Let's Learn Together
posts about categories
Let's Learn Together

Contents

Alpine Linux Container Scan with Trivy [2022-12-12]

 included in container
   332 words   2 minutes 
Contents

Alpine Linux Container Security Scan with Trivy [ December 12 2022]

Step 1/2 : FROM public.ecr.aws/docker/library/alpine:latest
latest: Pulling from docker/library/alpine
c158987b0551: Pulling fs layer
c158987b0551: Verifying Checksum
c158987b0551: Download complete
c158987b0551: Pull complete
Digest: sha256:8914eb54f968791faf6a8638949e480fef81e697984fba772b3976835194c6d4
Status: Downloaded newer image for public.ecr.aws/docker/library/alpine:latest
 ---> 49176f190c7e
Step 2/2 : RUN apk update && apk upgrade
 ---> Running in 018928570e95
fetch https://dl-cdn.alpinelinux.org/alpine/v3.17/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.17/community/x86_64/APKINDEX.tar.gz
v3.17.0-178-gac25ec36ea [https://dl-cdn.alpinelinux.org/alpine/v3.17/main]
v3.17.0-179-g196b5aa8f9 [https://dl-cdn.alpinelinux.org/alpine/v3.17/community]
OK: 17804 distinct packages available
OK: 7 MiB in 15 packages
Info

alpine:scan (alpine 3.17.0)

Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)

[Aquasec Trivy] Searching for all files in '/var/lib/jenkins/workspace/trivy-alpine' that match the pattern 'results.json'
[Aquasec Trivy] Traversing of symbolic links: enabled
[Aquasec Trivy] -> found 1 file
[Aquasec Trivy] Successfully parsed file /var/lib/jenkins/workspace/trivy-alpine/results.json
[Aquasec Trivy] -> found 0 issues (skipped 0 duplicates)
[Aquasec Trivy] Successfully processed file 'results.json'
[Aquasec Trivy] Skipping post processing
[Aquasec Trivy] No filter has been set, publishing all 0 issues
[Aquasec Trivy] Repository miner is not configured, skipping repository mining
[Aquasec Trivy] Reference build recorder is not configured
[Aquasec Trivy] Obtaining reference build from same job (trivy-alpine)
[Aquasec Trivy] Using reference build 'trivy-alpine #4' to compute new, fixed, and outstanding issues
[Aquasec Trivy] Issues delta (vs. reference build): outstanding: 0, new: 0, fixed: 0
[Aquasec Trivy] No quality gates have been set - skipping
[Aquasec Trivy] Health report is disabled - skipping
[Aquasec Trivy] Created analysis result for 0 issues (found 0 new issues, fixed 0 issues)
[Aquasec Trivy] Attaching ResultAction with ID 'trivy' to build 'trivy-alpine #5'.
[Checks API] No suitable checks publisher found.
[Pipeline] sh
+ trivy image alpine:scan
2022-12-13T19:03:03.604-0500	INFO	Vulnerability scanning is enabled
2022-12-13T19:03:03.604-0500	INFO	Secret scanning is enabled
2022-12-13T19:03:03.604-0500	INFO	If your scanning is slow, please try '--security-checks vuln' to disable secret scanning
2022-12-13T19:03:03.604-0500	INFO	Please see also https://aquasecurity.github.io/trivy/v0.34/docs/secret/scanning/#recommendation for faster secret detection
2022-12-13T19:03:03.607-0500	INFO	Detected OS: alpine
2022-12-13T19:03:03.607-0500	INFO	This OS version is not on the EOL list: alpine 3.17
2022-12-13T19:03:03.607-0500	INFO	Detecting Alpine vulnerabilities...
2022-12-13T19:03:03.607-0500	INFO	Number of language-specific files: 0
Updated on 2022-12-12
 alpinecontainertrivyCVE
Back | Home