Introduction

Trivy is an open-source vulnerability scanner for containers, filesystems, and Git repositories. It helps detect vulnerabilities, misconfigurations, and security issues in container images, packages, and infrastructure as code. Trivy is widely used in DevOps pipelines for continuous security checks.

Prerequisites

Before installing Trivy on an Ubuntu/Debian system, make sure the following are in place:

  1. Operating System: Ubuntu/Debian-based Linux distribution.
  2. Root or sudo privileges: Required to install packages and modify system repositories.
  3. Basic tools: wget, apt-transport-https, and gnupg (for adding external repositories).
  4. Internet access: Required to download Trivy packages from the official repository.

Installation Steps

Here’s a step-by-step explanation of your commands:

  1. Update package index and install dependencies
sudo apt-get update
sudo apt-get install -y wget apt-transport-https gnupg lsb-release
  • Updates your system package list.
  • Installs required tools: wget (download files), apt-transport-https (enable HTTPS repositories), gnupg (verify signatures), lsb-release (get OS info).
  1. Add Trivy GPG key
wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -
  • Downloads Trivy’s signing key and adds it to your system to verify package integrity.
  1. Add Trivy repository
echo "deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main" | sudo tee -a /etc/apt/sources.list.d/trivy.list
  • Adds the Trivy repository for your Ubuntu/Debian version (detected dynamically using lsb_release -sc) so that Trivy can be installed via apt.
  1. Update package index and install Trivy
sudo apt-get update
sudo apt-get install -y trivy
  • Refreshes the package list to include Trivy repo.
  • Installs Trivy on your system.
  1. Verify installation
trivy -v
  • Confirms the installed Trivy version and ensures it’s ready to use.

Conclusion

After completing these steps, Trivy is successfully installed on your system. You can now scan container images, file systems, or repositories for vulnerabilities using simple commands like:

trivy image <image_name>
trivy fs <path_to_filesystem>

Trivy provides a lightweight, easy-to-use, and reliable solution to integrate security checks into your DevOps workflow.

Post Views: 1

Leave a Reply