Docker Open Source CVE scanner
by sudos from LinuxQuestions.org on (#55Q1D)
I'm a newbie to DevOps, with little knowledge on docker. I am working on a project to integrate Trivy ( An open-source Docker vulnerability scanner) into our lab to serve as a quality analysis tool for Docker. So far I have been able to source Trivy and Trivy-db (the database Trivy uses) into our lab by pulling the images through our proxy, and then transferring it over into the lab.
However, I am stuck and not sure how Trivy would work in the lab effectively if it is not able to grab the CVE updates since the lab has no access to external internet, it won't be able to grab the updates from the GitHub repository. It will also be redundant to bring in weekly updates manually. Any thoughts on how to go about this?
However, I am stuck and not sure how Trivy would work in the lab effectively if it is not able to grab the CVE updates since the lab has no access to external internet, it won't be able to grab the updates from the GitHub repository. It will also be redundant to bring in weekly updates manually. Any thoughts on how to go about this?