試し打ち
こんな感じ。CUI上にて一覧化してくれるので結構便利。
$ trivy image nginx:1.19.1-alpine-perl | grep CVE-2021-28831 26.21 MiB / 26.21 MiB [---------------------------------------------------------------------------------] 100.00% 14.05 MiB p/s 2s | busybox | CVE-2021-28831 | | 1.31.1-r9 | 1.31.1-r10 | busybox: invalid free or segmentation | | ssl_client | CVE-2021-28831 | HIGH | 1.31.1-r9 | 1.31.1-r10 | busybox: invalid free or segmentation |
色々機能があるみたいなので
$ trivy --help NAME: trivy - A simple and comprehensive vulnerability scanner for containers USAGE: trivy [global options] command [command options] target VERSION: 0.22.0 COMMANDS: image, i scan an image filesystem, fs scan local filesystem for language-specific dependencies and config files rootfs scan rootfs repository, repo scan remote repository client, c client mode server, s server mode config, conf scan config files plugin, p manage plugins help, h Shows a list of commands or help for one command GLOBAL OPTIONS: --quiet, -q suppress progress bar and log output (default: false) [$TRIVY_QUIET] --debug, -d debug mode (default: false) [$TRIVY_DEBUG] --cache-dir value cache directory (default: "/root/.cache/trivy") [$TRIVY_CACHE_DIR] --help, -h show help (default: false) --version, -v print the version (default: false)
気になった方は遊んでみてください。