Skip to content

Files

securityscanutils

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
Dec 5, 2022
Nov 22, 2024
Sep 24, 2024
Dec 5, 2022
Dec 5, 2022
Nov 22, 2024
Nov 22, 2024
Nov 22, 2024
Nov 22, 2024
Feb 7, 2023
Dec 18, 2023
Dec 18, 2023
Sep 24, 2024

Trivy Security Scanning

Trivy is a security scanning tool which we use to scan our images for vulnerabilities. You can run a trivy scan identical to CI on your own command line by installing trivy and running

trivy image --severity HIGH,CRITICAL quay.io/solo-io/<IMAGE>:<VERSION>

Using securityscanutils

Using the utils here is as easy as using the CLI defined in the cli subdirectory. The snippet below shows the output the said CLI's help command.

The GITHUB_TOKEN environment variable must be set for security scanning to work.

go-utils/securityscan % go run ./cli/main.go help

CLI for identifying CVEs in images

Usage:
  cvectl [command]

Available Commands:
  format-results Pull down security scan files from gcloud bucket and generate docs markdown file
  help           Help about any command
  scan-repo      Run Trivy scans against images for the repo specified and upload scan results to a google cloud bucket
  scan-version   Run Trivy scans against images for a single version

Flags:
  -h, --help      help for cvectl
  -v, --verbose   Enable verbose logging

Use "cvectl [command] --help" for more information about a command.