Trivy Runner is a Go-based web application designed to scan Docker images using Trivy and provide vulnerability reports. This tool simplifies the process of scanning container images for security vulnerabilities by exposing a web API.
- Go (version 1.19 or later)
- Docker
To set up the Trivy Runner on your local machine, follow these steps:
- Clone the repository:
git clone https://github.com/vpereira/trivy_runner.git - Navigate to the project directory:
cd trivy_runner - Build the application:
make
docker-compose build # to build it
docker-compose up # to start it
Then if you want to scan a new image:
curl "http://localhost:8080/scan?image=registry.suse.com/bci/bci-busybox:latest"
If you want to test integration together with registry catalog
- Check/adapt the
docker-compose-integration.ymlfile - run
make integration-server
- Scan Docker images for vulnerabilities using Trivy.
- Real-time logging of scanning process.