Followers

Docker - Scan Docker images using Trivy

 To install Trivy (a vulnerability scanner for container images) on a Docker machine, follow these steps: Step 1: Install Trivy on your Dock...

 To install Trivy (a vulnerability scanner for container images) on a Docker machine, follow these steps:

Step 1: Install Trivy on your Docker machine

Trivy is typically installed on the host machine running Docker. You can install it using one of the following methods:

Method 1: Install via curl (recommended)

  1. Download the latest release of Trivy:


    curl -sSfL https://github.com/aquasecurity/trivy/releases/download/v0.39.0/trivy_0.39.0_Linux-64bit.tar.gz -o trivy.tar.gz

    (Make sure to check for the latest version on Trivy GitHub releases).

  2. Extract the downloaded tarball:


    tar zxvf trivy.tar.gz
  3. Move the trivy binary to /usr/local/bin or a directory in your PATH:


    sudo mv trivy /usr/local/bin/

Method 2: Install via apt (for Debian/Ubuntu)

  1. Add the Trivy repository to your system:


    sudo apt-get install -y apt-transport-https curl -fsSL https://dl.cloudsmith.io/public/aquasecurity/trivy/setup.deb.sh | sudo bash
  2. Install Trivy:

    sudo apt-get install trivy

Method 3: Install via brew (if using Linuxbrew)

  1. If you're using Linuxbrew, run:


    brew install aquasecurity/trivy/trivy

Step 2: Scan Docker images with Trivy

  1. Once Trivy is installed, you can start scanning Docker images for vulnerabilities. Run the following command to scan a local Docker image:


    trivy image <image_name>

    For example, to scan the nginx Docker image:

    trivy image nginx
  2. If you're scanning a remote image, Trivy will first pull the image before scanning it. For example:


    trivy image docker.io/library/nginx

Optional: Using Trivy with Docker

To integrate Trivy into your Docker workflow, you can run it as a Docker container:


docker run --rm -v /var/run/docker.sock:/var/run/docker.sock aquasec/trivy image <image_name>

This command runs Trivy as a container and scans your Docker images for vulnerabilities.

Step 3: View and interpret the results

Trivy will output a list of vulnerabilities with details like the severity, description, and any available remediation (e.g., a package update). You can use this information to prioritize patching or upgrading vulnerable components in your container images.

That's it! You've successfully installed Trivy on your Docker machine and can now scan images for vulnerabilities.

COMMENTS

Name

Ansible,6,AWS,1,Azure DevOps,1,Containerization with docker,2,DevOps,2,Docker file with buildkit,1,Docker file with buildx,1,Docker Image Scan,1,Docker Quiz,1,Docker Swarm,1,DockerCompose,1,ELK,2,git,2,git quiz,1,Git Worksheet,1,headless service DNS service record,1,ITIL,1,ITSM,1,Jira,3,Kubernetes,1,Kubernetes Quiz,5,SAST DAST Security Testing,1,SDLC Quiz,5,SonarQube,3,Splunk,2,vagrant kubernetes,1,Windows,1,YAML Basics,1,
ltr
item
DevOpsWorld: Docker - Scan Docker images using Trivy
Docker - Scan Docker images using Trivy
DevOpsWorld
https://www.devopsworld.co.in/2025/01/docker-scan-docker-images-using-trivy.html
https://www.devopsworld.co.in/
https://www.devopsworld.co.in/
https://www.devopsworld.co.in/2025/01/docker-scan-docker-images-using-trivy.html
true
5997357714110665304
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share to a social network STEP 2: Click the link on your social network Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy Table of Content