Security/Container/Trivy: Difference between revisions
Jump to navigation
Jump to search
| Line 25: | Line 25: | ||
rm -rf ${HOME}/Downloads/harbor/ | rm -rf ${HOME}/Downloads/harbor/ | ||
EXE | EXE | ||
</syntaxhighlight> | |||
---- | |||
<syntaxhighlight lang="yaml"> | |||
cat <<'YML'| tee ${HOME}/Documents/harbor-playground/harbor.yml >/dev/null | |||
--- | |||
http: | |||
port: 1980 | |||
hostname: localhost | |||
data_volume: ./harbor-data | |||
harbor_admin_password: sadaqah! | |||
database: | |||
password: sadaqah! | |||
max_idle_conns: 10 | |||
max_open_conns: 20 | |||
conn_max_lifetime: 5m | |||
conn_max_idle_time: 0 | |||
trivy: | |||
skip_java_db_update: false | |||
ignore_unfixed: false | |||
security_check: vuln | |||
offline_scan: false | |||
skip_update: false | |||
insecure: false | |||
jobservice: | |||
max_job_workers: 5 | |||
max_job_duration_hours: 24 | |||
job_loggers: | |||
- STD_OUTPUT | |||
- FILE | |||
logger_sweeper_duration: 1 | |||
notification: | |||
webhook_job_max_retry: 3 | |||
webhook_job_http_client_timeout: 3 | |||
log: | |||
level: warning | |||
local: | |||
rotate_count: 50 | |||
rotate_size: 200M | |||
location: /var/log/harbor | |||
upload_purging: | |||
enabled: true | |||
age: 168h | |||
interval: 24h | |||
dryrun: false | |||
cache: | |||
enabled: false | |||
expire_hours: 24 | |||
YML | |||
</syntaxhighlight> | |||
---- | |||
<syntaxhighlight lang="bash"> | |||
sudo ./install.sh | |||
</syntaxhighlight> | </syntaxhighlight> | ||
Revision as of 08:09, 3 June 2025
cat <<'EXE'| sudo bash
wget -cq https://github.com/aquasecurity/trivy/releases/download/v0.63.0/trivy_0.63.0_Linux-64bit.tar.gz -P ${HOME}/Downloads
tar -xzf ${HOME}/Downloads/trivy_0.63.0_Linux-64bit.tar.gz -C ${HOME}/Downloads
rm -rf ${HOME}/Downloads/trivy_0.63.0_Linux-64bit.tar.gz
mv ${HOME}/Downloads/trivy /usr/local/bin/
EXE
Trivy » Scan
trivy image haproxy:2.8-alpine
trivy image httpd:2.4-alpine
trivy image nginx:alpine
trivy image nginx:1.27
Trivy » Harbor
cat <<'EXE'| bash
wget -cq https://github.com/goharbor/harbor/releases/download/v2.13.1/harbor-online-installer-v2.13.1.tgz -P ${HOME}/Downloads/
tar -xzf ${HOME}/Downloads/harbor-online-installer-v2.13.1.tgz -C ${HOME}/Downloads/
rsync -az ${HOME}/Downloads/harbor/ ${HOME}/Documents/harbor-playground/
rm -rf ${HOME}/Downloads/harbor-online-installer-v2.13.1.tgz
rm -rf ${HOME}/Downloads/harbor/
EXE
cat <<'YML'| tee ${HOME}/Documents/harbor-playground/harbor.yml >/dev/null
---
http:
port: 1980
hostname: localhost
data_volume: ./harbor-data
harbor_admin_password: sadaqah!
database:
password: sadaqah!
max_idle_conns: 10
max_open_conns: 20
conn_max_lifetime: 5m
conn_max_idle_time: 0
trivy:
skip_java_db_update: false
ignore_unfixed: false
security_check: vuln
offline_scan: false
skip_update: false
insecure: false
jobservice:
max_job_workers: 5
max_job_duration_hours: 24
job_loggers:
- STD_OUTPUT
- FILE
logger_sweeper_duration: 1
notification:
webhook_job_max_retry: 3
webhook_job_http_client_timeout: 3
log:
level: warning
local:
rotate_count: 50
rotate_size: 200M
location: /var/log/harbor
upload_purging:
enabled: true
age: 168h
interval: 24h
dryrun: false
cache:
enabled: false
expire_hours: 24
YML
sudo ./install.sh
Playground
trivy version
trivy help
|
trivy image haproxy:latest
trivy image httpd:latest
|
trivy image nginx:latest
trivy image php:latest
|
|
| ||