Thursday, January 18, 2024

Trivy Code Vulnerability report

Trivy provides Third party library vulnerability report along with security key exposure in your code.

The tool also provides the version in which the vulnerability is fixed.

You can use the below steps to get a report by checkout the code from your repo:

Go to https://github.com/aquasecurity/trivy/releases/download/v0.48.3/trivy_0.48.3_windows-64bit.zip

Download the zip

Extract the folder

Goto <Extracted Folder>\trivy_0.48.3_windows-64bit

Open command line from above folder

run the below command

trivy fs <codebase path in local m/c > <app_name_>sec_rpt.txt

Further reading:

https://trivy.dev/


-
Labels:

2 comments:

Anonymous said...

Informative. Thanks for sharing.

January 18, 2024 at 5:36 PM
Koushik said...

Great Post!! Super useful

January 18, 2024 at 5:38 PM

Post a Comment

Subscribe to: Post Comments (Atom)

Convert Java Project from Log4j 1 to Log4j2

Many times while working on old Java projects we find Log4j 1.x is used. But as the Log4j2 is the new one; hence to upgrade to Log4j2 we nee...