Stack Overflow
Stack Overflow

Questions tagged [trivy]

Trivy is a scanner for vulnerabilities in container images, file systems, and Git repositories.

Useful Links:

50 questions
6
votes
1 answer

Scanning local docker image for vulnerability using Trivy gives unauthorized

I've pulled a docker image from a private repository to local and trying to scan the local image with trivy image command. It is pulling the database but showing Unauthorized error to access the local image scan error: unable to initialize a…
Manoj kumar
  • 227
  • 6
  • 19
6
votes
3 answers

gitlab job failed - image pull failed

I am trying to do docker scan by using Trivy and integrating it in GitLab the pipeline is passed. However the job is failed, not sure why the job is failed. the docker image is valid. updated new error after enabled shared…
user2201789
  • 1,083
  • 2
  • 20
  • 45
6
votes
7 answers

How to run a Trivy scan on Windows?

In the installation page for Trivy there is no mention of Windows. I have Docker for Windows installed so the Docker method looks promising but there are a couple of things I'm not sure of: What should I set the cache directory to? Will I need to…
Steve Chambers
  • 37,270
  • 24
  • 156
  • 208
4
votes
1 answer

http-cache-semantics trivy error CVE-2022-25881 unable to identify transitive dependency causing this

We have a node js application which is failing due to a trivy scan error due to CVE-2022-25881 from http-cache-semantics. We have gone through the package.json and couldn't find any dependency or transitive dependency which is referring to this…
Vishal Gada
  • 201
  • 3
  • 12
3
votes
1 answer

Is there any tool through which we can generate SBOM report ( SPDX / CycloneDX) for Windows programs?

Is there any tool through which we can generate SBOM report ( SPDX / CycloneDX) for Windows programs ? There are many tools available which can scan Linux OS packages and application packages ( e.g java , maven, .net) like Trivy,Syft,whitesource but…
Abdul Mohsin
  • 105
  • 7
3
votes
0 answers

Trivy Scan Always fails : failed to download vulnerability DB

I am trying to run a Trivy Scan from within CircleCI and always get the same problem. I keep disabling this, but clearly scanning the containers is useful. Suggestions on 'google' say that you need to use a GITHUB_TOKEN to stop rate limiting, but, I…
Lord Riley
  • 41
  • 1
  • 7
2
votes
1 answer

Scan docker images with Trivy from within a docker container

Problem I would like to do the following: Create an image with Trivy and Docker installed Run the container on Kubernetes Schedule a CRON job to pull all images from a container registry and to scan them, and output the results to…
Esben Eickhardt
  • 3,183
  • 2
  • 35
  • 56
1
vote
1 answer

How do I create sample security issues on Docker?

I'm trying to create an assignment for students to do that contains the following : A docker image with issues that have to be scanned and remedied. (using an opensource scanner in kubernetes) (Maybe) A sample attack scenario that can exploit those…
SirResnick2
  • 11
  • 2
1
vote
0 answers

should we scan yarn.lock files inside node_modules for CVEs?

AIM: we are trying to fix CVEs reported in an angular project (scanned using trivy scanner). Problem: None of the packages mentioned as vulnerable(as per trivy report) are direct dependent packages (not present in package.json) and is already used…
striker
  • 11
  • 3
1
vote
0 answers

Windows Defender flag some JSON output file from Trivy as Backdoor:PHP/Remoteshell.V

I'm working on a project where I parse some YAML configuration files in Java, then forge a command to send to a processbuilder which calls Trivy, performs the required scans and then print out two files, one in JSON and one in HTML. With most of the…
Ævangelist
  • 11
  • 2
1
vote
0 answers

Unable to scan a docker image with trivy?

Hi I have installed trivy on my machine . I am trying to scan python docker image using trivy . unfortunately i am behind the corporate network proxy. how can i bypass the proxy. I get the following error $trivy image python:3.4-alpine DB error:…
Starbucks Admin
  • 585
  • 1
  • 8
  • 21
1
vote
0 answers

Trivy error in GitLab CI when using their code

My GitLab CI/CD pipeline is comprised entirely of containers that run on the Docker executor on my Runner. As such, I presume I'm meant to use Trivy's second block of code here, where the Trivy image is fetched like all the other jobs in my pipeline…
Josh Edgar
  • 109
  • 9
0
votes
0 answers

Trivy outputs different results when scanning helm charts

Im having following problem. Im using trivy cli to analyze my helm chart. I can do that using 3 snippets: helm template helm --output-dir output trivy config --format json output -- Number of found issues - 55, lenght of output - 1719 trivy config…
Jakub Zilinek
  • 219
  • 1
  • 2
  • 7
0
votes
0 answers

Trivy scan for shaded dependencies

I have a Java application where I need to run a Trivy vulnerability scan. This application has dependencies which has shaded dependencies. How can we make Trivy scan for the shaded dependencies?
LeoN
  • 1,590
  • 1
  • 11
  • 19
0
votes
0 answers

Fixed in Version not shown in harbor for trivy scan results of CVE

I am using trivy to scan docker images in #harbor . For some CVE it shows Current Version and Fixed in Version and some it doesn't shows. So I would like to know what may be the reason? Does that means it's not able to detect in which specific…
Ashish Karpe
  • 5,087
  • 7
  • 41
  • 66
1
2 3 4