DevOps Automation

 View Only

Recipe: DevSecOps using Aquasec Trivy - Steps to implement Aquasec Trivy image scanning in Jenkins and Tekton pipelines

By Jeya Gandhi Rajan M posted Thu September 16, 2021 03:06 PM

  

    Overview

    Skill Level: Any Skill Level

    Recipe explains about the following.

    1. How to integrate trivy in Jenkins
    2. How to integrate trivy in Tekton

    Ingredients

    Note:

    The full content of the recipe is available in GIT at the below location.

    https://github.com/GandhiCloudLab/devsecops-with-trivy

    The snapshots only given in this recipe here.

    Step-by-step

    1. Introduction

      DevSecOps ensures the security by doing Vulnerability scanning on the container images. There are several tools available for image scanning.

      Trivy is a Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI.

      The more information on Trivy is available in https://github.com/aquasecurity/trivy

      In this article, we will see, how to implement trivy in Jenkins and Tekton pipelines.

    2. Integrating Trivy in jenkins

      The CICD process contains several steps. There could be a step called Build Image that will build a image and Push the image to the image registry.

      01-jenkins-pipeline

      Need to split the step into 3 steps.

      Build Image
      Trivy Scan
      Push Image

      Here is the modified pipeline.

      02-jenkins-pipeline-with-trivy

       

      You can see more information in

      https://github.com/GandhiCloudLab/devsecops-with-trivy/#1-Integrating-Trivy-in-Jenkins

    3. Integrating Trivy in Tekton

      The CICD process contains several steps. There could be a step called Build that will build a image and Push the image to the image registry.

      05-tekton-pipeline

      Need to split the step into 3 steps.

      build
      image-scan
      push

      Here is the modified pipeline.

      06-tekton-pipeline-with-trivy

       

      You can see more information in

      https://github.com/GandhiCloudLab/devsecops-with-trivy/#2-Integrating-Trivy-in-Tekton

       

       

    ​​​​​​​​​​​​​​​​
    0 comments
    45 views

    Permalink