Thursday, January 18, 2024

Trivy Code Vulnerability report

Trivy provides Third party library vulnerability report along with security key exposure in your code.

The tool also provides the version in which the vulnerability is fixed.

You can use the below steps to get a report by checkout the code from your repo:

Go to https://github.com/aquasecurity/trivy/releases/download/v0.48.3/trivy_0.48.3_windows-64bit.zip

Download the zip

Extract the folder

Goto <Extracted Folder>\trivy_0.48.3_windows-64bit

Open command line from above folder

run the below command

trivy fs <codebase path in local m/c>

This will print the vulnerability in command prompt

In case you want to write in file 

trivy fs "<codebase path in local m/c>" > <file_name>.txt

Further reading:

https://trivy.dev/


-
Labels:

2 comments:

Anonymous said...

Informative. Thanks for sharing.

January 18, 2024 at 5:36 PM
Koushik said...

Great Post!! Super useful

January 18, 2024 at 5:38 PM

Post a Comment

Subscribe to: Post Comments (Atom)

Eclipse Collection

Links for Eclipse Collection https://piotrminkowski.com/2021/06/22/using-eclipse-collections/ https://sendilkumarn.com/blog/eclipse-collecti...