Skip to content

Commit

Permalink
docs: restructure the documentation (#1887)
Browse files Browse the repository at this point in the history 
Co-authored-by: knqyf263 <knqyf263@gmail.com>
  • Loading branch information
@AnaisUrlichs @knqyf263
AnaisUrlichs and knqyf263 committed Apr 4, 2022
1 parent 8da4548 commit 4ca35b2
Show file tree
Hide file tree
Showing 80 changed files with 463 additions and 199 deletions.
19 changes: 0 additions & 19 deletions docs/advanced/community/references.md
View file

This file was deleted.

2 changes: 0 additions & 2 deletions docs/advanced/index.md
View file

This file was deleted.

21 changes: 21 additions & 0 deletions docs/community/cks.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
# CKS preparation resources

Community Resources

- [Trivy Video overview (short)][overview]
- [Example questions from the exam][exam]
- [More example questions][questions]

Aqua Security Blog posts

- Supply chain security best [practices][supply-chain-best-practices]
- Supply chain [attacks][supply-chain-attacks]
-
If you know of interesting resources, please start a PR to add those to the list.

[overview]: https://youtu.be/2cjH6Zkieys
[exam]: https://jonathan18186.medium.com/certified-kubernetes-security-specialist-cks-preparation-part-7-supply-chain-security-9cf62c34cf6a
[questions]: https://github.com/kodekloudhub/certified-kubernetes-security-specialist-cks-course/blob/main/docs/06-Supply-Chain-Security/09-Scan-images-for-known-vulnerabilities-(Trivy).md

[supply-chain-best-practices]: https://blog.aquasec.com/supply-chain-security-best-practices
[supply-chain-attacks]: https://blog.aquasec.com/supply-chain-threats-using-container-images
0 docs/advanced/contrib/help-wanted.md → docs/community/contrib/help-wanted.md
View file
File renamed without changes.
5 changes: 4 additions & 1 deletion docs/advanced/contrib/triage.md → docs/community/contrib/triage.md
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,10 @@
# Triage

Triage is an important part of maintaining the health of the trivy repo.
A well organized repo allows maintainers to prioritize feature requests, fix bugs, and respond to users facing difficulty with the tool as quickly as possible.

Triage includes:

- Labeling issues
- Responding to issues
- Closing issues
Expand Down Expand Up @@ -185,7 +188,7 @@ We use two labels [help wanted](https://github.com/aquasecurity/trivy/issues?q=i
and [good first issue](https://github.com/aquasecurity/trivy/issues?q=is%3Aopen+is%3Aissue+label%3A%22good+first+issue%22)
to identify issues that have been specially groomed for new contributors.

We have specific [guidelines](/docs/advanced/contribd/contrib/help-wanted.md)
We have specific [guidelines](/docs/docs/advanced/contribd/contrib/help-wanted.md)
for how to use these labels. If you see an issue that satisfies these
guidelines, you can add the `help wanted` label and the `good first issue` label.
Please note that adding the `good first issue` label must also
Expand Down
0 docs/getting-started/credit.md → docs/community/credit.md
View file
File renamed without changes.
48 changes: 48 additions & 0 deletions docs/community/references.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
# Additional References
There are external blogs and evaluations.

## Blogs
- [Trivy Vulnerability Scanner Joins the Aqua Open-source Family][join]
- [Trivy Image Vulnerability Scanner Now Under Apache 2.0 License][license]
- [DevSecOps with Trivy and GitHub Actions][actions]
- [Find Image Vulnerabilities Using GitHub and Aqua Security Trivy Action][actions2]
- [Using Trivy to Discover Vulnerabilities in VS Code Projects][vscode]
- [the vulnerability remediation lifecycle of Alpine containers][alpine]
- [Continuous Container Vulnerability Testing with Trivy][semaphore]
- [Open Source CVE Scanner Round-Up: Clair vs Anchore vs Trivy][round-up]
- [Docker Image Security: Static Analysis Tool Comparison – Anchore Engine vs Clair vs Trivy][tool-comparison]

## Links
- [Research Spike: evaluate Trivy for scanning running containers][gitlab]
- [Istio evaluates scanners][istio]

## Presentations
- Aqua Security YouTube Channel
- [Trivy - container image scanning][intro]
- [Using Trivy in client server mode][server]
- [Tweaking Trivy output to fit your workflow][tweaking]
- [How does a vulnerability scanner identify packages?][identify]
- CNCF Webinar 2020
- [Trivy Open Source Scanner for Container Images – Just Download and Run!][cncf]
- KubeCon + CloudNativeCon Europe 2020 Virtual
- [Handling Container Vulnerabilities with Open Policy Agent - Teppei Fukuda, Aqua Security][kubecon]

[alpine]: https://ariadne.space/2021/06/08/the-vulnerability-remediation-lifecycle-of-alpine-containers/
[semaphore]: https://semaphoreci.com/blog/continuous-container-vulnerability-testing-with-trivy
[round-up]: https://boxboat.com/2020/04/24/image-scanning-tech-compared/
[tool-comparison]: https://www.a10o.net/devsecops/docker-image-security-static-analysis-tool-comparison-anchore-engine-vs-clair-vs-trivy/
[gitlab]: https://gitlab.com/gitlab-org/gitlab/-/issues/270888
[istio]: https://github.com/istio/release-builder/pull/687#issuecomment-874938417

[intro]: https://www.youtube.com/watch?v=AzOBGm7XxOA
[cncf]: https://www.youtube.com/watch?v=XnYxX9uueoQ
[server]: https://www.youtube.com/watch?v=tNQ-VlahtYM
[kubecon]: https://www.youtube.com/watch?v=WKE2XNZ2zr4
[identify]: https://www.youtube.com/watch?v=PaMnzeHBa8M
[tweaking]: https://www.youtube.com/watch?v=wFIGUjcRLnU

[join]: https://blog.aquasec.com/trivy-vulnerability-scanner-joins-aqua-family
[license]: https://blog.aquasec.com/trivy-open-source-vulnerability-scanner-apache2.0-license
[actions]: https://blog.aquasec.com/devsecops-with-trivy-github-actions
[actions2]: https://blog.aquasec.com/github-vulnerability-scanner-trivy
[vscode]: https://blog.aquasec.com/trivy-open-source-vulnerability-scanner-vs-code
0 docs/advanced/community/tools.md → docs/community/tools.md
View file
File renamed without changes.
2 changes: 1 addition & 1 deletion docs/advanced/air-gap.md → docs/docs/advanced/air-gap.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -109,5 +109,5 @@ In an air-gapped environment, specify `--skip-policy-update` so that Trivy doesn
$ trivy conf --skip-policy-update /path/to/conf
```

[allowlist]: ../getting-started/troubleshooting.md
[allowlist]: ../references/troubleshooting.md
[oras]: https://oras.land/cli/
0 ...advanced/container/embed-in-dockerfile.md → ...advanced/container/embed-in-dockerfile.md
View file
File renamed without changes.
0 docs/advanced/container/oci.md → docs/docs/advanced/container/oci.md
View file
File renamed without changes.
0 docs/advanced/container/podman.md → docs/docs/advanced/container/podman.md
View file
File renamed without changes.
0 ...advanced/container/unpacked-filesystem.md → ...advanced/container/unpacked-filesystem.md
View file
File renamed without changes.
0 docs/advanced/plugins.md → docs/docs/advanced/plugins.md
View file
File renamed without changes.
0 docs/advanced/private-registries/acr.md → docs/docs/advanced/private-registries/acr.md
View file
File renamed without changes.
0 ...advanced/private-registries/docker-hub.md → ...advanced/private-registries/docker-hub.md
View file
File renamed without changes.
0 docs/advanced/private-registries/ecr.md → docs/docs/advanced/private-registries/ecr.md
View file
File renamed without changes.
0 docs/advanced/private-registries/gcr.md → docs/docs/advanced/private-registries/gcr.md
View file
File renamed without changes.
0 docs/advanced/private-registries/index.md → ...docs/advanced/private-registries/index.md
View file
File renamed without changes.
0 docs/advanced/private-registries/self.md → .../docs/advanced/private-registries/self.md
View file
File renamed without changes.
85 changes: 85 additions & 0 deletions docs/docs/index.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,85 @@
# Docs

Trivy detects two types of security issues:

- [Vulnerabilities][vuln]
- [Misconfigurations][misconf]

Trivy can scan three different artifacts:

- [Container Images][container]
- [Filesystem][filesystem] and [Rootfs][rootfs]
- [Git Repositories][repo]

Trivy can be run in two different modes:

- [Standalone][standalone]
- [Client/Server][client-server]

It is designed to be used in CI. Before pushing to a container registry or deploying your application, you can scan your local container image and other artifacts easily.
See [Integrations][integrations] for details.

## Features

- Comprehensive vulnerability detection
- [OS packages][os] (Alpine, Red Hat Universal Base Image, Red Hat Enterprise Linux, CentOS, AlmaLinux, Rocky Linux, CBL-Mariner, Oracle Linux, Debian, Ubuntu, Amazon Linux, openSUSE Leap, SUSE Enterprise Linux, Photon OS and Distroless)
- [**Language-specific packages**][lang] (Bundler, Composer, Pipenv, Poetry, npm, yarn, Cargo, NuGet, Maven, and Go)
- Detect IaC misconfigurations
- A wide variety of [built-in policies][builtin] are provided **out of the box**:
- Kubernetes
- Docker
- Terraform
- more coming soon
- Support custom policies
- Simple
- Specify only an image name, a directory containing IaC configs, or an artifact name
- See [Quick Start][quickstart]
- Fast
- The first scan will finish within 10 seconds (depending on your network). Consequent scans will finish in single seconds.
- Unlike other scanners that take long to fetch vulnerability information (~10 minutes) on the first run, and encourage you to maintain a durable vulnerability database, Trivy is stateless and requires no maintenance or preparation.
- Easy installation
- `apt-get install`, `yum install` and `brew install` is possible (See [Installation][installation])
- **No pre-requisites** such as installation of DB, libraries, etc.
- High accuracy
- **Especially Alpine Linux and RHEL/CentOS**
- Other OSes are also high
- DevSecOps
- **Suitable for CI** such as Travis CI, CircleCI, Jenkins, GitLab CI, etc.
- See [CI Example][integrations]
- Support multiple formats
- container image
- A local image in Docker Engine which is running as a daemon
- A local image in [Podman][podman] (>=2.0) which is exposing a socket
- A remote image in Docker Registry such as Docker Hub, ECR, GCR and ACR
- A tar archive stored in the `docker save` / `podman save` formatted file
- An image directory compliant with [OCI Image Format][oci]
- local filesystem and rootfs
- remote git repository
- [SBOM][sbom] (Software Bill of Materials) support
- CycloneDX

Please see [LICENSE][license] for Trivy licensing information.

[installation]: ../getting-started/installation.md
[vuln]: ../docs/vulnerability/scanning/index.md
[misconf]: ../docs/misconfiguration/index.md
[container]: ../docs/vulnerability/scanning/image.md
[rootfs]: ../docs/vulnerability/scanning/rootfs.md
[filesystem]: ../docs/vulnerability/scanning/filesystem.md
[repo]: ../docs/vulnerability/scanning/git-repository.md

[standalone]: ../docs/references/modes/standalone.md
[client-server]: ../docs/references/modes/client-server.md
[integrations]: ../docs/integrations/index.md

[os]: ../docs/vulnerability/detection/os.md
[lang]: ../docs/vulnerability/detection/language.md

[builtin]: ../docs/misconfiguration/policy/builtin.md
[quickstart]: ../getting-started/quickstart.md
[podman]: ../docs/advanced/container/podman.md

[sbom]: ../docs/sbom/index.md

[oci]: https://github.com/opencontainers/image-spec
[license]: https://github.com/aquasecurity/trivy/blob/main/LICENSE
0 ...advanced/integrations/aws-codepipeline.md → docs/docs/integrations/aws-codepipeline.md
View file
File renamed without changes.
0 ...advanced/integrations/aws-security-hub.md → docs/docs/integrations/aws-security-hub.md
View file
File renamed without changes.
0 docs/advanced/integrations/bitbucket.md → docs/docs/integrations/bitbucket.md
View file
File renamed without changes.
0 docs/advanced/integrations/circleci.md → docs/docs/integrations/circleci.md
View file
File renamed without changes.
0 docs/advanced/integrations/github-actions.md → docs/docs/integrations/github-actions.md
View file
File renamed without changes.
4 changes: 1 addition & 3 deletions docs/advanced/integrations/gitlab-ci.md → docs/docs/integrations/gitlab-ci.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -171,6 +171,4 @@ command can be used, `jq -s 'add' prev-codeclimate.json trivy-codeclimate.json >

You'll be able to see a full report in the Gitlab pipeline code quality UI, where filesystem vulnerabilities and misconfigurations include links to the flagged files and image vulnerabilities report the image/os or runtime/library that the vulnerability originates from instead.

<p align="left">
<img src="../../../imgs/gitlab-codequality.png" width="900">
</p>
![codequality](../../imgs/gitlab-codequality.png)
0 docs/advanced/integrations/index.md → docs/docs/integrations/index.md
View file
File renamed without changes.
0 docs/advanced/integrations/travis-ci.md → docs/docs/integrations/travis-ci.md
View file
File renamed without changes.
0 docs/misconfiguration/comparison/cfsec.md → ...docs/misconfiguration/comparison/cfsec.md
View file
File renamed without changes.
0 docs/misconfiguration/comparison/conftest.md → ...s/misconfiguration/comparison/conftest.md
View file
File renamed without changes.
0 docs/misconfiguration/comparison/tfsec.md → ...docs/misconfiguration/comparison/tfsec.md
View file
File renamed without changes.
0 docs/misconfiguration/custom/combine.md → docs/docs/misconfiguration/custom/combine.md
View file
File renamed without changes.
0 docs/misconfiguration/custom/data.md → docs/docs/misconfiguration/custom/data.md
View file
File renamed without changes.
0 docs/misconfiguration/custom/debug.md → docs/docs/misconfiguration/custom/debug.md
View file
File renamed without changes.
0 docs/misconfiguration/custom/examples.md → .../docs/misconfiguration/custom/examples.md
View file
File renamed without changes.
0 docs/misconfiguration/custom/index.md → docs/docs/misconfiguration/custom/index.md
View file
File renamed without changes.
0 docs/misconfiguration/custom/testing.md → docs/docs/misconfiguration/custom/testing.md
View file
File renamed without changes.
0 docs/misconfiguration/filesystem.md → docs/docs/misconfiguration/filesystem.md
View file
File renamed without changes.
0 docs/misconfiguration/iac.md → docs/docs/misconfiguration/iac.md
View file
File renamed without changes.
2 changes: 1 addition & 1 deletion docs/misconfiguration/index.md → docs/docs/misconfiguration/index.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
Trivy provides built-in policies to detect configuration issues in Docker, Kubernetes and Terraform.
Also, you can write your own policies in [Rego][rego] to scan JSON, YAML, HCL, etc, like [Conftest][conftest].

![misconf](../imgs/misconf.png)
![misconf](../../imgs/misconf.png)

[rego]: https://www.openpolicyagent.org/docs/latest/policy-language/
[conftest]: https://github.com/open-policy-agent/conftest/
0 docs/misconfiguration/options/filter.md → docs/docs/misconfiguration/options/filter.md
View file
File renamed without changes.
0 docs/misconfiguration/options/others.md → docs/docs/misconfiguration/options/others.md
View file
File renamed without changes.
0 docs/misconfiguration/options/policy.md → docs/docs/misconfiguration/options/policy.md
View file
File renamed without changes.
0 docs/misconfiguration/options/report.md → docs/docs/misconfiguration/options/report.md
View file
File renamed without changes.
0 docs/misconfiguration/policy/builtin.md → docs/docs/misconfiguration/policy/builtin.md
View file
File renamed without changes.
0 docs/misconfiguration/policy/exceptions.md → ...ocs/misconfiguration/policy/exceptions.md
View file
File renamed without changes.
0 docs/getting-started/cli/client.md → docs/docs/references/cli/client.md
View file
File renamed without changes.
0 docs/getting-started/cli/config.md → docs/docs/references/cli/config.md
View file
File renamed without changes.
0 docs/getting-started/cli/fs.md → docs/docs/references/cli/fs.md
View file
File renamed without changes.
0 docs/getting-started/cli/image.md → docs/docs/references/cli/image.md
View file
File renamed without changes.
0 docs/getting-started/cli/index.md → docs/docs/references/cli/index.md
View file
File renamed without changes.

0 comments on commit 4ca35b2

Please sign in to comment.