Skip to content

@knqyf263 knqyf263 released this Nov 14, 2019

Main Features

  • Dramatically improve the scan speed on the first run 🎉🎉 🎉 🎉 🎉🎉 🎉 🎉
    • Previous version: ~ 10 min
    • New version: ~ 10 sec (Depending on the network)

Now, you don't need to use a cache in CI/CD. You can see an example.
https://github.com/aquasecurity/trivy-ci-test/commit/eb4d393a7178aea0118c6e9017269f258d6b3edf/checks?check_suite_id=311236898

New Features

  • --light option
    • The lightweight DB doesn't contain vulnerability detail such as descriptions and references. Because of that, the size of the DB is smaller and the download is faster.
    • This option is useful when you don't need vulnerability details and is suitable for CI/CD. To find the additional information, you can search vulnerability details on the NVD website.
    • e.g. $ trivy --light alpine:3.10
  • --download-db-only option (#172)
    • This option simply retrieves the vulnerability database without scanning.
    • Thanks to @miguelbernadi
  • Enable environment variables (#220)
    • You can specify the options via environment variables
    • e.g. TRIVY_EXIT_CODE=1 trivy alpine:3.10
    • Thanks to @tboerger

Changelog

e371747 doc(README): fix missing Gitlab CI link section in ToC (#263)
514137e Merge pull request #253 from aquasecurity/remote_db
4f92d29 chore(makefile): add Makefile (#256)
8ea2e8c Add env variables for every flag (#220)
d1615bc typo fixed and GitHub Profile link added (#236)
76d920e Grammar (#232)
1f07220 docs: typo correction (#252)
f326beb Fixed broken link and some typos in Readme.md (#228)
e04e90f add new line at eof (#249)
d27eeb2 Add option to only download vulnerability database (#172)
62ea073 Enable shell autocompletion (#234)
187864a Added GitLab YML (#223)
a666c4a massage rubygems version to handle platforms (#230)
bda4ee0 add echo to CI gofmt step (#231)
63ed4eb Fixed Broken README links (#214)

Docker images

  • docker pull docker.io/aquasec/trivy:0.2.0
  • docker pull docker.io/aquasec/trivy:latest
Assets 25
You can’t perform that action at this time.