Docker Image Scan Using Trivy Tool

When we have local docker images with us for review, we can scan the docker image (example.tar) using Trivy tool.

Use below commands to Install Trivy tool in kali linux/debian system.

1. sudo apt-get install wget apt-transport-https gnupg lsb-release
2. wget -qO — https://aquasecurity.github.io/trivy-repo/deb/public.key | gpg — dearmor | sudo tee /usr/share/keyrings/trivy.gpg > /dev/null
3. echo “deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main” | sudo tee -a /etc/apt/sources.list.d/trivy.list
4. sudo apt-get update
5. sudo apt-get install trivy

Once the tool installation is completed, we can the scan the image using below command

trivy image — input example.tar

Once the scan completed we can export the results to output.txt file using below command

trivy image — input example.tar -o output.txt

We can also scan “Dockerfile” using below command

trivy config Dockerfile

!! Happy Learning !!