Setting up our windows WSL Ubuntu machine for the Trivy setup
first, we need the docker to be installed on your machine.
Install the Trivy on Ubuntu Machine (WSL)
sudo apt-get install wget apt-transport-https gnupg lsb-release
wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -
echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list.d/trivy.list
sudo apt-get update
sudo apt-get install trivy
To work with google container registry you need to have default credentials set before you start the scan, how you do it, you need to have service account of the google project which would have right amount of the permissions to get the image from the Google Container Registry (GCR).
export GOOGLE_APPLICATION_CREDENTIALS=//service-acc-key.json
What if you wanted to share the scan report as html page, which would be very much easy to read
trivy image eu.gcr.io/<project_name>/ear-aa-990-daily-full-load-sqlserver-medium --timeout 1000m --format template --template "@html.tpl" -o report.html
Note - you have to download the template html.tpl in the same directory before your the above scan, use this link(github.com/aquasecurity/trivy/blob/main/con..) to download the file.
How to Scan with severity: CRITICAL and HIGH
trivy image --severity CRITICAL,HIGH eu.gcr.io/<project_name>/ear-aa-990-daily-full-load-sqlserver-medium --timeout 1000m
How to scan in debug mode
trivy -d image --severity CRITICAL,HIGH eu.gcr.io/<project_name>/ear-aa-990-daily-full-load-sqlserver-medium --timeout 1000m
Reference articles: