Introducing Trivy to Skpr
Trivy is now available through the official Skpr CLI Docker image!
Trivy is an open-source security scanning tool maintained and developed primarily by Acqua Security - a key player in the Cloud Native ecosystem.
It allows users to scan dependency files, file systems, docker images, and more against their frequently updated vulnerability database.
How are we making security easier?
Skpr users can now automatically scan their images and determine if their application has any immediate vulnerabilities. Our CLI image comes with Trivy, so you can easily integrate it with your workflow.
Available now in Skpr Orb, taking advantage of our CircleCI integration requires minimal effort.
This solution is not limited to Trivy. We're able to integrate many other tools, so let us know if another scanning tool fits your workflow.
Updates to the Orb will help you to:
- Scan dependency files for vulnerabilities in your supply chain.
- Scan the Docker images that run your applications for vulnerabilities.
- Run security scans on projects before they deploy to production.
- Scan at any time, including on a schedule.
- Be more proactive, and create tickets for issues of concern when they emerge (and before they surprise you).
Trivy is fast and effective. It can be made available on each release or pull request. It's flexible to your needs and can be adjusted in your workflow's configuration. CI logs will show the scan outcomes in CircleCI, allowing you to take security considerations into account during the development cycle.
What do I need to do?
If you're interested in upping your security when developing a new feature or running routine scans, look at our documentation covering implementation examples using the Skpr Orb.
If you have any questions or would like a demo or advice on integrating Trivy into your workflow, please contact the Skpr team.