2021-11-03
Trivy (tri pronounced like trigger, vy pronounced like envy) is a simple and comprehensive scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues. Trivy detects vulnerabilities of OS packages (Alpine, RHEL, CentOS, etc.) and language-specific packages (Bundler, Composer, npm, yarn, etc.). In addition, Trivy scans Infrastructure as Code (IaC) files such as Terraform, Dockerfile and Kubernetes, to detect potential configuration issues that expose your deployments to the risk of attack. Trivy is easy to use. Just install the binary and you're ready to scan.
Trivy is the default Vulnerability Scanner in Harbor. Today, let me show you how to use Trivy to scan your image in Harbor.
start the scan by click the SCAN button
The scan will normally take a few minutes. Once completed, you will see similar as below:
When you mouse over the red C icon, you can see a summary of scan report as below:
Suppose you would like to check the details. In that case, you can click the artifacts hyperlink. You will be redirected to the following page, which shows all the identified vulnerability and relevant information, e.g. CVE severity, scores and fixed version if we have one.
