docs/tutorials/additional-resources/community.md

# Community References
Below is a list of additional resources from the community.

## Vulnerability Scanning

- [Detecting Spring4Shell with Trivy and Grype](https://youtu.be/mOfBcpJWwSs)
- [Scan OS of your EC2 instances with Trivy](https://pabis.eu/blog/2023-05-01-Scan-Instances-With-Trivy.html)

## CI/CD Pipelines

- [How to use Tekton to set up a CI pipeline with OpenShift Pipelines](https://www.redhat.com/architect/cicd-pipeline-openshift-tekton)
- [Continuous Container Vulnerability Testing with Trivy](https://semaphoreci.com/blog/continuous-container-vulnerability-testing-with-trivy)
- [Getting Started With Trivy and Jenkins](https://youtu.be/MWe01VdwuMA)
- [How to use Tekton to set up a CI pipeline with OpenShift Pipelines](https://www.redhat.com/architect/cicd-pipeline-openshift-tekton)

## Misconfiguration Scanning

- [Identifying Misconfigurations in your Terraform](https://youtu.be/cps1V5fOHtE)
- [How to write custom checks for Trivy](https://blog.ediri.io/how-to-write-custom-policies-for-trivy)

## SBOM, Attestation & related

- [Attesting Image Scans With Kyverno](https://neonmirrors.net/post/2022-07/attesting-image-scans-kyverno/)

## Trivy Kubernetes

- [Using Trivy Kubernetes in OVHCloud documentation.](https://docs.ovh.com/gb/en/kubernetes/installing-trivy/)

## Comparisons

- [the vulnerability remediation lifecycle of Alpine containers](https://ariadne.space/2021/06/08/the-vulnerability-remediation-lifecycle-of-alpine-containers/)
- [Open Source CVE Scanner Round-Up: Clair vs Anchore vs Trivy](https://boxboat.com/2020/04/24/image-scanning-tech-compared/)
- [Docker Image Security: Static Analysis Tool Comparison – Anchore Engine vs Clair vs Trivy](https://www.a10o.net/devsecops/docker-image-security-static-analysis-tool-comparison-anchore-engine-vs-clair-vs-trivy/)

### Evaluations

- [Istio evaluating to use Trivy](https://github.com/istio/release-builder/pull/687#issuecomment-874938417)
- [Research Spike: evaluate Trivy for scanning running containers](https://gitlab.com/gitlab-org/gitlab/-/issues/270888)
-												docs: restructure docs and add tutorials (#2883)

Co-authored-by: knqyf263 <knqyf263@gmail.com>
											
										
										
											2022-09-15 19:27:58 +01:00
+								# Community References
 								Below is a list of additional resources from the community.
-												docs: adding blog post on ec2 (#4813)

* adding blog post on ec2

Signed-off-by: AnaisUrlichs <urlichsanais@gmail.com>

* update title of section

Signed-off-by: AnaisUrlichs <urlichsanais@gmail.com>

* changing the location of the article to be under Vulnerabilities

---------

Signed-off-by: AnaisUrlichs <urlichsanais@gmail.com>
											
										
										
											2023-08-13 08:40:08 +01:00
+								## Vulnerability Scanning
-												docs: restructure docs and add tutorials (#2883)

Co-authored-by: knqyf263 <knqyf263@gmail.com>
											
										
										
											2022-09-15 19:27:58 +01:00
 								- [Detecting Spring4Shell with Trivy and Grype](https://youtu.be/mOfBcpJWwSs)
-												docs: adding blog post on ec2 (#4813)

* adding blog post on ec2

Signed-off-by: AnaisUrlichs <urlichsanais@gmail.com>

* update title of section

Signed-off-by: AnaisUrlichs <urlichsanais@gmail.com>

* changing the location of the article to be under Vulnerabilities

---------

Signed-off-by: AnaisUrlichs <urlichsanais@gmail.com>
											
										
										
											2023-08-13 08:40:08 +01:00
+								- [Scan OS of your EC2 instances with Trivy](https://pabis.eu/blog/2023-05-01-Scan-Instances-With-Trivy.html)
-												docs: restructure docs and add tutorials (#2883)

Co-authored-by: knqyf263 <knqyf263@gmail.com>
											
										
										
											2022-09-15 19:27:58 +01:00
 								## CI/CD Pipelines
 								- [How to use Tekton to set up a CI pipeline with OpenShift Pipelines](https://www.redhat.com/architect/cicd-pipeline-openshift-tekton)
 								- [Continuous Container Vulnerability Testing with Trivy](https://semaphoreci.com/blog/continuous-container-vulnerability-testing-with-trivy)
 								- [Getting Started With Trivy and Jenkins](https://youtu.be/MWe01VdwuMA)
 								- [How to use Tekton to set up a CI pipeline with OpenShift Pipelines](https://www.redhat.com/architect/cicd-pipeline-openshift-tekton)
 								## Misconfiguration Scanning
 								- [Identifying Misconfigurations in your Terraform](https://youtu.be/cps1V5fOHtE)
-												feat(misconf): Add support for deprecating a check (#6664)

Signed-off-by: Simar <simar@linux.com>
											
										
										
											2024-05-15 19:14:51 -06:00
+								- [How to write custom checks for Trivy](https://blog.ediri.io/how-to-write-custom-policies-for-trivy)
-												docs: restructure docs and add tutorials (#2883)

Co-authored-by: knqyf263 <knqyf263@gmail.com>
											
										
										
											2022-09-15 19:27:58 +01:00
 								## SBOM, Attestation & related
 								- [Attesting Image Scans With Kyverno](https://neonmirrors.net/post/2022-07/attesting-image-scans-kyverno/)
 								## Trivy Kubernetes
 								- [Using Trivy Kubernetes in OVHCloud documentation.](https://docs.ovh.com/gb/en/kubernetes/installing-trivy/)
 								## Comparisons
 								- [the vulnerability remediation lifecycle of Alpine containers](https://ariadne.space/2021/06/08/the-vulnerability-remediation-lifecycle-of-alpine-containers/)
 								- [Open Source CVE Scanner Round-Up: Clair vs Anchore vs Trivy](https://boxboat.com/2020/04/24/image-scanning-tech-compared/)
 								- [Docker Image Security: Static Analysis Tool Comparison – Anchore Engine vs Clair vs Trivy](https://www.a10o.net/devsecops/docker-image-security-static-analysis-tool-comparison-anchore-engine-vs-clair-vs-trivy/)
 								### Evaluations
 								- [Istio evaluating to use Trivy](https://github.com/istio/release-builder/pull/687#issuecomment-874938417)
-												docs: adding blog post on ec2 (#4813)

* adding blog post on ec2

Signed-off-by: AnaisUrlichs <urlichsanais@gmail.com>

* update title of section

Signed-off-by: AnaisUrlichs <urlichsanais@gmail.com>

* changing the location of the article to be under Vulnerabilities

---------

Signed-off-by: AnaisUrlichs <urlichsanais@gmail.com>
											
										
										
											2023-08-13 08:40:08 +01:00
+								- [Research Spike: evaluate Trivy for scanning running containers](https://gitlab.com/gitlab-org/gitlab/-/issues/270888)