What is Trivy?
- open-source security scanner tool developed by Aqua Security.
- Used for vulnerability scanning in such as
- container images
- file systems/folders
- Git repositories
- Kubernetes clusters
- misconfiguration in files such as Terraform, K8S manifest files
- Trivy helps identify security issues and misconfigurations early in the software development lifecycle.
Pre-requisites:
- Any Linux instance is up and running, in our case we will use Jenkins Ubuntu machine
How to Install Trivy scanner on Jenkins Ubuntu EC2 instance?
Trivy scanner can be installed so many ways. Check here for more information. But we will be using APT package manager to install on Ubuntu EC2.
sudo apt-get install wget gnupg -y
wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | gpg --dearmor | sudo tee /usr/share/keyrings/trivy.gpg > /dev/null
echo "deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb generic main" | sudo tee -a /etc/apt/sources.list.d/trivy.list
sudo apt-get update
sudo apt-get install trivy -y
Check Trivy got installed
trivy --version
This confirm that Trivy got installed successfully.
Jenkins Pipeline
pipeline {
agent any
tools {
maven 'Maven3'
}
stages {
stage('Checkout') {
steps {
git branch: 'main', credentialsId: '', url: 'https://github.com/akannan1087/myApr2026WeekendRepo'
}
}
stage ("build") {
steps {
echo "doing my build.."
sh "mvn clean install -f MyWebApp/pom.xml"
}
}
stage ("code coverage") {
steps {
jacoco()
}
}
stage ("code scan") {
steps {
withSonarQubeEnv('SonarQube') {
sh "mvn sonar:sonar -f MyWebApp/pom.xml"
}
}
}
stage ("security scan") {
steps {
sh "trivy fs ."
}
}
}
}
Watch video in my YouTube channel:
No comments:
Post a Comment