====== Сканер Trivy ======
* [[https://trivy.dev/|The All-in-One Security Scanner]]
* [[https://cisoclub.ru/skaner-uyazvimostej-docker-kontejnerov-trivy/]]
* [[https://github.com/aquasecurity/trivy/tags]]
$ docker run --rm aquasec/trivy image nginx
или
$ docker run --rm aquasec/trivy:0.69.3 image nginx
или
$ docker run --rm ghcr.io/aquasecurity/trivy image nginx
$ time docker run --rm -v $HOME/.cache/:/root/.cache/ ghcr.io/aquasecurity/trivy image nginx
* Docker образ [[Технология Docker#Приложение python pywebd]]
$ docker run --rm -v $HOME/.cache/:/root/.cache/ ghcr.io/aquasecurity/trivy --insecure image gitlab.corpX.un:5000/student/pywebd
$ docker run --rm -v $HOME/.cache/:/root/.cache/ -v /var/run/docker.sock:/var/run/docker.sock ghcr.io/aquasecurity/trivy image gitlab.corpX.un:5000/student/pywebd
$ docker run --rm -v $HOME/.cache/:/root/.cache/ -v /var/run/docker.sock:/var/run/docker.sock ghcr.io/aquasecurity/trivy image pywebd
$ docker run --rm -v $HOME/.cache/:/root/.cache/ \
-v /var/run/docker.sock:/var/run/docker.sock \
-v $(pwd)/.trivyignore:/work/.trivyignore -w /work/ \
ghcr.io/aquasecurity/trivy --exit-code 1 --severity HIGH image pywebd && echo OK || echo Problems
~/pywebd# cat .trivyignore
CVE-2026-28390
CVE-2026-22184
CVE-2026-23949
#CVE-2026-24049
$ TR_VER=0.69.2
$ wget https://github.com/aquasecurity/trivy/releases/download/v${TR_VER}/trivy_${TR_VER}_Linux-64bit.deb
# dpkg -i trivy_${TR_VER}_Linux-64bit.deb
# trivy image pywebd