Trivy

Trivy is an open-source vulnerability scanner designed for containers and containerized applications. Trivy focuses on identifying security vulnerabilities in container images. It is a lightweight and easy-to-use tool that integrates into the development and deployment pipeline.

Usage of Trivy in Delivery Shield

  • Delivery Shield mandates security scans on images using Trivy. It connects with Trivy to see if the required version of the image has been scanned and if not done, Delivery Shield generates a security issue. It also triggers periodic vulnerability scans on the deployed images.

  • Once the grype scan is done, Delivery Shield pulls container security scan results from grype, and this data is used to calculate the overall security status of the images and application, to generate alerts and remediation.

  • Delivery Shield also pulls other scan results such as IAC configuration scan and secret scan and uses it to calculate the overall risk of the application. The scanned results are available in the Vulnerability Management page, Artifact section of the DBOM page, and the View Open Security Issues page.

  • SSD imports SBOMs generated by Trivy and analyzes it to identify the supply chain security issues.

Trivy is integrated as part of Delivery Shield. You need to just enable or disable it when required.

To Manage Trivy:

  1. Navigate to Config > Integrations.

  2. In the Artifact panel, click Trivy.

You can use the toggle button provided below the integration tile to enable or disable it as needed.

  1. The Trivy integration page is displayed.

  2. Enable the Vulnerability Scan and Helm Scan toggle button.

  3. Click Save. The tool is connected.

  4. You can edit the entered values by clicking the Edit option:

  1. Enable or disable Vulnerability Scan and Helm Scan toggle button and click Update.

The new setting gets updated.

PreviousSnykNextSemgrep

Last updated