在Trivy 的安装页面中没有提及 Windows。
我安装了适用于 Windows 的 Docker,因此 Docker 方法看起来很有前途,但有一些事情我不确定:
/var/run和目录?$HOME/Library/Caches目的是扫描我使用 Docker for Windows 构建的映像。
我已将 docker 映像从私有存储库拉到本地,并尝试使用 trivy image 命令扫描本地映像。它正在拉取数据库,但显示访问本地映像时出现未经授权的错误
scan error: unable to initialize a scanner: unable to initialize a docker scanner: 3 errors occurred:
* unable to inspect the image (index.docker.io/library/58625f3e2b28:latest): Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
* unable to initialize Podman client: no podman socket found: stat podman/podman.sock: no such file or directory
* GET https://index.docker.io/v2/library/58625f3e2b28/manifests/latest: UNAUTHORIZED: authentication required; [map[Action:pull Class: Name:library/58625f3e2b28 Type:repository]]
Docker deamon 正在运行,镜像也在本地。Trivy 版本:0.22.0
我正在将 Trivy 作为 docker 容器运行,并使用以下命令扫描本地图像
docker run …我正在尝试使用 Trivy 进行 docker 扫描并将其集成到 GitLab 中,管道已通过。\n但是作业失败了,不确定作业失败的原因。\ndocker 映像有效。\n启用共享运行程序后更新了新错误
\ngitlab.yml
\nTrivy_container_scanning:\n stage: test\n image: docker:stable-git\n variables:\n # Override the GIT_STRATEGY variable in your `.gitlab-ci.yml` file and set it to `fetch` if you want to provide a `clair-whitelist.yml`\n # file. See https://docs.gitlab.com/ee/user/application_security/container_scanning/index.html#overriding-the-container-scanning-template\n # for details\n GIT_STRATEGY: none\n IMAGE: "$CI_REGISTRY_IMAGE:$CI_COMMIT_SHA"\n allow_failure: true\n before_script:\n - export TRIVY_VERSION=${TRIVY_VERSION:-v0.20.0}\n - apk add --no-cache curl docker-cli\n - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY\n - curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin ${TRIVY_VERSION}\n …