Highest Voted 'trivy' Questions

0

votes

1 answer

Azure Devops Pipeline + Trivy

We have installed the Trivy extension from the marketplace and traying to scan cloned repositories to be visualized on its Dashboard here it is our .yaml trigger: - main jobs: - job: Scan_Repository steps: - checkout: self …

asked Jul 12 '23 at 22:04

Diego Laurora

79
1
10

0

votes

0 answers

Trivy unable to take into account the semver version override in package.json

Trivy scanner is unable to take the updated version(7.5.2) and still throws error in the build(showing installed version as 7.5.1). (alpine 3.17.4) Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) Node.js (node-pkg) Total: 1 (UNKNOWN:…

vue.js package.json semantic-versioning package-lock.json trivy

asked Jul 06 '23 at 09:17

Arjun M

1

0

votes

1 answer

how to download trivy output within a pipeline

I have got a step within an Azure DevOps pipeline which scans a container using trivy. The Azure powershell task as as follows. trivy -v $folder = Get-Location $filename = "report-$(Build.BuildId)-$(Build.DefinitionName).json" trivy image -f json -o…

azure-devops azure-pipelines trivy

asked Jun 09 '23 at 17:54

learner

545
2
9
23

0

votes

0 answers

implementation 'org.yaml:snakeyaml:2.0' doesn't work even with springboot 3.1.0

I have upgraded from Springboot 2.7.12 to 3.1.0 in order to upgrade Snakeyaml dependency to 2.0 version, which isn't vulnerable. That required gradle and java version upgrade. However, now I'm getting the below error, thre 2.0 snakeyaml isn't…

java spring-boot snakeyaml trivy

asked Jun 09 '23 at 13:45

Eljah

4,188
4
41
85

0

votes

1 answer

How we can do mvn install:install-file for in gradle for 3rd party transient dependencies?

We have Bouncycastle dependencies, coming from one dependency and another one. Sothey are something like that: implementation 'org.bouncycastle:bcprov-jdk14:1.61' <- explicitly added 'bouncycastle:bcprov-jdk14:138' <- taken from another…

java gradle jar bouncycastle trivy

asked Jun 08 '23 at 09:09

Eljah

4,188
4
41
85

0

votes

1 answer

Harbor registry proxy cache vs replication

I'm new to Harbor registry. I was asked to propose an architecture for harbor in my company. I proposed at first to use an architecture based on proxy cache. But the CISO refused to use proxy cache for the entreprise without saying why. I proposed…

devops system-administration harbor sre trivy

asked Jun 01 '23 at 04:32

mastertopg

3
1

0

votes

3 answers

Generate a html report from Trivy

I'm trying to generate a HTML report from Trivy. On the example page, they provide trivy image --format template --template "@contrib/html.tpl" -o report.html golang:1.12-alpine. When I run this, I get the following error, FATAL report error:…

trivy

asked May 10 '23 at 14:32

J'e

3,014
4
31
55

0

votes

0 answers

Why trivy scanner found vulnerabilities for dependencies that do not exist in my project?

I use the trivy GitHub action (aquasecurity/trivy-action@master) to scan my nestjs project, but keep getting the below vulnerabilities even though I have not used those packages directly and indirectly (no trace of them in my yarn.lock). why would…

node.js security github-actions trivy npm-vulnerabilities

asked Mar 20 '23 at 06:13

Peter_101

303
4
13

0

votes

0 answers

Argoflow: run trivy docker image inside argoflow

apiVersion: argoproj.io/v1alpha1 kind: Workflow # new type of k8s spec metadata: generateName: trivy-scan # name of the workflow spec spec: entrypoint: trivy-scan # invoke the whalesay template templates: -…

docker argo-workflows trivy

asked Mar 16 '23 at 15:16

Sukhda Jamidar

11
3

0

votes

0 answers

Docker manifest missing layer size

We are using Sonatype Nexus as registry to host our docker images. The manifests of all our recently built/pushed images have some layers with missing size attributes (see example). We checked the referred files in the blob-storage, they are all…

docker nexus sonatype nexus3 trivy

asked Mar 15 '23 at 07:23

Sascha b

1
1

0

votes

0 answers

Trivy filtering vulnerabilites

I am using trivy github actions. How do I set the exit code to 0 in trivy github actions if there are no CRITICAL vulnerabilities and HIGH less than 5?

docker image trivy

asked Mar 08 '23 at 08:08

Ajinkya16

227
2
11

0

votes

0 answers

Error fetching Kubernetes resources quantities must match the regular expression '^([+-]?[0-9.]+)([eEinumkKMGTP][-+]?[0-9])$

I have this deployement.yaml file : kind: "Template" apiVersion: "v1" metadata: name: "deploymentConfig-gui-template-${Platform}" annotations: description: "Template for gui deploymentConfig on ${Platform}" objects: - kind:…

kubernetes python-re sonarlint-intellij trivy customising

asked Mar 02 '23 at 09:40

Devpy

1
4

0

votes

0 answers

Container_scanning FATAL scan error / unable to initialize a scanner

gitlab container_scanning fails with thoses 4 errors on docker deamon, initialize Podman client, containerd deamon and repository authentication. Thais is the log: .... trivy image --vuln-type os --no-progress --offline-scan --skip-update…

docker gitlab scanning trivy

asked Feb 22 '23 at 18:17

xfusion

3
2

0

votes

1 answer

How to use the --security-checks flag in trivy?

I am getting this error when using this flag --security-checks: $ trivy --quiet image --security-checks .secrets $TRIVY_ARGS $TRIVY_SCAN_IMAGE 2023-02-03T17:49:34.457Z FATAL flag error: scan flag error: unable to parse security checks: unknown…

gitlab continuous-integration containers trivy

asked Feb 03 '23 at 17:52

G20map

77
1
2
9

0

votes

1 answer

how to install a specific version of a debian package

I am using Trivy for container scanning. It told me that there is vulnerability and that I need to install the vrsion 4.16.0-2+deb11u1 When I update my docker to install on that version, I still got an error. Dockerfile ... RUN apt-get update #…

docker debian trivy

asked Jan 31 '23 at 00:22

G20map

77
1
2
9

Questions tagged [trivy]