How to run a Trivy scan on Windows?

Question

In the installation page for Trivy there is no mention of Windows.

I have Docker for Windows installed so the Docker method looks promising but there are a couple of things I'm not sure of:

What should I set the cache directory to?
Will I need to "mount docker.sock"? And if so, will I need to replace the /var/run and $HOME/Library/Caches directories in that command with something more "Windows-ey"?

The aim is to scan an image that I built using Docker for Windows.

score 4 · Accepted Answer · edited Sep 30 '21 at 20:37

4

Install Docker for Windows
Install Git Bash
Open a Git Bash Shell on Windows
Execute the command: docker pull aquasec/trivy:0.19.2
docker run --rm -v C:\Users\<your foldername>:/root/.cache/ aquasec/trivy:0.19.2 aquasec/trivy:0.19.2 python:3.4-alpine
The scan will start to run. It may take a few minutes to return any response.

edited Sep 30 '21 at 20:37

Steve Chambers

37,270
24
156
208

answered Sep 14 '21 at 18:34

DonaldM

64
2

the documentaiton mentions about having to mount docker.sock. How does that translate to running trivy in windows? https://aquasecurity.github.io/trivy/v0.22.0/getting-started/installation/ – Stealth Rabbi Jan 28 '22 at 13:43

score 3 · Answer 2 · answered Oct 25 '21 at 07:48

With Docker Deskttop for windows installed you can open a terminal (recomended powershell for the next command).

docker run --rm -v ${PWD}/tmp:/root/.cache/ -v //var/run/docker.sock:/var/run/docker.sock  aquasec/trivy <image>

You can use your actual path with this command. It´s better than use absolute paths. Also, you can mount the docker socket to trivy to scan your downloaded images.

score 2 · Answer 3 · edited Aug 18 '21 at 09:25

2

Basically I don't think this is achievable for this exact scenario. The closest way around is to run trivy in WSL, but that isn't technically running on Windows directly.

https://github.com/aquasecurity/trivy/issues/1103

edited Aug 18 '21 at 09:25

E_net4

27,810
13
101
139

answered Aug 18 '21 at 07:36

yut6CUZg

41
3

score 1 · Answer 4 · answered Sep 26 '22 at 10:54

1

Install Go (https://go.dev/doc/install)
Pull Trivy and go in the pulled directory

git clone --depth 1 --branch v0.32.0 https://github.com/aquasecurity/trivy
cd trivy

Install Trivy

go install .\cmd\trivy

answered Sep 26 '22 at 10:54

Scapal

31
3

No luck with this method: ```no required module provides package .cmdtrivy;``` – kdlannoy Oct 18 '22 at 07:13
@kdlannoy if you are running from a bash shell in Windows you'll need to escape the '\', so `go install .\\cmd\\trivy` – prunge Nov 22 '22 at 23:30

score 0 · Answer 5 · answered Sep 15 '22 at 13:27

0

First, I used the WSL to scan the windows containers. Last, I used the go compiler to build a trivy.exe.

Both of these 2 ways work well.

answered Sep 15 '22 at 13:27

Edwin An

14
3

score 0 · Answer 6 · answered Sep 02 '23 at 08:07

Able to run the scan by running the below command for manifest scanning:

docker run --rm -v C:/projects/abc:/test aquasec/trivy:latest --exit-code 0 --severity UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL --format template --template "@contrib/html.tpl" -o /test/manifest-scanning-report.html config /test/k8s_dir

This will generate a manifest-scanning-report.html under C:/projects folder.

score -1 · Answer 7 · answered Jul 14 '23 at 11:30

The above answer is bit outdated. Here is the correct one with slight modification.

Open a Git Bash Shell on Windows Execute the commands below:

docker pull aquasec/trivy:latest
docker run --rm -v [YourLocalDir]:/root/.cache/ aquasec/trivy:latest [COMMAND_TO_RUN] [YOUR_IMAGE_NAME]

E.g. If you want to run a scan on a docker image then run below command.

docker run --rm -v ./:/root/.cache/ aquasec/trivy:latest image ubuntu:22.04

You can scan filesystem,kubernetes and other things also by changing the COMMAND_TO_RUN. Reference Doc: https://aquasecurity.github.io/trivy/v0.22.0/getting-started/cli/

How to run a Trivy scan on Windows?

7 Answers7