Rootfs

Scan a root filesystem (such as a host machine, a virtual machine image, or an unpacked container image filesystem).

  1. $ trivy rootfs /path/to/rootfs

From Inside Containers

Scan your container from inside the container.

  1. $ docker run --rm -it alpine:3.11
  2. / # curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
  3. / # trivy rootfs /

Result

  1. 2021-03-08T05:22:26.378Z INFO Need to update DB
  2. 2021-03-08T05:22:26.380Z INFO Downloading DB...
  3. 20.37 MiB / 20.37 MiB [-------------------------------------------------------------------------------------------------------------------------------------] 100.00% 8.24 MiB p/s 2s
  4. 2021-03-08T05:22:30.134Z INFO Detecting Alpine vulnerabilities...
  5. 2021-03-08T05:22:30.138Z INFO Trivy skips scanning programming language libraries because no supported file was detected
  6. 313430f09696 (alpine 3.11.7)
  7. ============================
  8. Total: 6 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 6, CRITICAL: 0)
  9. +--------------+------------------+----------+-------------------+---------------+---------------------------------------+
  10. | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
  11. +--------------+------------------+----------+-------------------+---------------+---------------------------------------+
  12. | libcrypto1.1 | CVE-2021-23839 | HIGH | 1.1.1i-r0 | 1.1.1j-r0 | openssl: incorrect SSLv2 |
  13. | | | | | | rollback protection |
  14. | | | | | | -->avd.aquasec.com/nvd/cve-2021-23839 |
  15. + +------------------+ + + +---------------------------------------+
  16. | | CVE-2021-23840 | | | | openssl: integer |
  17. | | | | | | overflow in CipherUpdate |
  18. | | | | | | -->avd.aquasec.com/nvd/cve-2021-23840 |
  19. + +------------------+ + + +---------------------------------------+
  20. | | CVE-2021-23841 | | | | openssl: NULL pointer dereference |
  21. | | | | | | in X509_issuer_and_serial_hash() |
  22. | | | | | | -->avd.aquasec.com/nvd/cve-2021-23841 |
  23. +--------------+------------------+ + + +---------------------------------------+
  24. | libssl1.1 | CVE-2021-23839 | | | | openssl: incorrect SSLv2 |
  25. | | | | | | rollback protection |
  26. | | | | | | -->avd.aquasec.com/nvd/cve-2021-23839 |
  27. + +------------------+ + + +---------------------------------------+
  28. | | CVE-2021-23840 | | | | openssl: integer |
  29. | | | | | | overflow in CipherUpdate |
  30. | | | | | | -->avd.aquasec.com/nvd/cve-2021-23840 |
  31. + +------------------+ + + +---------------------------------------+
  32. | | CVE-2021-23841 | | | | openssl: NULL pointer dereference |
  33. | | | | | | in X509_issuer_and_serial_hash() |
  34. | | | | | | -->avd.aquasec.com/nvd/cve-2021-23841 |
  35. +--------------+------------------+----------+-------------------+---------------+---------------------------------------+

Other Examples