the url schema would look like this:

https://dbsystel.github.io/trivy-vulnerability-explorer/#/?url=https://$CI_SERVER_URL/api/v4/projects/$CI_PROJECT_ID/jobs/$CI_JOB_ID/artifacts/trivy-results.json
Caution
 There was a recent change in the implementation of the Routing, make sure to include the # within the URL, otherwise this feature will not work.
Note
 While the feature was built having GitLab in mind, it should work for every artifact storage, where the json can be downloaded with a GET HTTP request that needs at most a single HTTP header for authentication.

Contribute

Development

Setup
npm install
Compiles and hot-reloads for development
npm run serve
Run via Docker
$ docker build -t <image_name> .

ex. docker build -t trivy-explorer .

$ docker run -p <local-port>:8080 --name <container-name> <image-name>

ex. docker run -p 5000:8080 --name sec-scan trivy-explorer

License

This project is licensed under Apache-2.0

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].