====== Сканер Trivy ======

  * [[https://trivy.dev/|The All-in-One Security Scanner]]
  * [[https://cisoclub.ru/skaner-uyazvimostej-docker-kontejnerov-trivy/]]

  * [[https://github.com/aquasecurity/trivy/tags]]

<code>
$ docker run --rm aquasec/trivy image nginx

$ time docker run --rm -v $HOME/.cache/:/root/.cache/ aquasec/trivy image nginx
</code>
  * Docker образ [[Технология Docker#Приложение python pywebd]]
<code>
$ docker run --rm -v $HOME/.cache/:/root/.cache/ aquasec/trivy --insecure image gitlab.corpX.un:5000/student/pywebd

$ docker run --rm -v $HOME/.cache/:/root/.cache/ -v /var/run/docker.sock:/var/run/docker.sock aquasec/trivy image gitlab.corpX.un:5000/student/pywebd

$ docker run --rm -v $HOME/.cache/:/root/.cache/ -v /var/run/docker.sock:/var/run/docker.sock aquasec/trivy image pywebd

$ docker run --rm -v $HOME/.cache/:/root/.cache/ \
  -v /var/run/docker.sock:/var/run/docker.sock \
  -v $(pwd)/.trivyignore:/work/.trivyignore -w /work/ \
  aquasec/trivy --exit-code 1 image pywebd && echo OK || echo Problems
  
~/pywebd# cat .trivyignore
</code><code>
CVE-2026-22184
#CVE-2026-27171
</code>

<code>
$ TR_VER=0.69.2

$ wget https://github.com/aquasecurity/trivy/releases/download/v${TR_VER}/trivy_${TR_VER}_Linux-64bit.deb

# dpkg -i trivy_${TR_VER}_Linux-64bit.deb

# trivy image pywebd
</code>