Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Docker image #11

Closed
kolaente opened this issue May 16, 2019 · 10 comments
Closed

Docker image #11

kolaente opened this issue May 16, 2019 · 10 comments

Comments

@kolaente
Copy link

Hey there, great project!

Maybe I've overlooked it, but do you think it would be possible to provide trivy in a docker image to be able to run it in eg. [Drone}(https://drone.io/)? Or is that difficult because of the way trivy analyzes docker images?
@030
Copy link

030 commented May 17, 2019
edited
Loading 

user@host:~$ docker run -it -v /var/run/docker.sock:/var/run/docker.sock knqyf263/trivy:0.0.13 utrecht/bcbsn:2.0.0
docker: Error response from daemon: OCI runtime create failed: container_linux.go:345: starting container process caused "exec: \"utrecht/bcbsn:2.0.0\": stat utrecht/bcbsn:2.0.0: no such file or directory": unknown.

The image exists on the hosts.

@masahiro331 masahiro331 mentioned this issue May 19, 2019
Merged
@masahiro331
Copy link
Contributor

masahiro331 commented May 19, 2019
edited
Loading

@030

Change dockerfile CMD to ENTRYPOINT

Please use this command.

docker run -v /var/run/docker.sock:/var/run/docker.sock knqyf263/trivy:0.0.14 utrecht/bcbsn:2.0.0

If you use macOS, you can use local cache below command.

docker run -v /var/run/docker.sock:/var/run/docker.sock -v $HOME/Library/Caches:/root/.cache/ knqyf263/trivy:0.0.14 utrecht/bcbsn:2.0.0

@knqyf263
Copy link
Collaborator

@kolaente You can use Trivy in a docker container. Please specify knqyf263/trivy:latest or knqyf263/trivy:0.0.14 as an image name.
https://cloud.docker.com/u/knqyf263/repository/docker/knqyf263/trivy

@030
Copy link

030 commented May 19, 2019

The analysis works now:

[user@localhost ~]$ docker run -v /var/run/docker.sock:/var/run/docker.sock knqyf263/trivy:0.0.14 utrecht/bcbsn:2.0.0
Unable to find image 'knqyf263/trivy:0.0.14' locally
0.0.14: Pulling from knqyf263/trivy
e7c96db7181b: Pull complete 
a62117a94668: Pull complete 
fd4ece22b6c2: Pull complete 
Digest: sha256:93b57cd8593c7a0c334b542951bdc62f16f2afdcc2e353ac5e2d532ba6d0f3ee
Status: Downloaded newer image for knqyf263/trivy:0.0.14
2019-05-19T10:25:32.818Z	INFO	Updating vulnerability database...
2019-05-19T10:28:24.555Z	INFO	Updating NVD data...
 122550 / 122550  100.00% 2m18ss
2019-05-19T10:30:43.000Z	INFO	Updating Alpine data...
 11119 / 11119  100.00% 11s1s
2019-05-19T10:30:55.245Z	INFO	Updating RedHat data...
 19426 / 19426  100.00% 24s01s
2019-05-19T10:31:19.809Z	INFO	Updating Debian data...
 27809 / 27809  100.00% 30s01s
2019-05-19T10:31:50.674Z	INFO	Updating Debian OVAL data...
 59642 / 59642  100.00% 2m17ss
2019-05-19T10:34:07.811Z	INFO	Updating Ubuntu data...
 30191 / 30191  100.00% 1m13ss
2019-05-19T10:35:23.654Z	FATAL	error in image scan: failed to scan image: failed to analyze OS: Unknown OS

@030
Copy link

030 commented May 19, 2019

When I run it for the second time, the scan takes still a while. What folder should be mounted to prevent this?

@masahiro331
Copy link
Contributor

masahiro331 commented May 19, 2019
edited
Loading

@030
Create DB at the first start, and use cache after the second.
To use cache with docker, mount the cache directory.Create DB at the first start, and use cache after the second.

Example for macOS:

docker run -v $HOME/Library/Caches:/root/.cache/ knqyf263/trivy:0.0.14 utrecht/bcbsn:2.0.0

Other case:
Please check your OS default cache directory.

@030
Copy link

030 commented May 19, 2019

@masahiro331 I think it is useful to add this to the README.md as well

@masahiro331
Copy link
Contributor

@030
Please check here.
https://github.com/knqyf263/trivy#docker

Today added to README.md
knqyf263@2f7f1f8

@kolaente
Copy link
Author

kolaente commented May 20, 2019
edited
Loading

@knqyf263 @masahiro331 Great, thanks!

@knqyf263
Copy link
Collaborator

If you have any questions, please reopen this issue. Thanks.

yashvardhan-kukreja pushed a commit to yashvardhan-kukreja/trivy that referenced this issue Aug 12, 2020
@simar7 @yashvardhan-kukreja
# This is a combination of 17 commits.
103fde2 
parent 4b57c0d
author Simarpreet Singh <simar@linux.com> 1594135002 -0700
committer Yashvardhan Kukreja <yash.kukreja.98@gmail.com> 1597228077 +0530
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEo6kc/h77LUwnQeM/dxKAODWqo7oFAl8zxC0ACgkQdxKAODWq
 o7pG3g//VIXCQt6z8dhORimZEAXLbwI7WuUYxkkGGKceuhCWwEs7HVJLkNBiIml1
 6gDnc8sMkG7FqFGAi5RHvdez9vqWZRxaoWgJ2J39u/sTow3QEwvzIAdjG7+4LHOs
 7mgg82qQp5Vb0UVudEitc3bqukoO61B0pszC3S8wacq3uWfq5IPRvVePBA0SD9+W
 jykmLzVp5NGeKRnOCuJw9HkRP9+lKfCJwb4K8xbTjJjuWUDj9k6oRV1XKNQcyWCi
 KzEEV1snKne8dsUYPf9dN6FuJFi6c+a4L7vX96dlKLKJDQD0y1qQHhdBSNwqP7Wj
 RHL/WuMt3Yx6sZe30dPA3I7Tj2zizodjRs+Qst1Jfyjv/5e4Ap2gqmf39pse4O8n
 Ct4UA+5zTsulyT/5aUa/gIYFUH+luznCqiYoQtQ7TgELtcVOcgGfJciq+kPp6NWP
 GS2IcBH/XSOkQ4nRQrbQ/vutItYNUcE2Oe0xLerTih3+Sx+SKufSecLoSqOTgJdG
 TEqU6UkZB3mV3Y5j9MYmvF2Yvq+Ll2tw5FzxLA6kg+eTa1ochn/xwi11/kDQYqf3
 CkH8Z4/ZgHx5xHwLkLxMleaiQP3EbyxaEBZYgzrOzp8rnT4HU+FeSUrkqlcyBrRN
 HSFMQlKXq+o/yfgVVh51LyGSFlHncVm1Jv6UirsGj7NAvso+BqA=
 =QhX4
 -----END PGP SIGNATURE-----

# This is a combination of 6 commits.
# This is the 1st commit message:

db: Update trivy-db to include CVSS score info (aquasecurity#530)

* mod: Update trivy-db to include CVSS score info

Signed-off-by: Simarpreet Singh <simar@linux.com>

* mod: Update go.mod

Signed-off-by: Simarpreet Singh <simar@linux.com>

* mod: Update trivy-db to latest

Signed-off-by: Simarpreet Singh <simar@linux.com>
# This is the commit message aquasecurity#2:

Adding contrib/junit.tpl to docker image (aquasecurity#554)


# This is the commit message aquasecurity#3:

Fixing `Error retrieving template from path` when --format is not template but template is provided (aquasecurity#556)


# This is the commit message aquasecurity#4:

added: display last db update whenever trivy server is started in trivy client/server setup

# This is the commit message aquasecurity#5:

Added: entry for prometheus/client_golang package

# This is the commit message aquasecurity#6:

Added: prometheus metrics endpoint support for Last DB Update and Last DB Update Attempt metric

# This is the commit message aquasecurity#7:

Added: entry for prometheus/client_golang package

# This is the commit message aquasecurity#8:

Added: prometheus metrics endpoint support for Last DB Update and Last DB Update Attempt metric

# This is the commit message aquasecurity#9:

Refactored: Shifted the GaugeVec global var to config.go . Removed unnecessarily repeated vars. Added nil check for GaugeVec

# This is the commit message aquasecurity#10:

Added: Nil GaugeVec Fail check

# This is the commit message aquasecurity#11:

Added: nil check for metrics registry

# This is the commit message aquasecurity#12:

Modified: tests with respect to nil metrics registry

# This is the commit message aquasecurity#13:

Merge with master

# This is the commit message aquasecurity#14:

Merge branch 'master' into issue-aquasecurity#346

# This is the commit message aquasecurity#15:

Resolved merge conflicts

# This is the commit message aquasecurity#16:

Resolved merge conflicts

# This is the commit message aquasecurity#17:

feat(vulnerability): add CWE-ID (aquasecurity#561)

* chore(mod): update dependency

* test(vulnerability): add CweIDs
liamg pushed a commit that referenced this issue Jun 7, 2022
@masahiro331 @knqyf263
Add cargo analyzer (#11)
7c41c35
liamg pushed a commit that referenced this issue Jun 7, 2022
@masahiro331 @knqyf263
Add cargo analyzer (#11)
dd50fac
josedonizetti referenced this issue in josedonizetti/trivy Jun 24, 2022
@liamg
Merge pull request #11 from aquasecurity/liamg-patch-1
909d1fa 
Add link to public ip check
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@knqyf263 @030 @kolaente @masahiro331