CozyFex
Posts Tags Categories English
CozyFex

Contents

Docker Scan Images for Known Vulnerabilities

CozyFex included in docker cve trivy
   145 words   One minute 

CVE(Common Vulnerabilities and Exposures)

CVE
The Common Vulnerabilities and Exposures system provides a reference-method for publicly known information-security vulnerabilities and exposures.

CVE Severity Scores

CVSS v2.0 Ratings

SeverityBase Score Range
Low0.0-3.9
Medium4.0-6.9
High7.0-10.0

CVSS v3.0 Ratings

SeverityBase Score Range
None0.0
Low0.1-3.9
Medium4.0-6.9
High7.0-8.9
Critical9.0-10.0

Trivy

Trivy
A Simple and Comprehensive Vulnerability Scanner for Containers and other Artifacts, Suitable for CI.
This is one of a tool for CVE scanner.

Installation

Trivy
Go to official Installation

Basic Usage

1

trivy image nginx:1.18.0

1

trivy image --severity CRITICAL nginx:1.18.0

1

trivy image --severity CRITICAL,HIGH nginx:1.18.0

1

trivy image --ignore-unfixed nginx:1.18.0

1
2
3

docker save nginx:1.18.0 > nginx.tar

trivy image --input nginx.tar

Best Practices

  • Continuously rescan images
  • Kubernetes Admission Controllers to scan images
  • Private repository with pre-scanned images ready to go
  • Integrate scanning into your CI/CD pipeline
Updated on 2021-07-08
Read Markdown
 dockercvetrivyimagevulnerabilities
Back | Home