Getting Started
IBM TechXchange Dev Day: Virtual Agents
Join us 23 January from 11 AM - 6 PM ET as over 30 speakers from IBM and key AI industry leaders discuss the latest AI trends.
Recipe explains about the following.
1. How to integrate trivy in Jenkins2. How to integrate trivy in Tekton
Note:
The full content of the recipe is available in GIT at the below location.
https://github.com/GandhiCloudLab/devsecops-with-trivy
The snapshots only given in this recipe here.
DevSecOps ensures the security by doing Vulnerability scanning on the container images. There are several tools available for image scanning.
Trivy is a Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI.
The more information on Trivy is available in https://github.com/aquasecurity/trivy
In this article, we will see, how to implement trivy in Jenkins and Tekton pipelines.
The CICD process contains several steps. There could be a step called Build Image that will build a image and Push the image to the image registry.
Need to split the step into 3 steps.
Build ImageTrivy ScanPush Image
Here is the modified pipeline.
You can see more information in
https://github.com/GandhiCloudLab/devsecops-with-trivy/#1-Integrating-Trivy-in-Jenkins
The CICD process contains several steps. There could be a step called Build that will build a image and Push the image to the image registry.
buildimage-scanpush
https://github.com/GandhiCloudLab/devsecops-with-trivy/#2-Integrating-Trivy-in-Tekton