Filesystem

Quick start

Trivy scans a filesystem such as a virtual machine to detect misconfigurations.

You have to specify --security-checks config to enable misconfiguration detection.

  1. $ trivy fs --security-checks config /path/to/dir

Internally, it is the same as config subcommand.

Vulnerability and Misconfiguration scanning

The difference between fs and config subcommand is that fs can detect both vulnerabilities and misconfiguration at the same time.

You have to specify --security-checks vuln,config to enable vulnerability and misconfiguration detection.

  1. $ ls myapp/
  2. Dockerfile Pipfile.lock
  3. $ trivy fs --security-checks vuln,config --severity HIGH,CRITICAL myapp/
  4. 2021-07-09T12:03:27.564+0300    INFO    Detected OS: unknown
  5. 2021-07-09T12:03:27.564+0300    INFO    Number of language-specific files: 1
  6. 2021-07-09T12:03:27.564+0300    INFO    Detecting pipenv vulnerabilities...
  7. 2021-07-09T12:03:27.566+0300    INFO    Detected config files: 1
  9. Pipfile.lock (pipenv)
  10. =====================
  11. Total: 1 (HIGH: 1, CRITICAL: 0)
  13. +----------+------------------+----------+-------------------+---------------+---------------------------------------+
  14. | LIBRARY  | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION |                 TITLE                 |
  15. +----------+------------------+----------+-------------------+---------------+---------------------------------------+
  16. | httplib2 | CVE-2021-21240   | HIGH     | 0.12.1            | 0.19.0        | python-httplib2: Regular              |
  17. |          |                  |          |                   |               | expression denial of                  |
  18. |          |                  |          |                   |               | service via malicious header          |
  19. |          |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-21240 |
  20. +----------+------------------+----------+-------------------+---------------+---------------------------------------+
  22. Dockerfile (dockerfile)
  23. =======================
  24. Tests: 23 (SUCCESSES: 22, FAILURES: 1, EXCEPTIONS: 0)
  25. Failures: 1 (HIGH: 1, CRITICAL: 0)
  27. +---------------------------+------------+----------------------+----------+------------------------------------------+
  28. |           TYPE            | MISCONF ID |        CHECK         | SEVERITY |                 MESSAGE                  |
  29. +---------------------------+------------+----------------------+----------+------------------------------------------+
  30. | Dockerfile Security Check |   DS002    | Image user is 'root' |   HIGH   | Last USER command in                     |
  31. |                           |            |                      |          | Dockerfile should not be 'root'          |
  32. |                           |            |                      |          | -->avd.aquasec.com/appshield/ds002       |
  33. +---------------------------+------------+----------------------+----------+------------------------------------------+

In the above example, Trivy detected vulnerabilities of Python dependencies and misconfigurations in Dockerfile.