TechQA.

Scan docker images with Trivy from within a docker container

980 views Asked by At

Problem

I would like to do the following:

  1. Create an image with Trivy and Docker installed
  2. Run the container on Kubernetes
  3. Schedule a CRON job to pull all images from a container registry and to scan them, and output the results to stdout

Question

Is there a smart way to do this? Can you even install docker within a docker container?

docker security kubernetes trivy
Original Q&A
1

There are 1 answers

2
Esben Eickhardt On BEST ANSWER

I ended up doing the following:

  1. Creating an image with Trivy and Skopeo installed
  2. Downloading the docker images with Skopeo
    • skopeo copy --src-creds=user:password --dest-compress --src-tls-verify=false docker://myrepo.com/mynamespace/ubuntu:latest oci:ubuntu
  3. Scanning the image
    • trivy image --input ubuntu

An alternative to Skopeo would be to use the Registry HTTP API to download images as suggested by David Maze.

Related Questions in DOCKER

Related Questions in SECURITY

Related Questions in KUBERNETES

Related Questions in TRIVY

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions