Security/Container/Trivy: Difference between revisions

From Chorke Wiki
Jump to navigation Jump to search
← Older edit
VisualWikitext
 
(59 intermediate revisions by the same user not shown)
Line 1: Line 1:
{|class='wikitable mw-collapsible'
!scope='col' style='width:1100px'|
|-
| valign="top" |
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
cat <<'EXE'| sudo bash
cat <<'EXE'| sudo bash
Line 7: Line 11:
EXE
EXE
</syntaxhighlight>
</syntaxhighlight>
|}


==Snyk » Trivy==
==Trivy » Scan==
{|class='wikitable mw-collapsible'
!scope='col' style='width:1100px'|
Trivy » Scan
|-
| valign="top" |
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
trivy image haproxy:2.8-alpine
trivy image haproxy:2.8-alpine
Line 15: Line 25:
trivy image nginx:1.27
trivy image nginx:1.27
</syntaxhighlight>
</syntaxhighlight>
|}
==Trivy » Harbor==
{|class='wikitable mw-collapsible mw-collapsed'
!scope='col' style='width:1100px'|
Trivy » Harbor
|-
| valign="top" |
<syntaxhighlight lang="bash">
cat <<'EXE'| bash
wget  -cq https://github.com/goharbor/harbor/releases/download/v2.13.1/harbor-online-installer-v2.13.1.tgz -P ${HOME}/Downloads/
tar  -xzf ${HOME}/Downloads/harbor-online-installer-v2.13.1.tgz -C ${HOME}/Downloads/
rsync  -az ${HOME}/Downloads/harbor/ ${HOME}/Documents/harbor-playground/
rm  -rf    ${HOME}/Downloads/harbor-online-installer-v2.13.1.tgz
rm  -rf    ${HOME}/Downloads/harbor/
EXE
</syntaxhighlight>
|}
==Trivy » Harbor » Internal==
{|class='wikitable mw-collapsible'
!scope='col' style='width:1100px'|
Trivy » Harbor » Internal
|-
| valign="top" |
<syntaxhighlight lang="yaml">
cat <<'YML'| tee ${HOME}/Documents/harbor-playground/harbor.yml >/dev/null
---
http:
  port: 1980
hostname: localhost
data_volume: ./harbor-data
harbor_admin_password: sadaqah!
database:
  password: sadaqah!
  max_idle_conns: 10
  max_open_conns: 20
  conn_max_lifetime: 5m
  conn_max_idle_time: 0
trivy:
  skip_java_db_update: false
  ignore_unfixed: false
  security_check: vuln
  offline_scan: false
  skip_update: false
  insecure: false
jobservice:
  max_job_workers: 5
  max_job_duration_hours: 24
  job_loggers:
    - STD_OUTPUT
    - FILE
  logger_sweeper_duration: 1
notification:
  webhook_job_max_retry: 3
  webhook_job_http_client_timeout: 3
log:
  level: warning
  local:
    rotate_count: 50
    rotate_size: 200M
    location: ./harbor-log
upload_purging:
  enabled: true
  age: 168h
  interval: 24h
  dryrun: false
cache:
  enabled: false
  expire_hours: 24
YML
</syntaxhighlight>
|-
| valign="top" |
<syntaxhighlight lang="bash">
sudo ./install.sh --with-trivy
sudo docker compose down
docker images|grep harbor
sudo docker compose up -d
sudo docker compose logs -ft
        xdg-open http://localhost:1980 &>/dev/null &
  x-www-browser http://localhost:1980 &>/dev/null &
sensible-browser http://localhost:1980 &>/dev/null &
</syntaxhighlight>
|}
==Trivy » Harbor » External==
{|class='wikitable mw-collapsible mw-collapsed'
!scope='col' style='width:1100px'|
Trivy » Harbor » External
|-
| colspan="2" |
<syntaxhighlight lang="bash">
export DOCKER_HOST_IP=host.docker.internal
echo -n 'Password: ';read -s HARBOR_PASSWORD;export HARBOR_PASSWORD;echo
# Password: sadaqah!
</syntaxhighlight>
----
<syntaxhighlight lang="sql">
cat <<'SQL'| psql
SELECT usename AS "user"    FROM pg_catalog.pg_user WHERE usename LIKE '%harbor%' ORDER BY 1 ASC; -- \du+
SELECT datname as "database" FROM pg_database        WHERE datname LIKE '%harbor%' ORDER BY 1 ASC; -- \l+
SQL
</syntaxhighlight>
----
<syntaxhighlight lang="sql">
cat <<'DDL'| psql
\! printf '\n'
REVOKE ALL PRIVILEGES ON DATABASE harbor FROM harbor;
DROP OWNED    BY        harbor;
DROP DATABASE IF EXISTS harbor;
DROP USER    IF EXISTS harbor;
DDL
</syntaxhighlight>
----
<syntaxhighlight lang="sql">
cat << DDL | psql
SELECT 'CREATE DATABASE harbor'
WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'harbor')\gexec
CREATE USER harbor WITH ENCRYPTED PASSWORD '${HARBOR_PASSWORD}';
GRANT ALL PRIVILEGES ON DATABASE harbor TO harbor;
ALTER DATABASE harbor OWNER TO harbor;
DDL
</syntaxhighlight>
----
<syntaxhighlight lang="bash">
echo -n 'Password: ';read -s PGPASSWORD; export PGPASSWORD; echo
# Password: sadaqah!
psql -p 5432 -U harbor -d harbor -h 10.20.0.1
psql -p 5432 -U harbor -d harbor -h 10.19.83.10
</syntaxhighlight>
----
<syntaxhighlight lang="bash">
sudo vim /etc/postgresql/16/main/postgresql.conf
# :%s/listen_addresses/listen_addresses/gc
sudo vim /etc/postgresql/16/main/pg_hba.conf
# :%s/# IPv4 local/# IPv4 local/gc
systemctl status  postgresql.service
systemctl restart postgresql.service
</syntaxhighlight>
|-
|valign='top'|
<syntaxhighlight lang="bash">
# caution: be aware
cat <<'EXE'| sudo bash
cat /etc/redis/redis.conf > ./redis.conf
sed 's|bind 127.0.0.1 -::1|bind 127.0.0.1 -::1 10.20.0.1 10.20.13.1|' -i /etc/redis/redis.conf
systemctl status  redis.service
systemctl restart redis.service
redis-cli info    keyspace
EXE
</syntaxhighlight>
|-
|valign='top'|
<syntaxhighlight lang="yaml">
cat <<'YML'| tee ${HOME}/Documents/harbor-playground/harbor.yml >/dev/null
---
http:
  port: 1980
hostname: harbor.chorke.org
external_url: https://harbor.chorke.org
harbor_admin_password: sadaqah!
data_volume: ./harbor-data
enable_trivy: true
_version: 2.13.0
trivy:
  skip_java_db_update: false
  ignore_unfixed: false
  security_check: vuln
  offline_scan: false
  skip_update: false
  insecure: false
jobservice:
  max_job_workers: 5
  max_job_duration_hours: 24
  job_loggers:
    - STD_OUTPUT
    - FILE
  logger_sweeper_duration: 1
notification:
  webhook_job_max_retry: 3
  webhook_job_http_client_timeout: 3
log:
  level: warning
  local:
    rotate_count: 50
    rotate_size: 200M
    location: ./harbor-log
external_database:
  harbor:
    host: 10.20.13.1
    port: 5432
    db_name: harbor
    username: harbor
    password: sadaqah!
    ssl_mode: disable
    max_idle_conns: 5
    max_open_conns: 10
upload_purging:
  enabled: true
  age: 168h
  interval: 24h
  dryrun: false
cache:
  enabled: false
  expire_hours: 24
YML
</syntaxhighlight>
----
<syntaxhighlight lang="bash">
sudo docker compose logs -ft
sudo docker compose down
sudo ./prepare --with-trivy
</syntaxhighlight>
----
<syntaxhighlight lang="bash">
cat docker-compose.yml|yq -r '.services.proxy.ports'
yq eval '.services.proxy.ports += ["127.0.0.1:1980:8080"]' -i docker-compose.yml
yq eval '.services.proxy.ports  = ["127.0.0.1:1980:8080"]' -i docker-compose.yml
yq eval '.services.core.extra_hosts    += ["host.docker.internal:host-gateway"]' -i docker-compose.yml
yq eval '.services.registry.extra_hosts += ["host.docker.internal:host-gateway"]' -i docker-compose.yml
</syntaxhighlight>
----
<syntaxhighlight lang="bash">
sudo docker compose up -d
sudo docker compose logs -ft
        xdg-open http://localhost:1980 &>/dev/null &
  x-www-browser http://localhost:1980 &>/dev/null &
sensible-browser http://localhost:1980 &>/dev/null &
</syntaxhighlight>
|}
==Trivy » Harbor » Nginx==
{|class='wikitable mw-collapsible mw-collapsed'
!scope='col' style='width:1100px'|
Trivy » Harbor » Nginx
|-
|valign='top'|
<syntaxhighlight lang="bash">
cat <<'INI'| sudo tee /etc/nginx/sites-available/harbor.shahed.biz >/dev/null
server {
  listen 443 ssl;
  listen [::]:443 ssl;
  ssl_certificate /etc/letsencrypt/live/harbor.shahed.biz/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/harbor.shahed.biz/privkey.pem;
  ssl_protocols TLSv1.2 TLSv1.3;
  server_name harbor.shahed.biz;
  ignore_invalid_headers off;
  client_max_body_size 0;
  proxy_buffering off;
  proxy_request_buffering off;
  location / {
    include proxy_params;
    real_ip_header X-Real-IP;
    proxy_connect_timeout 300;
    proxy_http_version 1.1;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_pass http://127.0.0.1:1980;
  }
  location ~ ^/.well-known(/.*|$) {
    alias /var/www/html/.well-known$1;
    gzip_static on;
    expires max;
    add_header Cache-Control public;
  }
}
server {
  listen 80;
  listen [::]:80;
  server_name harbor.shahed.biz;
 
  location ~ ^/.well-known(/.*|$) {
    alias /var/www/html/.well-known$1;
    gzip_static on;
    expires max;
    add_header Cache-Control public;
  }
  location / {
    return 301 https://harbor.shahed.biz$request_uri;
  }
}
INI
</syntaxhighlight>
|}


==Playground==
==Playground==
{|
{|class='wikitable mw-collapsible'
!scope='col' colspan='3' style='width:1100px'|
Playground
|-
|valign='top'|
|valign='top'|
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
Line 35: Line 365:
trivy image php:latest
trivy image php:latest
</syntaxhighlight>
</syntaxhighlight>
|-
|colspan='3'|
----
|-
|-
|valign='top'|
|valign='top'|
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
systemctl restart postgresql.service
systemctl status  postgresql.service
systemctl restart redis.service
systemctl status  redis.service
redis-cli info keyspace
redis-cli flushall
redis-cli flushdb
</syntaxhighlight>
</syntaxhighlight>


|valign='top'|
|valign='top'|
<syntaxhighlight lang="bash">
<syntaxhighlight lang="yaml">
external_redis:
  host: host.docker.internal:6379
  tlsOptions:
    enable: false
  registry_db_index: 1
  jobservice_db_index: 2
  trivy_db_index: 5
  idle_timeout_seconds: 30
</syntaxhighlight>
</syntaxhighlight>


|valign='top'|
|valign='top'|
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
</syntaxhighlight>
|-
|valign='top' colspan='3'|
<syntaxhighlight lang="bash">
jq -r '.auths."harbor.chorke.org".auth' ~/.docker/config.json|base64 --decode && echo
docker login  harbor.chorke.org -u admin
docker login  harbor.chorke.org
</syntaxhighlight>
|-
|valign='top' colspan='3'|
<syntaxhighlight lang="bash">
docker tag nginx:1.27 harbor.chorke.org/chorke/nginx:1.27
docker push          harbor.chorke.org/chorke/nginx:1.27
</syntaxhighlight>
</syntaxhighlight>
|}
|}


==References==
==References==
{|
{|class='wikitable mw-collapsible mw-collapsed'
!scope='col' colspan='3' style='width:1100px'|
References
|-
|valign='top'|
|valign='top'|
* [https://github.com/goharbor/harbor/wiki/Release-plans Security » Container » Trivy » Harbor » Release Plans]
* [https://github.com/goharbor/harbor/releases/ Security » Container » Trivy » Harbor » Download]
* [https://kodekloud.com/community/t/setting-up-your-own-container-registry-with-harbor/275367 Security » Container » Trivy » Harbor » Registry]
* [https://goharbor.io/docs/2.13.0/install-config/configure-https/ Security » Container » Trivy » Harbor » HTTPS]
* [https://github.com/goharbor/harbor/wiki Security » Container » Trivy » Harbor » Wiki]
* [https://github.com/aquasecurity/trivy/releases Security » Container » Trivy » Download]
* [https://github.com/aquasecurity/trivy/releases Security » Container » Trivy » Download]
* [https://goharbor.io/ Security » Container » Trivy » Harbor]
* [https://trivy.dev/latest/getting-started/installation/ Security » Container » Trivy » Install]
* [https://trivy.dev/latest/docs/target/container_image/ Security » Container » Trivy » Docs]
* [https://trivy.dev/latest/docs/target/container_image/ Security » Container » Trivy » Docs]
* [https://trivy.dev/latest/ Security » Container » Trivy]
* [https://trivy.dev/latest/ Security » Container » Trivy]


|valign='top'|
|valign='top'|
* [https://goharbor.io/docs/2.0.0/administration/vulnerability-scanning/ Security » Container » Trivy » Harbor » Scanning]


|valign='top'|
|valign='top'|


|-
|colspan='3'|
----
|-
|-
|valign='top'|
|valign='top'|
* [[Apache Basic Authentication|Security » HTTP » Basic Authentication]]
* [[OpenLDAP/BackSQL|Security » OpenLDAP » BackSQL]]
* [[OpenLDAP/BackSQL|Security » OpenLDAP » BackSQL]]
* [https://github.com/khorben/makepasswd Security » <code>makepasswd</code> » SCM]
* [[Security/Certificate/TLS|Security » Certificate » TLS]]
* [https://manpages.ubuntu.com/manpages/trusty/man1/makepasswd.1.html Security » <code>makepasswd</code>]
* [[Security/Certificate|Security » Certificate]]
* [[Security/Certificate|Security » Certificate]]
* [[Security/Password|Security » Password]]
* [[Security/Password|Security » Password]]
Line 82: Line 445:
|valign='top'|
|valign='top'|
* [[SSH/Public Key Authentication|Security » SSH » Public Key Authentication]]
* [[SSH/Public Key Authentication|Security » SSH » Public Key Authentication]]
* [[Apache Basic Authentication|Security » HTTP » Basic Authentication]]
* [[Security/Container/Cosign|Security » Container » Cosign]]
* [[Security/Container/Snyk|Security » Container » Snyk]]
* [[Security/Container/Snyk|Security » Container » Snyk]]
* [[Security/Certificate/TLS|Security » Certificate » TLS]]
* [[Helm/Harbor|Security » Helm » Harbor]]
* [[Helm/Sign|Security » Helm » Sign]]


|valign='top'|
|valign='top'|


|-
|colspan='3'|
----
|-
|-
|valign='top'|
|valign='top'|
Line 117: Line 478:


|valign='top'|
|valign='top'|
* [[PostgreSQL/PgBouncer|PostgreSQL » PgBouncer]]
* [[PostgreSQL/PgLoader|PostgreSQL » PgLoader]]
* [[Docker/Compose/SFTP]]
* [[Docker/Compose/SFTP]]
* [[PostgreSQL]]
* [[Git]]
* [[Git]]
|}
|}

Latest revision as of 17:05, 12 July 2025

cat <<'EXE'| sudo bash
wget -cq https://github.com/aquasecurity/trivy/releases/download/v0.63.0/trivy_0.63.0_Linux-64bit.tar.gz -P ${HOME}/Downloads
tar -xzf ${HOME}/Downloads/trivy_0.63.0_Linux-64bit.tar.gz -C ${HOME}/Downloads
rm  -rf  ${HOME}/Downloads/trivy_0.63.0_Linux-64bit.tar.gz
mv       ${HOME}/Downloads/trivy /usr/local/bin/
EXE

Trivy » Scan

Trivy » Scan 

trivy image haproxy:2.8-alpine
trivy image httpd:2.4-alpine
trivy image nginx:alpine
trivy image nginx:1.27

Trivy » Harbor

Trivy » Harbor 

cat <<'EXE'| bash
wget   -cq https://github.com/goharbor/harbor/releases/download/v2.13.1/harbor-online-installer-v2.13.1.tgz -P ${HOME}/Downloads/
tar   -xzf ${HOME}/Downloads/harbor-online-installer-v2.13.1.tgz -C ${HOME}/Downloads/
rsync  -az ${HOME}/Downloads/harbor/ ${HOME}/Documents/harbor-playground/
rm  -rf    ${HOME}/Downloads/harbor-online-installer-v2.13.1.tgz
rm  -rf    ${HOME}/Downloads/harbor/
EXE

Trivy » Harbor » Internal

Trivy » Harbor » Internal 

cat <<'YML'| tee ${HOME}/Documents/harbor-playground/harbor.yml >/dev/null
---
http:
  port: 1980
hostname: localhost
data_volume: ./harbor-data
harbor_admin_password: sadaqah!

database:
  password: sadaqah!
  max_idle_conns: 10
  max_open_conns: 20
  conn_max_lifetime: 5m
  conn_max_idle_time: 0

trivy:
  skip_java_db_update: false
  ignore_unfixed: false
  security_check: vuln
  offline_scan: false
  skip_update: false
  insecure: false

jobservice:
  max_job_workers: 5
  max_job_duration_hours: 24
  job_loggers:
    - STD_OUTPUT
    - FILE
  logger_sweeper_duration: 1

notification:
  webhook_job_max_retry: 3
  webhook_job_http_client_timeout: 3

log:
  level: warning
  local:
    rotate_count: 50
    rotate_size: 200M
    location: ./harbor-log

upload_purging:
  enabled: true
  age: 168h
  interval: 24h
  dryrun: false

cache:
  enabled: false
  expire_hours: 24
YML

sudo ./install.sh --with-trivy
sudo docker compose down
docker images|grep harbor
sudo docker compose up -d
sudo docker compose logs -ft

        xdg-open http://localhost:1980 &>/dev/null &
   x-www-browser http://localhost:1980 &>/dev/null &
sensible-browser http://localhost:1980 &>/dev/null &

Trivy » Harbor » External

Trivy » Harbor » External 

export DOCKER_HOST_IP=host.docker.internal
echo -n 'Password: ';read -s HARBOR_PASSWORD;export HARBOR_PASSWORD;echo
# Password: sadaqah!

cat <<'SQL'| psql
SELECT usename AS "user"     FROM pg_catalog.pg_user WHERE usename LIKE '%harbor%' ORDER BY 1 ASC; -- \du+
SELECT datname as "database" FROM pg_database        WHERE datname LIKE '%harbor%' ORDER BY 1 ASC; -- \l+
SQL

cat <<'DDL'| psql
\! printf '\n'
REVOKE ALL PRIVILEGES ON DATABASE harbor FROM harbor;
DROP OWNED    BY        harbor;
DROP DATABASE IF EXISTS harbor;
DROP USER     IF EXISTS harbor;
DDL

cat << DDL | psql
SELECT 'CREATE DATABASE harbor' 
WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'harbor')\gexec
CREATE USER harbor WITH ENCRYPTED PASSWORD '${HARBOR_PASSWORD}';
GRANT ALL PRIVILEGES ON DATABASE harbor TO harbor;
ALTER DATABASE harbor OWNER TO harbor;
DDL

echo -n 'Password: ';read -s PGPASSWORD; export PGPASSWORD; echo
# Password: sadaqah!

psql -p 5432 -U harbor -d harbor -h 10.20.0.1
psql -p 5432 -U harbor -d harbor -h 10.19.83.10

sudo vim /etc/postgresql/16/main/postgresql.conf
# :%s/listen_addresses/listen_addresses/gc

sudo vim /etc/postgresql/16/main/pg_hba.conf 
# :%s/# IPv4 local/# IPv4 local/gc

systemctl status  postgresql.service
systemctl restart postgresql.service

# caution: be aware 
cat <<'EXE'| sudo bash
cat /etc/redis/redis.conf > ./redis.conf
sed 's|bind 127.0.0.1 -::1|bind 127.0.0.1 -::1 10.20.0.1 10.20.13.1|' -i /etc/redis/redis.conf
systemctl status  redis.service
systemctl restart redis.service
redis-cli info    keyspace
EXE

cat <<'YML'| tee ${HOME}/Documents/harbor-playground/harbor.yml >/dev/null
---
http:
  port: 1980
hostname: harbor.chorke.org
external_url: https://harbor.chorke.org
harbor_admin_password: sadaqah!
data_volume: ./harbor-data
enable_trivy: true
_version: 2.13.0

trivy:
  skip_java_db_update: false
  ignore_unfixed: false
  security_check: vuln
  offline_scan: false
  skip_update: false
  insecure: false

jobservice:
  max_job_workers: 5
  max_job_duration_hours: 24
  job_loggers:
    - STD_OUTPUT
    - FILE
  logger_sweeper_duration: 1

notification:
  webhook_job_max_retry: 3
  webhook_job_http_client_timeout: 3

log:
  level: warning
  local:
    rotate_count: 50
    rotate_size: 200M
    location: ./harbor-log

external_database:
  harbor:
    host: 10.20.13.1
    port: 5432
    db_name: harbor
    username: harbor
    password: sadaqah!
    ssl_mode: disable
    max_idle_conns: 5
    max_open_conns: 10

upload_purging:
  enabled: true
  age: 168h
  interval: 24h
  dryrun: false

cache:
  enabled: false
  expire_hours: 24
YML

sudo docker compose logs -ft
sudo docker compose down
sudo ./prepare --with-trivy

cat docker-compose.yml|yq -r '.services.proxy.ports'
yq eval '.services.proxy.ports += ["127.0.0.1:1980:8080"]' -i docker-compose.yml
yq eval '.services.proxy.ports  = ["127.0.0.1:1980:8080"]' -i docker-compose.yml

yq eval '.services.core.extra_hosts     += ["host.docker.internal:host-gateway"]' -i docker-compose.yml
yq eval '.services.registry.extra_hosts += ["host.docker.internal:host-gateway"]' -i docker-compose.yml

sudo docker compose up -d
sudo docker compose logs -ft

        xdg-open http://localhost:1980 &>/dev/null &
   x-www-browser http://localhost:1980 &>/dev/null &
sensible-browser http://localhost:1980 &>/dev/null &

Trivy » Harbor » Nginx

Trivy » Harbor » Nginx 

cat <<'INI'| sudo tee /etc/nginx/sites-available/harbor.shahed.biz >/dev/null
server {
  listen 443 ssl;
  listen [::]:443 ssl;

  ssl_certificate /etc/letsencrypt/live/harbor.shahed.biz/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/harbor.shahed.biz/privkey.pem;
  ssl_protocols TLSv1.2 TLSv1.3;

  server_name harbor.shahed.biz;
 
  ignore_invalid_headers off;
  client_max_body_size 0;
  proxy_buffering off;
  proxy_request_buffering off;


  location / {
    include proxy_params;
    real_ip_header X-Real-IP;
    proxy_connect_timeout 300;
    proxy_http_version 1.1;

    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";

    proxy_pass http://127.0.0.1:1980;
  }

  location ~ ^/.well-known(/.*|$) {
    alias /var/www/html/.well-known$1;
    gzip_static on;
    expires max;
    add_header Cache-Control public;
  }
}

server {
  listen 80;
  listen [::]:80;
  server_name harbor.shahed.biz;
  
  location ~ ^/.well-known(/.*|$) {
    alias /var/www/html/.well-known$1;
    gzip_static on;
    expires max;
    add_header Cache-Control public;
  }

  location / {
    return 301 https://harbor.shahed.biz$request_uri;
  }
}
INI

Playground

Playground 

trivy version
trivy help

trivy image haproxy:latest
trivy image httpd:latest

trivy image nginx:latest
trivy image php:latest

systemctl restart postgresql.service
systemctl status  postgresql.service
systemctl restart redis.service
systemctl status  redis.service

redis-cli info keyspace
redis-cli flushall
redis-cli flushdb

external_redis:
  host: host.docker.internal:6379
  tlsOptions:
    enable: false
  registry_db_index: 1
  jobservice_db_index: 2
  trivy_db_index: 5
  idle_timeout_seconds: 30

jq -r '.auths."harbor.chorke.org".auth' ~/.docker/config.json|base64 --decode && echo
docker login   harbor.chorke.org -u admin
docker login   harbor.chorke.org

docker tag nginx:1.27 harbor.chorke.org/chorke/nginx:1.27
docker push           harbor.chorke.org/chorke/nginx:1.27

References

References

Retrieved from "https://wiki.chorke.org/index.php?title=Security/Container/Trivy&oldid=15420"