Image

Container Images

Simply specify an image name (and a tag).

  1. $ trivy image [YOUR_IMAGE_NAME]

For example:

  1. $ trivy image python:3.4-alpine

Result

  1. 2019-05-16T01:20:43.180+0900    INFO    Updating vulnerability database...
  2. 2019-05-16T01:20:53.029+0900    INFO    Detecting Alpine vulnerabilities...
  4. python:3.4-alpine3.9 (alpine 3.9.2)
  5. ===================================
  6. Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0)
  8. +---------+------------------+----------+-------------------+---------------+--------------------------------+
  9. | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION |             TITLE              |
  10. +---------+------------------+----------+-------------------+---------------+--------------------------------+
  11. | openssl | CVE-2019-1543    | MEDIUM   | 1.1.1a-r1         | 1.1.1b-r1     | openssl: ChaCha20-Poly1305     |
  12. |         |                  |          |                   |               | with long nonces               |
  13. +---------+------------------+----------+-------------------+---------------+--------------------------------+

Tar Files

  1. $ docker save ruby:2.3.0-alpine3.9 -o ruby-2.3.0.tar
  2. $ trivy image --input ruby-2.3.0.tar

Result

  1. 2019-05-16T12:45:57.332+0900    INFO    Updating vulnerability database...
  2. 2019-05-16T12:45:59.119+0900    INFO    Detecting Debian vulnerabilities...
  4. ruby-2.3.0.tar (debian 8.4)
  5. ===========================
  6. Total: 7447 (UNKNOWN: 5, LOW: 326, MEDIUM: 5695, HIGH: 1316, CRITICAL: 105)
  8. +------------------------------+---------------------+----------+----------------------------+----------------------------------+-----------------------------------------------------+
  9. |           LIBRARY            |  VULNERABILITY ID   | SEVERITY |     INSTALLED VERSION      |          FIXED VERSION           |                        TITLE                        |
  10. +------------------------------+---------------------+----------+----------------------------+----------------------------------+-----------------------------------------------------+
  11. | apt                          | CVE-2019-3462       | CRITICAL | 1.0.9.8.3                  | 1.0.9.8.5                        | Incorrect sanitation of the                         |
  12. |                              |                     |          |                            |                                  | 302 redirect field in HTTP                          |
  13. |                              |                     |          |                            |                                  | transport method of...                              |
  14. +                              +---------------------+----------+                            +----------------------------------+-----------------------------------------------------+
  15. |                              | CVE-2016-1252       | MEDIUM   |                            | 1.0.9.8.4                        | The apt package in Debian                           |
  16. |                              |                     |          |                            |                                  | jessie before 1.0.9.8.4, in                         |
  17. |                              |                     |          |                            |                                  | Debian unstable before...                           |
  18. +                              +---------------------+----------+                            +----------------------------------+-----------------------------------------------------+
  19. |                              | CVE-2011-3374       | LOW      |                            |                                  |                                                     |
  20. +------------------------------+---------------------+----------+----------------------------+----------------------------------+-----------------------------------------------------+
  21. | bash                         | CVE-2016-7543       | HIGH     | 4.3-11                     | 4.3-11+deb8u1                    | bash: Specially crafted                             |
  22. |                              |                     |          |                            |                                  | SHELLOPTS+PS4 variables allows                      |
  23. |                              |                     |          |                            |                                  | command substitution                                |
  24. +                              +---------------------+          +                            +----------------------------------+-----------------------------------------------------+
  25. |                              | CVE-2019-9924       |          |                            | 4.3-11+deb8u2                    | bash: BASH_CMD is writable in                       |
  26. |                              |                     |          |                            |                                  | restricted bash shells                              |
  27. +                              +---------------------+----------+                            +----------------------------------+-----------------------------------------------------+
  28. |                              | CVE-2016-0634       | MEDIUM   |                            | 4.3-11+deb8u1                    | bash: Arbitrary code execution                      |
  29. |                              |                     |          |                            |                                  | via malicious hostname                              |
  30. +                              +---------------------+----------+                            +----------------------------------+-----------------------------------------------------+
  31. |                              | CVE-2016-9401       | LOW      |                            | 4.3-11+deb8u2                    | bash: popd controlled free                          |
  32. +                              +---------------------+          +                            +----------------------------------+-----------------------------------------------------+
  33. |                              | TEMP-0841856-B18BAF |          |                            |                                  |                                                     |
  34. +------------------------------+---------------------+----------+----------------------------+----------------------------------+-----------------------------------------------------
  35. ...