Trivy Multiple Container Scan

Requirements:-

  • Windows is not use for trivy install

  • Install trivy and make a script for multiple container scan

How to install trivy in ubuntu

Just run these 2 command with sudo permission

wget https://github.com/aquasecurity/trivy/releases/download/v0.18.3/trivy_0.18.3_Linux-64bit.deb
sudo dpkg -i trivy_0.18.3_Linux-64bit.deb

i need to scan more then 100+ images do you have any idea how to do it at once and get a report for that

You can scan multiple Docker images at once and generate reports using a loop in a bash script. Here's a step-by-step guide to help you scan over 100+ images and generate a report:

Step 1: Create a File with Image Names

Create a text file that contains the names of all the Docker images you want to scan, one per line. For example, create a file named images.txt:

nano images.txt

Add the image names in the file:

nginx:latest
alpine:3.12
ubuntu:20.04
# Add more images here

Save and close the file.

Step 2: Write a Bash Script to Scan All Images

Create a bash script that reads the image names from images.txt and scans each image using Trivy, saving the reports.

  1. Create the script:

     nano trivy-scan.sh
    
  2. Add the following code:

     #!/bin/bash
    
     # Create a directory for the reports
     mkdir -p trivy-reports
    
     # Loop through each image in images.txt
     while IFS= read -r image; do
         echo "Scanning $image ..."
         # Run Trivy and save the report as a text file
         trivy image "$image" > "trivy-reports/$(echo $image | sed 's/\//_/g' | sed 's/:/_/g').txt"
     done < images.txt
    
     echo "Scanning completed. Reports are saved in the trivy-reports directory."
    
  3. Save and close the file.

Step 3: Make the Script Executable

Make your script executable by running:

chmod +x trivy-scan.sh

Step 4: Run the Script

Run the script to scan all images:

./trivy-scan.sh

Step 5: Review the Reports

Each image will have a report saved in the trivy-reports directory, with the file names based on the image names. For example, the report for nginx:latest will be saved as trivy-reports/nginx_latest.txt.