admin/aquasecurity-trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2026-02-16 05:33:46 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
2bd6ac6bb6895dbda93e15cae3602ebb8036613e
aquasecurity-trivy/dev/docs/target/container_image/index.html

9152 lines
172 KiB
HTML
Raw Blame History

<!doctype html>
<html lang="en" class="no-js">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<meta name="description" content="Trivy - All-in-one open source security scanner">
<link rel="canonical" href="https://trivy.dev/dev/docs/target/container_image/">
<link rel="prev" href="../../">
<link rel="next" href="../filesystem/">
<link rel="icon" href="../../../assets/images/favicon.png">
<meta name="generator" content="mkdocs-1.6.1, mkdocs-material-9.5.44+insiders-4.53.14">
<title>Container Image - Trivy</title>
<link rel="stylesheet" href="../../../assets/stylesheets/main.12320a83.min.css">
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Inter:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback">
<style>:root{--md-text-font:"Inter";--md-code-font:"Roboto Mono"}</style>
<script>__md_scope=new URL("../../..",location),__md_hash=e=>[...e].reduce(((e,_)=>(e<<5)-e+_.charCodeAt(0)),0),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script>
<script id="__analytics">function __md_analytics(){function e(){dataLayer.push(arguments)}window.dataLayer=window.dataLayer||[],e("js",new Date),e("config","G-V9LJGFH7GX"),document.addEventListener("DOMContentLoaded",(function(){document.forms.search&&document.forms.search.query.addEventListener("blur",(function(){this.value&&e("event","search",{search_term:this.value})}));document$.subscribe((function(){var t=document.forms.feedback;if(void 0!==t)for(var a of t.querySelectorAll("[type=submit]"))a.addEventListener("click",(function(a){a.preventDefault();var n=document.location.pathname,d=this.getAttribute("data-md-value");e("event","feedback",{page:n,data:d}),t.firstElementChild.disabled=!0;var r=t.querySelector(".md-feedback__note [data-md-value='"+d+"']");r&&(r.hidden=!1)})),t.hidden=!1})),location$.subscribe((function(t){e("config","G-V9LJGFH7GX",{page_path:t.pathname})}))}));var t=document.createElement("script");t.async=!0,t.src="https://www.googletagmanager.com/gtag/js?id=G-V9LJGFH7GX",document.getElementById("__analytics").insertAdjacentElement("afterEnd",t)}</script>
<script>"undefined"!=typeof __md_analytics&&__md_analytics()</script>
<meta property="og:type" content="website" />
<meta property="og:title" content="Trivy - Container Image" />
<meta property="og:description" content="Trivy - All-in-one open source security scanner" />
<meta property="og:url" content="https://trivy.dev/dev/docs/target/container_image/" />
<meta property="og:image" content="https://trivy.dev/devassets/images/illustrations/banner.png" />
<meta property="og:image:type" content="image/png" />
<meta property="og:image:width" content="1080" />
<meta property="og:image:height" content="568" />
<style>
:root{
--md-primary-fg-color:#0a0b23;
}
.md-typeset a{
color:#10147e;
}
</style>
</head>
<body dir="ltr">
<input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
<label class="md-overlay" for="__drawer"></label>
<div data-md-component="skip">
<a href="#container-image" class="md-skip">
Skip to content
</a>
</div>
<div data-md-component="announce">
</div>
<div data-md-color-scheme="default" data-md-component="outdated" hidden>
<aside class="md-banner md-banner--warning">
<div class="md-banner__inner md-grid md-typeset">
You're not viewing the latest version of the documentation.
<a href="../../../..">
<strong>Click here to go to latest.</strong>
</a>
</div>
<script>var el=document.querySelector("[data-md-component=outdated]"),outdated=__md_get("__outdated",sessionStorage);!0===outdated&&el&&(el.hidden=!1)</script>
</aside>
</div>
<header class="md-header md-header--shadow md-header--lifted" data-md-component="header">
<nav class="md-header__inner md-grid" aria-label="Header">
<a href="../../.." title="Trivy" class="md-header__button md-logo" aria-label="Trivy" data-md-component="logo">
<img src="../../../imgs/logo-white.svg" alt="logo">
</a>
<label class="md-header__button md-icon" for="__drawer">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 6h18v2H3zm0 5h18v2H3zm0 5h18v2H3z"/></svg>
</label>
<div class="md-header__title" data-md-component="header-title">
<div class="md-header__ellipsis">
<div class="md-header__topic">
<span class="md-ellipsis">
Trivy
</span>
</div>
<div class="md-header__topic" data-md-component="header-topic">
<span class="md-ellipsis">
Container Image
</span>
</div>
</div>
</div>
<script>var palette=__md_get("__palette");if(palette&&palette.color){if("(prefers-color-scheme)"===palette.color.media){var media=matchMedia("(prefers-color-scheme: light)"),input=document.querySelector(media.matches?"[data-md-color-media='(prefers-color-scheme: light)']":"[data-md-color-media='(prefers-color-scheme: dark)']");palette.color.media=input.getAttribute("data-md-color-media"),palette.color.scheme=input.getAttribute("data-md-color-scheme"),palette.color.primary=input.getAttribute("data-md-color-primary"),palette.color.accent=input.getAttribute("data-md-color-accent")}for(var[key,value]of Object.entries(palette.color))document.body.setAttribute("data-md-color-"+key,value)}</script>
<label class="md-header__button md-icon" for="__search">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg>
</label>
<div class="md-search" data-md-component="search" role="dialog">
<label class="md-search__overlay" for="__search"></label>
<div class="md-search__inner" role="search">
<form class="md-search__form" name="search">
<input type="text" class="md-search__input" name="query" aria-label="Search" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="search-query" required>
<label class="md-search__icon md-icon" for="__search">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11z"/></svg>
</label>
<nav class="md-search__options" aria-label="Search">
<button type="reset" class="md-search__icon md-icon" title="Clear" aria-label="Clear" tabindex="-1">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12z"/></svg>
</button>
</nav>
</form>
<div class="md-search__output">
<div class="md-search__scrollwrap" tabindex="0" data-md-scrollfix>
<div class="md-search-result" data-md-component="search-result">
<div class="md-search-result__meta">
Initializing search
</div>
<ol class="md-search-result__list" role="presentation"></ol>
</div>
</div>
</div>
</div>
</div>
<div class="md-header__source">
<a href="https://github.com/aquasecurity/trivy" title="Go to repository" class="md-source" data-md-component="source">
<div class="md-source__icon md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 6.6.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc.--><path d="M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81"/></svg>
</div>
<div class="md-source__repository">
GitHub
</div>
</a>
</div>
</nav>
<nav class="md-tabs" aria-label="Tabs" data-md-component="tabs">
<div class="md-grid">
<ul class="md-tabs__list">
<li class="md-tabs__item">
<a href="../../.." class="md-tabs__link">
Home
</a>
</li>
<li class="md-tabs__item">
<a href="../../../getting-started/" class="md-tabs__link">
Getting Started
</a>
</li>
<li class="md-tabs__item">
<a href="../../../tutorials/overview/" class="md-tabs__link">
Tutorials
</a>
</li>
<li class="md-tabs__item md-tabs__item--active">
<a href="../../" class="md-tabs__link">
Docs
</a>
</li>
<li class="md-tabs__item">
<a href="../../../ecosystem/" class="md-tabs__link">
Ecosystem
</a>
</li>
<li class="md-tabs__item">
<a href="../../../community/principles/" class="md-tabs__link">
Contributing
</a>
</li>
<li class="md-tabs__item">
<a href="../../../commercial/compare/" class="md-tabs__link">
Enterprise
</a>
</li>
</ul>
</div>
</nav>
</header>
<div class="md-container" data-md-component="container">
<main class="md-main" data-md-component="main">
<div class="md-main__inner md-grid">
<div class="md-sidebar md-sidebar--primary" data-md-component="sidebar" data-md-type="navigation" >
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--primary md-nav--lifted" aria-label="Navigation" data-md-level="0">
<label class="md-nav__title" for="__drawer">
<a href="../../.." title="Trivy" class="md-nav__button md-logo" aria-label="Trivy" data-md-component="logo">
<img src="../../../imgs/logo-white.svg" alt="logo">
</a>
Trivy
</label>
<div class="md-nav__source">
<a href="https://github.com/aquasecurity/trivy" title="Go to repository" class="md-source" data-md-component="source">
<div class="md-source__icon md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 6.6.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc.--><path d="M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81"/></svg>
</div>
<div class="md-source__repository">
GitHub
</div>
</a>
</div>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../.." class="md-nav__link">
<span class="md-ellipsis">
Home
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_2" >
<label class="md-nav__link" for="__nav_2" id="__nav_2_label" tabindex="0">
<span class="md-ellipsis">
Getting Started
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_2_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_2">
<span class="md-nav__icon md-icon"></span>
Getting Started
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../getting-started/" class="md-nav__link">
<span class="md-ellipsis">
First steps
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../getting-started/installation/" class="md-nav__link">
<span class="md-ellipsis">
Installation
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../getting-started/signature-verification/" class="md-nav__link">
<span class="md-ellipsis">
Signature Verification
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../getting-started/faq/" class="md-nav__link">
<span class="md-ellipsis">
FAQ
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3" >
<label class="md-nav__link" for="__nav_3" id="__nav_3_label" tabindex="0">
<span class="md-ellipsis">
Tutorials
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_3_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_3">
<span class="md-nav__icon md-icon"></span>
Tutorials
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../tutorials/overview/" class="md-nav__link">
<span class="md-ellipsis">
Overview
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3_2" >
<label class="md-nav__link" for="__nav_3_2" id="__nav_3_2_label" tabindex="0">
<span class="md-ellipsis">
CI/CD
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_3_2_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_3_2">
<span class="md-nav__icon md-icon"></span>
CI/CD
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../tutorials/integrations/" class="md-nav__link">
<span class="md-ellipsis">
Overview
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../tutorials/integrations/github-actions/" class="md-nav__link">
<span class="md-ellipsis">
GitHub Actions
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../tutorials/integrations/circleci/" class="md-nav__link">
<span class="md-ellipsis">
CircleCI
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../tutorials/integrations/travis-ci/" class="md-nav__link">
<span class="md-ellipsis">
Travis CI
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../tutorials/integrations/gitlab-ci/" class="md-nav__link">
<span class="md-ellipsis">
GitLab CI
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../tutorials/integrations/bitbucket/" class="md-nav__link">
<span class="md-ellipsis">
Bitbucket Pipelines
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../tutorials/integrations/aws-codepipeline/" class="md-nav__link">
<span class="md-ellipsis">
AWS CodePipeline
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../tutorials/integrations/aws-security-hub/" class="md-nav__link">
<span class="md-ellipsis">
AWS Security Hub
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../tutorials/integrations/azure-devops/" class="md-nav__link">
<span class="md-ellipsis">
Azure
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3_3" >
<label class="md-nav__link" for="__nav_3_3" id="__nav_3_3_label" tabindex="0">
<span class="md-ellipsis">
Kubernetes
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_3_3_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_3_3">
<span class="md-nav__icon md-icon"></span>
Kubernetes
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../tutorials/kubernetes/cluster-scanning/" class="md-nav__link">
<span class="md-ellipsis">
Cluster Scanning
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../tutorials/kubernetes/kyverno/" class="md-nav__link">
<span class="md-ellipsis">
Kyverno
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../tutorials/kubernetes/gitops/" class="md-nav__link">
<span class="md-ellipsis">
GitOps
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3_4" >
<label class="md-nav__link" for="__nav_3_4" id="__nav_3_4_label" tabindex="0">
<span class="md-ellipsis">
Misconfiguration
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_3_4_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_3_4">
<span class="md-nav__icon md-icon"></span>
Misconfiguration
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../tutorials/misconfiguration/terraform/" class="md-nav__link">
<span class="md-ellipsis">
Terraform scanning
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../tutorials/misconfiguration/custom-checks/" class="md-nav__link">
<span class="md-ellipsis">
Custom Checks with Rego
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3_5" >
<label class="md-nav__link" for="__nav_3_5" id="__nav_3_5_label" tabindex="0">
<span class="md-ellipsis">
Signing
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_3_5_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_3_5">
<span class="md-nav__icon md-icon"></span>
Signing
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../tutorials/signing/vuln-attestation/" class="md-nav__link">
<span class="md-ellipsis">
Vulnerability Scan Record Attestation
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3_6" >
<label class="md-nav__link" for="__nav_3_6" id="__nav_3_6_label" tabindex="0">
<span class="md-ellipsis">
Shell
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_3_6_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_3_6">
<span class="md-nav__icon md-icon"></span>
Shell
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../tutorials/shell/shell-completion/" class="md-nav__link">
<span class="md-ellipsis">
Completion
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3_7" >
<label class="md-nav__link" for="__nav_3_7" id="__nav_3_7_label" tabindex="0">
<span class="md-ellipsis">
Additional Resources
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_3_7_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_3_7">
<span class="md-nav__icon md-icon"></span>
Additional Resources
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../tutorials/additional-resources/references/" class="md-nav__link">
<span class="md-ellipsis">
Additional Resources
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../tutorials/additional-resources/community/" class="md-nav__link">
<span class="md-ellipsis">
Community References
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../tutorials/additional-resources/cks/" class="md-nav__link">
<span class="md-ellipsis">
CKS Reference
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--active md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4" checked>
<label class="md-nav__link" for="__nav_4" id="__nav_4_label" tabindex="">
<span class="md-ellipsis">
Docs
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_4_label" aria-expanded="true">
<label class="md-nav__title" for="__nav_4">
<span class="md-nav__icon md-icon"></span>
Docs
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../" class="md-nav__link">
<span class="md-ellipsis">
Overview
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--active md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_2" checked>
<label class="md-nav__link" for="__nav_4_2" id="__nav_4_2_label" tabindex="">
<span class="md-ellipsis">
Target
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_4_2_label" aria-expanded="true">
<label class="md-nav__title" for="__nav_4_2">
<span class="md-nav__icon md-icon"></span>
Target
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item md-nav__item--active">
<input class="md-nav__toggle md-toggle" type="checkbox" id="__toc">
<label class="md-nav__link md-nav__link--active" for="__toc">
<span class="md-ellipsis">
Container Image
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<a href="./" class="md-nav__link md-nav__link--active">
<span class="md-ellipsis">
Container Image
</span>
</a>
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
<label class="md-nav__title" for="__toc">
<span class="md-nav__icon md-icon"></span>
Table of contents
</label>
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
<li class="md-nav__item">
<a href="#files-inside-container-images" class="md-nav__link">
<span class="md-ellipsis">
Files inside container images
</span>
</a>
<nav class="md-nav" aria-label="Files inside container images">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#vulnerabilities" class="md-nav__link">
<span class="md-ellipsis">
Vulnerabilities
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#misconfigurations" class="md-nav__link">
<span class="md-ellipsis">
Misconfigurations
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#secrets" class="md-nav__link">
<span class="md-ellipsis">
Secrets
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#licenses" class="md-nav__link">
<span class="md-ellipsis">
Licenses
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#container-image-metadata" class="md-nav__link">
<span class="md-ellipsis">
Container image metadata
</span>
</a>
<nav class="md-nav" aria-label="Container image metadata">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#misconfigurations_1" class="md-nav__link">
<span class="md-ellipsis">
Misconfigurations
</span>
</a>
<nav class="md-nav" aria-label="Misconfigurations">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#disabled-checks" class="md-nav__link">
<span class="md-ellipsis">
Disabled checks
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#secrets_1" class="md-nav__link">
<span class="md-ellipsis">
Secrets
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#supported" class="md-nav__link">
<span class="md-ellipsis">
Supported
</span>
</a>
<nav class="md-nav" aria-label="Supported">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#docker-engine" class="md-nav__link">
<span class="md-ellipsis">
Docker Engine
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#containerd" class="md-nav__link">
<span class="md-ellipsis">
containerd
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#podman" class="md-nav__link">
<span class="md-ellipsis">
Podman
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#container-registry" class="md-nav__link">
<span class="md-ellipsis">
Container Registry
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#tar-files" class="md-nav__link">
<span class="md-ellipsis">
Tar Files
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#oci-layout" class="md-nav__link">
<span class="md-ellipsis">
OCI Layout
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#sbom" class="md-nav__link">
<span class="md-ellipsis">
SBOM
</span>
</a>
<nav class="md-nav" aria-label="SBOM">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#generation" class="md-nav__link">
<span class="md-ellipsis">
Generation
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#discover-sbom-inside-container-images" class="md-nav__link">
<span class="md-ellipsis">
Discover SBOM inside container images
</span>
</a>
<nav class="md-nav" aria-label="Discover SBOM inside container images">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#third-party-sbom-files" class="md-nav__link">
<span class="md-ellipsis">
Third-party SBOM files
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#discover-sbom-referencing-the-container-image" class="md-nav__link">
<span class="md-ellipsis">
Discover SBOM referencing the container image
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#compliance" class="md-nav__link">
<span class="md-ellipsis">
Compliance
</span>
</a>
<nav class="md-nav" aria-label="Compliance">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#built-in-reports" class="md-nav__link">
<span class="md-ellipsis">
Built in reports
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#examples" class="md-nav__link">
<span class="md-ellipsis">
Examples
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#authentication" class="md-nav__link">
<span class="md-ellipsis">
Authentication
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#scan-cache" class="md-nav__link">
<span class="md-ellipsis">
Scan Cache
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#options" class="md-nav__link">
<span class="md-ellipsis">
Options
</span>
</a>
<nav class="md-nav" aria-label="Options">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#scan-image-on-a-specific-architecture-and-os" class="md-nav__link">
<span class="md-ellipsis">
Scan Image on a specific Architecture and OS
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#configure-docker-daemon-socket-to-connect-to" class="md-nav__link">
<span class="md-ellipsis">
Configure Docker daemon socket to connect to.
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#configure-podman-daemon-socket-to-connect-to" class="md-nav__link">
<span class="md-ellipsis">
Configure Podman daemon socket to connect to.
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#prevent-scanning-oversized-container-images" class="md-nav__link">
<span class="md-ellipsis">
Prevent scanning oversized container images
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../filesystem/" class="md-nav__link">
<span class="md-ellipsis">
Filesystem
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../rootfs/" class="md-nav__link">
<span class="md-ellipsis">
Rootfs
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../repository/" class="md-nav__link">
<span class="md-ellipsis">
Code Repository
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../vm/" class="md-nav__link">
<span class="md-ellipsis">
Virtual Machine Image
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../kubernetes/" class="md-nav__link">
<span class="md-ellipsis">
Kubernetes
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../sbom/" class="md-nav__link">
<span class="md-ellipsis">
SBOM
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_3" >
<label class="md-nav__link" for="__nav_4_3" id="__nav_4_3_label" tabindex="">
<span class="md-ellipsis">
Scanner
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_4_3_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_3">
<span class="md-nav__icon md-icon"></span>
Scanner
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../scanner/vulnerability/" class="md-nav__link">
<span class="md-ellipsis">
Vulnerability
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_3_2" >
<label class="md-nav__link" for="__nav_4_3_2" id="__nav_4_3_2_label" tabindex="0">
<span class="md-ellipsis">
Misconfiguration
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="3" aria-labelledby="__nav_4_3_2_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_3_2">
<span class="md-nav__icon md-icon"></span>
Misconfiguration
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../scanner/misconfiguration/" class="md-nav__link">
<span class="md-ellipsis">
Overview
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_3_2_2" >
<label class="md-nav__link" for="__nav_4_3_2_2" id="__nav_4_3_2_2_label" tabindex="0">
<span class="md-ellipsis">
Policy
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="4" aria-labelledby="__nav_4_3_2_2_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_3_2_2">
<span class="md-nav__icon md-icon"></span>
Policy
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../scanner/misconfiguration/check/builtin/" class="md-nav__link">
<span class="md-ellipsis">
Built-in Checks
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_3_2_3" >
<label class="md-nav__link" for="__nav_4_3_2_3" id="__nav_4_3_2_3_label" tabindex="0">
<span class="md-ellipsis">
Custom Checks
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="4" aria-labelledby="__nav_4_3_2_3_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_3_2_3">
<span class="md-nav__icon md-icon"></span>
Custom Checks
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../scanner/misconfiguration/custom/" class="md-nav__link">
<span class="md-ellipsis">
Overview
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../scanner/misconfiguration/custom/data/" class="md-nav__link">
<span class="md-ellipsis">
Data
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../scanner/misconfiguration/custom/combine/" class="md-nav__link">
<span class="md-ellipsis">
Combine
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../scanner/misconfiguration/custom/selectors/" class="md-nav__link">
<span class="md-ellipsis">
Selectors
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../scanner/misconfiguration/custom/schema/" class="md-nav__link">
<span class="md-ellipsis">
Schemas
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../scanner/misconfiguration/custom/testing/" class="md-nav__link">
<span class="md-ellipsis">
Testing
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../scanner/misconfiguration/custom/debug/" class="md-nav__link">
<span class="md-ellipsis">
Debugging Policies
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../scanner/misconfiguration/custom/contribute-checks/" class="md-nav__link">
<span class="md-ellipsis">
Contribute Checks
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../../scanner/secret/" class="md-nav__link">
<span class="md-ellipsis">
Secret
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../scanner/license/" class="md-nav__link">
<span class="md-ellipsis">
License
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_4" >
<label class="md-nav__link" for="__nav_4_4" id="__nav_4_4_label" tabindex="">
<span class="md-ellipsis">
Coverage
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_4_4_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_4">
<span class="md-nav__icon md-icon"></span>
Coverage
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../coverage/" class="md-nav__link">
<span class="md-ellipsis">
Overview
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_4_2" >
<label class="md-nav__link" for="__nav_4_4_2" id="__nav_4_4_2_label" tabindex="0">
<span class="md-ellipsis">
OS
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="3" aria-labelledby="__nav_4_4_2_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_4_2">
<span class="md-nav__icon md-icon"></span>
OS
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../coverage/os/" class="md-nav__link">
<span class="md-ellipsis">
Overview
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../coverage/os/alma/" class="md-nav__link">
<span class="md-ellipsis">
AlmaLinux
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../coverage/os/alpine/" class="md-nav__link">
<span class="md-ellipsis">
Alpine Linux
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../coverage/os/amazon/" class="md-nav__link">
<span class="md-ellipsis">
Amazon Linux
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../coverage/os/azure/" class="md-nav__link">
<span class="md-ellipsis">
Azure Linux (CBL-Mariner)
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../coverage/os/centos/" class="md-nav__link">
<span class="md-ellipsis">
CentOS
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../coverage/os/chainguard/" class="md-nav__link">
<span class="md-ellipsis">
Chainguard
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../coverage/os/debian/" class="md-nav__link">
<span class="md-ellipsis">
Debian
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../coverage/os/oracle/" class="md-nav__link">
<span class="md-ellipsis">
Oracle Linux
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../coverage/os/photon/" class="md-nav__link">
<span class="md-ellipsis">
Photon OS
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../coverage/os/rhel/" class="md-nav__link">
<span class="md-ellipsis">
Red Hat
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../coverage/os/rocky/" class="md-nav__link">
<span class="md-ellipsis">
Rocky Linux
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../coverage/os/suse/" class="md-nav__link">
<span class="md-ellipsis">
SUSE
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../coverage/os/ubuntu/" class="md-nav__link">
<span class="md-ellipsis">
Ubuntu
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../coverage/os/wolfi/" class="md-nav__link">
<span class="md-ellipsis">
Wolfi
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../coverage/os/google-distroless/" class="md-nav__link">
<span class="md-ellipsis">
Google Distroless (Images)
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_4_3" >
<label class="md-nav__link" for="__nav_4_4_3" id="__nav_4_4_3_label" tabindex="0">
<span class="md-ellipsis">
Language
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="3" aria-labelledby="__nav_4_4_3_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_4_3">
<span class="md-nav__icon md-icon"></span>
Language
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../coverage/language/" class="md-nav__link">
<span class="md-ellipsis">
Overview
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../coverage/language/c/" class="md-nav__link">
<span class="md-ellipsis">
C/C++
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../coverage/language/dart/" class="md-nav__link">
<span class="md-ellipsis">
Dart
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../coverage/language/dotnet/" class="md-nav__link">
<span class="md-ellipsis">
.NET
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../coverage/language/elixir/" class="md-nav__link">
<span class="md-ellipsis">
Elixir
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../coverage/language/golang/" class="md-nav__link">
<span class="md-ellipsis">
Go
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../coverage/language/java/" class="md-nav__link">
<span class="md-ellipsis">
Java
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../coverage/language/nodejs/" class="md-nav__link">
<span class="md-ellipsis">
Node.js
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../coverage/language/php/" class="md-nav__link">
<span class="md-ellipsis">
PHP
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../coverage/language/python/" class="md-nav__link">
<span class="md-ellipsis">
Python
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../coverage/language/ruby/" class="md-nav__link">
<span class="md-ellipsis">
Ruby
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../coverage/language/rust/" class="md-nav__link">
<span class="md-ellipsis">
Rust
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../coverage/language/swift/" class="md-nav__link">
<span class="md-ellipsis">
Swift
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../coverage/language/julia/" class="md-nav__link">
<span class="md-ellipsis">
Julia
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_4_4" >
<label class="md-nav__link" for="__nav_4_4_4" id="__nav_4_4_4_label" tabindex="0">
<span class="md-ellipsis">
IaC
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="3" aria-labelledby="__nav_4_4_4_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_4_4">
<span class="md-nav__icon md-icon"></span>
IaC
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../coverage/iac/" class="md-nav__link">
<span class="md-ellipsis">
Overview
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../coverage/iac/azure-arm/" class="md-nav__link">
<span class="md-ellipsis">
Azure ARM Template
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../coverage/iac/cloudformation/" class="md-nav__link">
<span class="md-ellipsis">
CloudFormation
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../coverage/iac/docker/" class="md-nav__link">
<span class="md-ellipsis">
Docker
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../coverage/iac/helm/" class="md-nav__link">
<span class="md-ellipsis">
Helm
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../coverage/iac/kubernetes/" class="md-nav__link">
<span class="md-ellipsis">
Kubernetes
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../coverage/iac/terraform/" class="md-nav__link">
<span class="md-ellipsis">
Terraform
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_4_5" >
<label class="md-nav__link" for="__nav_4_4_5" id="__nav_4_4_5_label" tabindex="0">
<span class="md-ellipsis">
Others
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="3" aria-labelledby="__nav_4_4_5_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_4_5">
<span class="md-nav__icon md-icon"></span>
Others
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../coverage/others/" class="md-nav__link">
<span class="md-ellipsis">
Overview
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../coverage/others/bitnami/" class="md-nav__link">
<span class="md-ellipsis">
Bitnami Images
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../coverage/others/conda/" class="md-nav__link">
<span class="md-ellipsis">
Conda
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../coverage/others/rpm/" class="md-nav__link">
<span class="md-ellipsis">
RPM Archives
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../../coverage/kubernetes/" class="md-nav__link">
<span class="md-ellipsis">
Kubernetes
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_5" >
<label class="md-nav__link" for="__nav_4_5" id="__nav_4_5_label" tabindex="">
<span class="md-ellipsis">
Configuration
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_4_5_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_5">
<span class="md-nav__icon md-icon"></span>
Configuration
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../configuration/" class="md-nav__link">
<span class="md-ellipsis">
Overview
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../configuration/filtering/" class="md-nav__link">
<span class="md-ellipsis">
Filtering
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../configuration/skipping/" class="md-nav__link">
<span class="md-ellipsis">
Skipping Files
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../configuration/reporting/" class="md-nav__link">
<span class="md-ellipsis">
Reporting
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../configuration/cache/" class="md-nav__link">
<span class="md-ellipsis">
Cache
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../configuration/db/" class="md-nav__link">
<span class="md-ellipsis">
Databases
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../configuration/others/" class="md-nav__link">
<span class="md-ellipsis">
Others
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_6" >
<label class="md-nav__link" for="__nav_4_6" id="__nav_4_6_label" tabindex="">
<span class="md-ellipsis">
Supply Chain
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_4_6_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_6">
<span class="md-nav__icon md-icon"></span>
Supply Chain
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../supply-chain/sbom/" class="md-nav__link">
<span class="md-ellipsis">
SBOM
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_6_2" >
<label class="md-nav__link" for="__nav_4_6_2" id="__nav_4_6_2_label" tabindex="0">
<span class="md-ellipsis">
Attestation
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="3" aria-labelledby="__nav_4_6_2_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_6_2">
<span class="md-nav__icon md-icon"></span>
Attestation
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../supply-chain/attestation/sbom/" class="md-nav__link">
<span class="md-ellipsis">
SBOM
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../supply-chain/attestation/vuln/" class="md-nav__link">
<span class="md-ellipsis">
Cosign Vulnerability Scan Record
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../supply-chain/attestation/rekor/" class="md-nav__link">
<span class="md-ellipsis">
SBOM Attestation in Rekor
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_6_3" >
<label class="md-nav__link" for="__nav_4_6_3" id="__nav_4_6_3_label" tabindex="0">
<span class="md-ellipsis">
VEX
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="3" aria-labelledby="__nav_4_6_3_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_6_3">
<span class="md-nav__icon md-icon"></span>
VEX
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../supply-chain/vex/" class="md-nav__link">
<span class="md-ellipsis">
Overview
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../supply-chain/vex/repo/" class="md-nav__link">
<span class="md-ellipsis">
VEX Repository
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../supply-chain/vex/file/" class="md-nav__link">
<span class="md-ellipsis">
Local VEX Files
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../supply-chain/vex/sbom-ref/" class="md-nav__link">
<span class="md-ellipsis">
VEX SBOM Reference
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../supply-chain/vex/oci/" class="md-nav__link">
<span class="md-ellipsis">
VEX Attestation
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_7" >
<label class="md-nav__link" for="__nav_4_7" id="__nav_4_7_label" tabindex="">
<span class="md-ellipsis">
Compliance
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_4_7_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_7">
<span class="md-nav__icon md-icon"></span>
Compliance
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../compliance/compliance/" class="md-nav__link">
<span class="md-ellipsis">
Built-in Compliance
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../compliance/contrib-compliance/" class="md-nav__link">
<span class="md-ellipsis">
Custom Compliance
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_8" >
<label class="md-nav__link" for="__nav_4_8" id="__nav_4_8_label" tabindex="">
<span class="md-ellipsis">
Plugins
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_4_8_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_8">
<span class="md-nav__icon md-icon"></span>
Plugins
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../plugin/" class="md-nav__link">
<span class="md-ellipsis">
Overview
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../plugin/user-guide/" class="md-nav__link">
<span class="md-ellipsis">
User guide
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../plugin/developer-guide/" class="md-nav__link">
<span class="md-ellipsis">
Developer guide
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_9" >
<label class="md-nav__link" for="__nav_4_9" id="__nav_4_9_label" tabindex="">
<span class="md-ellipsis">
Advanced
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_4_9_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_9">
<span class="md-nav__icon md-icon"></span>
Advanced
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../advanced/modules/" class="md-nav__link">
<span class="md-ellipsis">
Modules
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../advanced/air-gap/" class="md-nav__link">
<span class="md-ellipsis">
Connectivity and Network considerations
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../advanced/self-hosting/" class="md-nav__link">
<span class="md-ellipsis">
Self-Hosting Trivy's Databases
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_9_4" >
<label class="md-nav__link" for="__nav_4_9_4" id="__nav_4_9_4_label" tabindex="0">
<span class="md-ellipsis">
Container Image
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="3" aria-labelledby="__nav_4_9_4_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_9_4">
<span class="md-nav__icon md-icon"></span>
Container Image
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../advanced/container/embed-in-dockerfile/" class="md-nav__link">
<span class="md-ellipsis">
Embed in Dockerfile
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../advanced/container/unpacked-filesystem/" class="md-nav__link">
<span class="md-ellipsis">
Unpacked container image filesystem
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_9_4_3" >
<label class="md-nav__link" for="__nav_4_9_4_3" id="__nav_4_9_4_3_label" tabindex="0">
<span class="md-ellipsis">
Private Docker Registries
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="4" aria-labelledby="__nav_4_9_4_3_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_9_4_3">
<span class="md-nav__icon md-icon"></span>
Private Docker Registries
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../advanced/private-registries/" class="md-nav__link">
<span class="md-ellipsis">
Overview
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../advanced/private-registries/docker-hub/" class="md-nav__link">
<span class="md-ellipsis">
Docker Hub
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../advanced/private-registries/ecr/" class="md-nav__link">
<span class="md-ellipsis">
AWS ECR (Elastic Container Registry)
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../advanced/private-registries/gcr/" class="md-nav__link">
<span class="md-ellipsis">
GCR (Google Container Registry)
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../advanced/private-registries/acr/" class="md-nav__link">
<span class="md-ellipsis">
ACR (Azure Container Registry)
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../advanced/private-registries/self/" class="md-nav__link">
<span class="md-ellipsis">
Self-Hosted
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_10" >
<label class="md-nav__link" for="__nav_4_10" id="__nav_4_10_label" tabindex="">
<span class="md-ellipsis">
References
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_4_10_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_10">
<span class="md-nav__icon md-icon"></span>
References
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_10_1" >
<label class="md-nav__link" for="__nav_4_10_1" id="__nav_4_10_1_label" tabindex="0">
<span class="md-ellipsis">
Configuration
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="3" aria-labelledby="__nav_4_10_1_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_10_1">
<span class="md-nav__icon md-icon"></span>
Configuration
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_10_1_1" >
<label class="md-nav__link" for="__nav_4_10_1_1" id="__nav_4_10_1_1_label" tabindex="0">
<span class="md-ellipsis">
CLI
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="4" aria-labelledby="__nav_4_10_1_1_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_10_1_1">
<span class="md-nav__icon md-icon"></span>
CLI
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../references/configuration/cli/trivy/" class="md-nav__link">
<span class="md-ellipsis">
Overview
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../references/configuration/cli/trivy_clean/" class="md-nav__link">
<span class="md-ellipsis">
Clean
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../references/configuration/cli/trivy_config/" class="md-nav__link">
<span class="md-ellipsis">
Config
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../references/configuration/cli/trivy_convert/" class="md-nav__link">
<span class="md-ellipsis">
Convert
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../references/configuration/cli/trivy_filesystem/" class="md-nav__link">
<span class="md-ellipsis">
Filesystem
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../references/configuration/cli/trivy_image/" class="md-nav__link">
<span class="md-ellipsis">
Image
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../references/configuration/cli/trivy_kubernetes/" class="md-nav__link">
<span class="md-ellipsis">
Kubernetes
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_10_1_1_8" >
<label class="md-nav__link" for="__nav_4_10_1_1_8" id="__nav_4_10_1_1_8_label" tabindex="0">
<span class="md-ellipsis">
Module
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="5" aria-labelledby="__nav_4_10_1_1_8_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_10_1_1_8">
<span class="md-nav__icon md-icon"></span>
Module
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../references/configuration/cli/trivy_module/" class="md-nav__link">
<span class="md-ellipsis">
Module
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../references/configuration/cli/trivy_module_install/" class="md-nav__link">
<span class="md-ellipsis">
Module Install
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../references/configuration/cli/trivy_module_uninstall/" class="md-nav__link">
<span class="md-ellipsis">
Module Uninstall
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_10_1_1_9" >
<label class="md-nav__link" for="__nav_4_10_1_1_9" id="__nav_4_10_1_1_9_label" tabindex="0">
<span class="md-ellipsis">
Plugin
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="5" aria-labelledby="__nav_4_10_1_1_9_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_10_1_1_9">
<span class="md-nav__icon md-icon"></span>
Plugin
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../references/configuration/cli/trivy_plugin/" class="md-nav__link">
<span class="md-ellipsis">
Plugin
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../references/configuration/cli/trivy_plugin_info/" class="md-nav__link">
<span class="md-ellipsis">
Plugin Info
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../references/configuration/cli/trivy_plugin_install/" class="md-nav__link">
<span class="md-ellipsis">
Plugin Install
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../references/configuration/cli/trivy_plugin_list/" class="md-nav__link">
<span class="md-ellipsis">
Plugin List
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../references/configuration/cli/trivy_plugin_run/" class="md-nav__link">
<span class="md-ellipsis">
Plugin Run
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../references/configuration/cli/trivy_plugin_uninstall/" class="md-nav__link">
<span class="md-ellipsis">
Plugin Uninstall
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../references/configuration/cli/trivy_plugin_update/" class="md-nav__link">
<span class="md-ellipsis">
Plugin Update
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../references/configuration/cli/trivy_plugin_upgrade/" class="md-nav__link">
<span class="md-ellipsis">
Plugin Upgrade
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../references/configuration/cli/trivy_plugin_search/" class="md-nav__link">
<span class="md-ellipsis">
Plugin Search
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_10_1_1_10" >
<label class="md-nav__link" for="__nav_4_10_1_1_10" id="__nav_4_10_1_1_10_label" tabindex="0">
<span class="md-ellipsis">
Registry
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="5" aria-labelledby="__nav_4_10_1_1_10_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_10_1_1_10">
<span class="md-nav__icon md-icon"></span>
Registry
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../references/configuration/cli/trivy_registry/" class="md-nav__link">
<span class="md-ellipsis">
Registry
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../references/configuration/cli/trivy_registry_login/" class="md-nav__link">
<span class="md-ellipsis">
Registry Login
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../references/configuration/cli/trivy_registry_logout/" class="md-nav__link">
<span class="md-ellipsis">
Registry Logout
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../../references/configuration/cli/trivy_repository/" class="md-nav__link">
<span class="md-ellipsis">
Repository
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../references/configuration/cli/trivy_rootfs/" class="md-nav__link">
<span class="md-ellipsis">
Rootfs
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../references/configuration/cli/trivy_sbom/" class="md-nav__link">
<span class="md-ellipsis">
SBOM
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../references/configuration/cli/trivy_server/" class="md-nav__link">
<span class="md-ellipsis">
Server
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../references/configuration/cli/trivy_version/" class="md-nav__link">
<span class="md-ellipsis">
Version
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_10_1_1_16" >
<label class="md-nav__link" for="__nav_4_10_1_1_16" id="__nav_4_10_1_1_16_label" tabindex="0">
<span class="md-ellipsis">
VEX
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="5" aria-labelledby="__nav_4_10_1_1_16_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_10_1_1_16">
<span class="md-nav__icon md-icon"></span>
VEX
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../references/configuration/cli/trivy_vex/" class="md-nav__link">
<span class="md-ellipsis">
VEX
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../references/configuration/cli/trivy_vex_repo_download/" class="md-nav__link">
<span class="md-ellipsis">
VEX Download
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../references/configuration/cli/trivy_vex_repo_init/" class="md-nav__link">
<span class="md-ellipsis">
VEX Init
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../references/configuration/cli/trivy_vex_repo_list/" class="md-nav__link">
<span class="md-ellipsis">
VEX List
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../references/configuration/cli/trivy_vex_repo/" class="md-nav__link">
<span class="md-ellipsis">
VEX Repo
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../../references/configuration/cli/trivy_vm/" class="md-nav__link">
<span class="md-ellipsis">
VM
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../../references/configuration/config-file/" class="md-nav__link">
<span class="md-ellipsis">
Config file
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_10_2" >
<label class="md-nav__link" for="__nav_4_10_2" id="__nav_4_10_2_label" tabindex="0">
<span class="md-ellipsis">
Modes
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="3" aria-labelledby="__nav_4_10_2_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_10_2">
<span class="md-nav__icon md-icon"></span>
Modes
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../references/modes/standalone/" class="md-nav__link">
<span class="md-ellipsis">
Standalone
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../references/modes/client-server/" class="md-nav__link">
<span class="md-ellipsis">
Client/Server
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../../references/troubleshooting/" class="md-nav__link">
<span class="md-ellipsis">
Troubleshooting
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../references/terminology/" class="md-nav__link">
<span class="md-ellipsis">
Terminology
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../references/abbreviations/" class="md-nav__link">
<span class="md-ellipsis">
Abbreviations
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_5" >
<label class="md-nav__link" for="__nav_5" id="__nav_5_label" tabindex="0">
<span class="md-ellipsis">
Ecosystem
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_5_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_5">
<span class="md-nav__icon md-icon"></span>
Ecosystem
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../ecosystem/" class="md-nav__link">
<span class="md-ellipsis">
Overview
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../ecosystem/cicd/" class="md-nav__link">
<span class="md-ellipsis">
CI/CD
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../ecosystem/ide/" class="md-nav__link">
<span class="md-ellipsis">
IDE and Dev tools
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../ecosystem/prod/" class="md-nav__link">
<span class="md-ellipsis">
Production and Clouds
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../ecosystem/reporting/" class="md-nav__link">
<span class="md-ellipsis">
Reporting
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_6" >
<label class="md-nav__link" for="__nav_6" id="__nav_6_label" tabindex="0">
<span class="md-ellipsis">
Contributing
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_6_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_6">
<span class="md-nav__icon md-icon"></span>
Contributing
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../community/principles/" class="md-nav__link">
<span class="md-ellipsis">
Principles
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_6_2" >
<label class="md-nav__link" for="__nav_6_2" id="__nav_6_2_label" tabindex="0">
<span class="md-ellipsis">
How to contribute
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_6_2_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_6_2">
<span class="md-nav__icon md-icon"></span>
How to contribute
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../community/contribute/issue/" class="md-nav__link">
<span class="md-ellipsis">
Issues
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../community/contribute/discussion/" class="md-nav__link">
<span class="md-ellipsis">
Discussions
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../community/contribute/pr/" class="md-nav__link">
<span class="md-ellipsis">
Pull Requests
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_6_3" >
<label class="md-nav__link" for="__nav_6_3" id="__nav_6_3_label" tabindex="0">
<span class="md-ellipsis">
Contribute Rego Checks
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_6_3_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_6_3">
<span class="md-nav__icon md-icon"></span>
Contribute Rego Checks
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../community/contribute/checks/overview/" class="md-nav__link">
<span class="md-ellipsis">
Overview
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../community/contribute/checks/service-support/" class="md-nav__link">
<span class="md-ellipsis">
Add Service Support
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_6_4" >
<label class="md-nav__link" for="__nav_6_4" id="__nav_6_4_label" tabindex="0">
<span class="md-ellipsis">
Maintainer
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_6_4_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_6_4">
<span class="md-nav__icon md-icon"></span>
Maintainer
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../community/maintainer/release-flow/" class="md-nav__link">
<span class="md-ellipsis">
Release Flow
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../community/maintainer/backporting/" class="md-nav__link">
<span class="md-ellipsis">
Backporting
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../community/maintainer/help-wanted/" class="md-nav__link">
<span class="md-ellipsis">
Help Wanted
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../community/maintainer/triage/" class="md-nav__link">
<span class="md-ellipsis">
Triage
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_7" >
<label class="md-nav__link" for="__nav_7" id="__nav_7_label" tabindex="0">
<span class="md-ellipsis">
Enterprise
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_7_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_7">
<span class="md-nav__icon md-icon"></span>
Enterprise
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../commercial/compare/" class="md-nav__link">
<span class="md-ellipsis">
Comparison
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../commercial/contact/" class="md-nav__link">
<span class="md-ellipsis">
Contact Us
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-sidebar md-sidebar--secondary" data-md-component="sidebar" data-md-type="toc" >
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
<label class="md-nav__title" for="__toc">
<span class="md-nav__icon md-icon"></span>
Table of contents
</label>
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
<li class="md-nav__item">
<a href="#files-inside-container-images" class="md-nav__link">
<span class="md-ellipsis">
Files inside container images
</span>
</a>
<nav class="md-nav" aria-label="Files inside container images">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#vulnerabilities" class="md-nav__link">
<span class="md-ellipsis">
Vulnerabilities
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#misconfigurations" class="md-nav__link">
<span class="md-ellipsis">
Misconfigurations
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#secrets" class="md-nav__link">
<span class="md-ellipsis">
Secrets
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#licenses" class="md-nav__link">
<span class="md-ellipsis">
Licenses
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#container-image-metadata" class="md-nav__link">
<span class="md-ellipsis">
Container image metadata
</span>
</a>
<nav class="md-nav" aria-label="Container image metadata">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#misconfigurations_1" class="md-nav__link">
<span class="md-ellipsis">
Misconfigurations
</span>
</a>
<nav class="md-nav" aria-label="Misconfigurations">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#disabled-checks" class="md-nav__link">
<span class="md-ellipsis">
Disabled checks
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#secrets_1" class="md-nav__link">
<span class="md-ellipsis">
Secrets
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#supported" class="md-nav__link">
<span class="md-ellipsis">
Supported
</span>
</a>
<nav class="md-nav" aria-label="Supported">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#docker-engine" class="md-nav__link">
<span class="md-ellipsis">
Docker Engine
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#containerd" class="md-nav__link">
<span class="md-ellipsis">
containerd
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#podman" class="md-nav__link">
<span class="md-ellipsis">
Podman
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#container-registry" class="md-nav__link">
<span class="md-ellipsis">
Container Registry
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#tar-files" class="md-nav__link">
<span class="md-ellipsis">
Tar Files
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#oci-layout" class="md-nav__link">
<span class="md-ellipsis">
OCI Layout
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#sbom" class="md-nav__link">
<span class="md-ellipsis">
SBOM
</span>
</a>
<nav class="md-nav" aria-label="SBOM">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#generation" class="md-nav__link">
<span class="md-ellipsis">
Generation
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#discover-sbom-inside-container-images" class="md-nav__link">
<span class="md-ellipsis">
Discover SBOM inside container images
</span>
</a>
<nav class="md-nav" aria-label="Discover SBOM inside container images">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#third-party-sbom-files" class="md-nav__link">
<span class="md-ellipsis">
Third-party SBOM files
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#discover-sbom-referencing-the-container-image" class="md-nav__link">
<span class="md-ellipsis">
Discover SBOM referencing the container image
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#compliance" class="md-nav__link">
<span class="md-ellipsis">
Compliance
</span>
</a>
<nav class="md-nav" aria-label="Compliance">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#built-in-reports" class="md-nav__link">
<span class="md-ellipsis">
Built in reports
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#examples" class="md-nav__link">
<span class="md-ellipsis">
Examples
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#authentication" class="md-nav__link">
<span class="md-ellipsis">
Authentication
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#scan-cache" class="md-nav__link">
<span class="md-ellipsis">
Scan Cache
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#options" class="md-nav__link">
<span class="md-ellipsis">
Options
</span>
</a>
<nav class="md-nav" aria-label="Options">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#scan-image-on-a-specific-architecture-and-os" class="md-nav__link">
<span class="md-ellipsis">
Scan Image on a specific Architecture and OS
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#configure-docker-daemon-socket-to-connect-to" class="md-nav__link">
<span class="md-ellipsis">
Configure Docker daemon socket to connect to.
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#configure-podman-daemon-socket-to-connect-to" class="md-nav__link">
<span class="md-ellipsis">
Configure Podman daemon socket to connect to.
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#prevent-scanning-oversized-container-images" class="md-nav__link">
<span class="md-ellipsis">
Prevent scanning oversized container images
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-content" data-md-component="content">
<article class="md-content__inner md-typeset">
<a href="https://github.com/aquasecurity/trivy/blob/main/docs/docs/target/container_image.md" title="Edit this page" class="md-content__button md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M10 20H6V4h7v5h5v3.1l2-2V8l-6-6H6c-1.1 0-2 .9-2 2v16c0 1.1.9 2 2 2h4zm10.2-7c.1 0 .3.1.4.2l1.3 1.3c.2.2.2.6 0 .8l-1 1-2.1-2.1 1-1c.1-.1.2-.2.4-.2m0 3.9L14.1 23H12v-2.1l6.1-6.1z"/></svg>
</a>
<h1 id="container-image">Container Image<a class="headerlink" href="#container-image" title="Permanent link">&para;</a></h1>
<p>Trivy supports two targets for container images.</p>
<ul>
<li>Files inside container images</li>
<li>Container image metadata</li>
</ul>
<h2 id="files-inside-container-images">Files inside container images<a class="headerlink" href="#files-inside-container-images" title="Permanent link">&para;</a></h2>
<p>Container images consist of files.
For instance, new files will be installed if you install a package.</p>
<p>Trivy scans the files inside container images for</p>
<ul>
<li>Vulnerabilities</li>
<li>Misconfigurations</li>
<li>Secrets</li>
<li>Licenses</li>
</ul>
<p>By default, vulnerability and secret scanning are enabled, and you can configure that with <code>--scanners</code>.</p>
<h3 id="vulnerabilities">Vulnerabilities<a class="headerlink" href="#vulnerabilities" title="Permanent link">&para;</a></h3>
<p>It is enabled by default.
You can simply specify your image name (and a tag).
It detects known vulnerabilities in your container image.
See <a href="../../scanner/vulnerability/">here</a> for the detail.</p>
<div class="highlight"><pre><span></span><code>$ trivy image [YOUR_IMAGE_NAME]
</code></pre></div>
<p>For example:</p>
<div class="highlight"><pre><span></span><code>$ trivy image python:3.4-alpine
</code></pre></div>
<details>
<summary>Result</summary>
<div class="highlight"><pre><span></span><code>2019-05-16T01:20:43.180+0900 INFO Updating vulnerability database...
2019-05-16T01:20:53.029+0900 INFO Detecting Alpine vulnerabilities...
python:3.4-alpine3.9 (alpine 3.9.2)
===================================
Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0)
+---------+------------------+----------+-------------------+---------------+--------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+---------+------------------+----------+-------------------+---------------+--------------------------------+
| openssl | CVE-2019-1543 | MEDIUM | 1.1.1a-r1 | 1.1.1b-r1 | openssl: ChaCha20-Poly1305 |
| | | | | | with long nonces |
+---------+------------------+----------+-------------------+---------------+--------------------------------+
</code></pre></div>
</details>
<p>To enable only vulnerability scanning, you can specify <code>--scanners vuln</code>.</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>trivy<span class="w"> </span>image<span class="w"> </span>--scanners<span class="w"> </span>vuln<span class="w"> </span><span class="o">[</span>YOUR_IMAGE_NAME<span class="o">]</span>
</code></pre></div>
<h3 id="misconfigurations">Misconfigurations<a class="headerlink" href="#misconfigurations" title="Permanent link">&para;</a></h3>
<p>It is supported, but it is not useful in most cases.
As mentioned <a href="../../scanner/misconfiguration/">here</a>, Trivy mainly supports Infrastructure as Code (IaC) files for misconfigurations.
If your container image includes IaC files such as Kubernetes YAML files or Terraform files, you should enable this feature with <code>--scanners misconfig</code>.</p>
<div class="highlight"><pre><span></span><code>$ trivy image --scanners misconfig [YOUR_IMAGE_NAME]
</code></pre></div>
<h3 id="secrets">Secrets<a class="headerlink" href="#secrets" title="Permanent link">&para;</a></h3>
<p>It is enabled by default.
See <a href="../../scanner/secret/">here</a> for the detail.</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>trivy<span class="w"> </span>image<span class="w"> </span><span class="o">[</span>YOUR_IMAGE_NAME<span class="o">]</span>
</code></pre></div>
<h3 id="licenses">Licenses<a class="headerlink" href="#licenses" title="Permanent link">&para;</a></h3>
<p>It is disabled by default.
See <a href="../../scanner/license/">here</a> for the detail.</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>trivy<span class="w"> </span>image<span class="w"> </span>--scanners<span class="w"> </span>license<span class="w"> </span><span class="o">[</span>YOUR_IMAGE_NAME<span class="o">]</span>
</code></pre></div>
<h2 id="container-image-metadata">Container image metadata<a class="headerlink" href="#container-image-metadata" title="Permanent link">&para;</a></h2>
<p>Container images have <a href="https://github.com/opencontainers/image-spec/blob/2fb996805b3734779bf9a3a84dc9a9691ad7efdd/config.md">configuration</a>.
<code>docker inspect</code> and <code>docker history</code> show the information according to the configuration.</p>
<p>Trivy scans the configuration of container images for</p>
<ul>
<li>Misconfigurations</li>
<li>Secrets</li>
</ul>
<p>They are disabled by default.
You can enable them with <code>--image-config-scanners</code>.</p>
<div class="admonition tips">
<p class="admonition-title">Tips</p>
<p>The configuration can be exported as the JSON file by <code>docker save</code>.</p>
</div>
<h3 id="misconfigurations_1">Misconfigurations<a class="headerlink" href="#misconfigurations_1" title="Permanent link">&para;</a></h3>
<p>Trivy detects misconfigurations on the configuration of container images.
The image config is converted into Dockerfile and Trivy handles it as Dockerfile.
See <a href="../../scanner/misconfiguration/">here</a> for the detail of Dockerfile scanning.</p>
<p>It is disabled by default.
You can enable it with <code>--image-config-scanners misconfig</code>.</p>
<div class="highlight"><pre><span></span><code>$ trivy image --image-config-scanners misconfig [YOUR_IMAGE_NAME]
</code></pre></div>
<details>
<summary>Result</summary>
<div class="highlight"><pre><span></span><code>alpine:3.17 (dockerfile)
========================
Tests: 24 (SUCCESSES: 21, FAILURES: 3)
Failures: 3 (UNKNOWN: 0, LOW: 2, MEDIUM: 0, HIGH: 1, CRITICAL: 0)
HIGH: Specify at least 1 USER command in Dockerfile with non-root user as argument
════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════
Running containers with &#39;root&#39; user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a &#39;USER&#39; statement to the Dockerfile.
See https://avd.aquasec.com/misconfig/ds002
────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
LOW: Consider using &#39;COPY file:e4d600fc4c9c293efe360be7b30ee96579925d1b4634c94332e2ec73f7d8eca1 in /&#39; command instead of &#39;ADD file:e4d600fc4c9c293efe360be7b30ee96579925d1b4634c94332e2ec73f7d8eca1 in /&#39;
════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════
You should use COPY instead of ADD unless you want to extract a tar file. Note that an ADD command will extract a tar file, which adds the risk of Zip-based vulnerabilities. Accordingly, it is advised to use a COPY command, which does not extract tar files.
See https://avd.aquasec.com/misconfig/ds005
────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
alpine:3.17:1
────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
1 [ ADD file:e4d600fc4c9c293efe360be7b30ee96579925d1b4634c94332e2ec73f7d8eca1 in /
────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
LOW: Add HEALTHCHECK instruction in your Dockerfile
════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════
You should add HEALTHCHECK instruction in your docker container images to perform the health check on running containers.
See https://avd.aquasec.com/misconfig/ds026
────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
</code></pre></div>
</details>
<div class="admonition tip">
<p class="admonition-title">Tip</p>
<p>You can see how each layer is created with <code>docker history</code>.</p>
</div>
<h4 id="disabled-checks">Disabled checks<a class="headerlink" href="#disabled-checks" title="Permanent link">&para;</a></h4>
<p>The following checks are disabled for this scan type due to known issues. See the linked issues for more details.</p>
<table>
<thead>
<tr>
<th>Check ID</th>
<th>Reason</th>
<th>Issue</th>
</tr>
</thead>
<tbody>
<tr>
<td><a href="https://avd.aquasec.com/misconfig/dockerfile/general/avd-ds-0007/">AVD-DS-0007</a></td>
<td>This check detects multiple <code>ENTRYPOINT</code> instructions in a stage, but since image history analysis does not identify stages, this check is not relevant for this scan type.</td>
<td><a href="https://github.com/aquasecurity/trivy/issues/8364">#8364</a></td>
</tr>
<tr>
<td><a href="https://avd.aquasec.com/misconfig/dockerfile/general/avd-ds-0016/">AVD-DS-0016</a></td>
<td>This check detects multiple <code>CMD</code> instructions in a stage, but since image history analysis does not identify stages, this check is not relevant for this scan type.</td>
<td><a href="https://github.com/aquasecurity/trivy/issues/7368">#7368</a></td>
</tr>
</tbody>
</table>
<h3 id="secrets_1">Secrets<a class="headerlink" href="#secrets_1" title="Permanent link">&para;</a></h3>
<p>Trivy detects secrets on the configuration of container images.
The image config is converted into JSON and Trivy scans the file for secrets.
It is especially useful for environment variables that are likely to have credentials by accident.
See <a href="../../scanner/secret/">here</a> for the detail.</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>trivy<span class="w"> </span>image<span class="w"> </span>--image-config-scanners<span class="w"> </span>secret<span class="w"> </span><span class="o">[</span>YOUR_IMAGE_NAME<span class="o">]</span>
</code></pre></div>
<details>
<summary>Result</summary>
<div class="highlight"><pre><span></span><code>vuln-image (alpine 3.17.1)
==========================
Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)
vuln-image (secrets)
====================
Total: 2 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 2)
CRITICAL: GitHub (github-pat)
════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════
GitHub Personal Access Token
────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
test:16
────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
14 {
15 &quot;created&quot;: &quot;2023-01-09T17:05:20Z&quot;,
16 [ &quot;created_by&quot;: &quot;ENV secret=****************************************&quot;,
17 &quot;comment&quot;: &quot;buildkit.dockerfile.v0&quot;,
────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
CRITICAL: GitHub (github-pat)
════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════
GitHub Personal Access Token
────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
test:34
────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
32 &quot;Env&quot;: [
33 &quot;PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin&quot;,
34 [ &quot;secret=****************************************&quot;
35 ]
────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
</code></pre></div>
</details>
<div class="admonition tip">
<p class="admonition-title">Tip</p>
<p>You can see environment variables with <code>docker inspect</code>.</p>
</div>
<h2 id="supported">Supported<a class="headerlink" href="#supported" title="Permanent link">&para;</a></h2>
<p>Trivy will look for the specified image in a series of locations. By default, it
will first look in the local Docker Engine, then Containerd, Podman, and
finally container registry.</p>
<p>This behavior can be modified with the <code>--image-src</code> flag. For example, the
command</p>
<div class="highlight"><pre><span></span><code>trivy<span class="w"> </span>image<span class="w"> </span>--image-src<span class="w"> </span>podman,containerd<span class="w"> </span>alpine:3.7.3
</code></pre></div>
<p>Will first search in Podman. If the image is found there, it will be scanned
and the results returned. If the image is not found in Podman, then Trivy will
search in Containerd. If the image is not found there either, the scan will
fail and no more image sources will be searched.</p>
<h3 id="docker-engine">Docker Engine<a class="headerlink" href="#docker-engine" title="Permanent link">&para;</a></h3>
<p>Trivy tries to looks for the specified image in your local Docker Engine.
It will be skipped if Docker Engine is not running locally.</p>
<p>If your docker socket is not the default path, you can override it via <code>DOCKER_HOST</code>.</p>
<h3 id="containerd">containerd<a class="headerlink" href="#containerd" title="Permanent link">&para;</a></h3>
<div class="admonition warning">
<p class="admonition-title">EXPERIMENTAL</p>
<p>This feature might change without preserving backwards compatibility.</p>
</div>
<p>Trivy tries to looks for the specified image in your local <a href="https://containerd.io/">containerd</a>.
It will be skipped if containerd is not running locally.</p>
<p>Specify your image name in containerd running locally.</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>nerdctl<span class="w"> </span>images
REPOSITORY<span class="w"> </span>TAG<span class="w"> </span>IMAGE<span class="w"> </span>ID<span class="w"> </span>CREATED<span class="w"> </span>PLATFORM<span class="w"> </span>SIZE<span class="w"> </span>BLOB<span class="w"> </span>SIZE
aquasec/nginx<span class="w"> </span>latest<span class="w"> </span>2bcabc23b454<span class="w"> </span><span class="m">3</span><span class="w"> </span>hours<span class="w"> </span>ago<span class="w"> </span>linux/amd64<span class="w"> </span><span class="m">149</span>.1<span class="w"> </span>MiB<span class="w"> </span><span class="m">54</span>.1<span class="w"> </span>MiB
$<span class="w"> </span>trivy<span class="w"> </span>image<span class="w"> </span>aquasec/nginx
</code></pre></div>
<p>If your containerd socket is not the default path (<code>//run/containerd/containerd.sock</code>), you can override it via <code>CONTAINERD_ADDRESS</code>.</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span><span class="nb">export</span><span class="w"> </span><span class="nv">CONTAINERD_ADDRESS</span><span class="o">=</span>/run/k3s/containerd/containerd.sock
$<span class="w"> </span>trivy<span class="w"> </span>image<span class="w"> </span>aquasec/nginx
</code></pre></div>
<p>If your scan targets are images in a namespace other than containerd's default namespace (<code>default</code>), you can override it via <code>CONTAINERD_NAMESPACE</code>.</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span><span class="nb">export</span><span class="w"> </span><span class="nv">CONTAINERD_NAMESPACE</span><span class="o">=</span>k8s.io
$<span class="w"> </span>trivy<span class="w"> </span>image<span class="w"> </span>aquasec/nginx
</code></pre></div>
<h3 id="podman">Podman<a class="headerlink" href="#podman" title="Permanent link">&para;</a></h3>
<div class="admonition warning">
<p class="admonition-title">EXPERIMENTAL</p>
<p>This feature might change without preserving backwards compatibility.</p>
</div>
<p>Scan your image in Podman (&gt;=2.0) running locally. The remote Podman is not supported.
If you prefer to keep the socket open at all times, then before performing Trivy commands, you can enable the podman.sock systemd service on your machine.
For more details, see <a href="https://github.com/containers/podman/blob/master/docs/tutorials/remote_client.md#enable-the-podman-service-on-the-server-machine">here</a>.</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>systemctl<span class="w"> </span>--user<span class="w"> </span><span class="nb">enable</span><span class="w"> </span>--now<span class="w"> </span>podman.socket
</code></pre></div>
<p>Then, you can scan your image in Podman.</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>cat<span class="w"> </span>Dockerfile
FROM<span class="w"> </span>alpine:3.12
RUN<span class="w"> </span>apk<span class="w"> </span>add<span class="w"> </span>--no-cache<span class="w"> </span>bash
$<span class="w"> </span>podman<span class="w"> </span>build<span class="w"> </span>-t<span class="w"> </span><span class="nb">test</span><span class="w"> </span>.
$<span class="w"> </span>podman<span class="w"> </span>images
REPOSITORY<span class="w"> </span>TAG<span class="w"> </span>IMAGE<span class="w"> </span>ID<span class="w"> </span>CREATED<span class="w"> </span>SIZE
localhost/test<span class="w"> </span>latest<span class="w"> </span>efc372d4e0de<span class="w"> </span>About<span class="w"> </span>a<span class="w"> </span>minute<span class="w"> </span>ago<span class="w"> </span><span class="m">7</span>.94<span class="w"> </span>MB
$<span class="w"> </span>trivy<span class="w"> </span>image<span class="w"> </span><span class="nb">test</span>
</code></pre></div>
<p>If you prefer not to keep the socket open at all times, but to limit the socket opening for your trivy scanning duration only then you can scan your image with the following command:</p>
<div class="highlight"><pre><span></span><code>podman<span class="w"> </span>system<span class="w"> </span>service<span class="w"> </span>--time<span class="o">=</span><span class="m">0</span><span class="w"> </span><span class="s2">&quot;</span><span class="si">${</span><span class="nv">TMP_PODMAN_SOCKET</span><span class="si">}</span><span class="s2">&quot;</span><span class="w"> </span><span class="p">&amp;</span><span class="w"> </span>
<span class="nv">PODMAN_SYSTEM_SERVICE_PID</span><span class="o">=</span><span class="s2">&quot;</span><span class="nv">$!</span><span class="s2">&quot;</span><span class="w"> </span>
trivy<span class="w"> </span>image<span class="w"> </span>--podman-host<span class="o">=</span><span class="s2">&quot;</span><span class="si">${</span><span class="nv">TMP_PODMAN_SOCKET</span><span class="si">}</span><span class="s2">&quot;</span><span class="w"> </span>--docker-host<span class="o">=</span><span class="s2">&quot;</span><span class="si">${</span><span class="nv">TMP_PODMAN_SOCKET</span><span class="si">}</span><span class="s2">&quot;</span><span class="w"> </span><span class="nb">test</span>
<span class="nb">kill</span><span class="w"> </span><span class="s2">&quot;</span><span class="si">${</span><span class="nv">PODMAN_SYSTEM_SERVICE_PID</span><span class="si">}</span><span class="s2">&quot;</span>
</code></pre></div>
<h3 id="container-registry">Container Registry<a class="headerlink" href="#container-registry" title="Permanent link">&para;</a></h3>
<p>Trivy supports registries that comply with the following specifications.</p>
<ul>
<li><a href="https://docs.docker.com/registry/spec/api/">Docker Registry HTTP API V2</a></li>
<li><a href="https://github.com/opencontainers/distribution-spec">OCI Distribution Specification</a></li>
</ul>
<p>You can configure credentials with <code>trivy registry login</code>.
See <a href="../../advanced/private-registries/">here</a> for the detail.</p>
<h3 id="tar-files">Tar Files<a class="headerlink" href="#tar-files" title="Permanent link">&para;</a></h3>
<p>Trivy supports image tar files generated by the following tools.</p>
<ul>
<li><a href="https://github.com/moby/moby/tree/master/image/spec">Docker Image Specification</a><ul>
<li><a href="https://github.com/moby/moby/">Moby Project</a></li>
<li><a href="https://github.com/containers/buildah">Buildah</a></li>
<li><a href="https://github.com/containers/podman">Podman</a></li>
<li><a href="https://github.com/genuinetools/img">img</a></li>
</ul>
</li>
<li><a href="https://github.com/GoogleContainerTools/kaniko">Kaniko</a></li>
</ul>
<div class="highlight"><pre><span></span><code>$ docker pull ruby:3.1-alpine3.15
$ docker save ruby:3.1-alpine3.15 -o ruby-3.1.tar
$ trivy image --input ruby-3.1.tar
</code></pre></div>
<details>
<summary>Result</summary>
<div class="highlight"><pre><span></span><code>2022-02-03T10:08:19.127Z INFO Detected OS: alpine
2022-02-03T10:08:19.127Z WARN This OS version is not on the EOL list: alpine 3.15
2022-02-03T10:08:19.127Z INFO Detecting Alpine vulnerabilities...
2022-02-03T10:08:19.127Z INFO Number of language-specific files: 2
2022-02-03T10:08:19.127Z INFO Detecting gemspec vulnerabilities...
2022-02-03T10:08:19.128Z INFO Detecting node-pkg vulnerabilities...
2022-02-03T10:08:19.128Z WARN This OS version is no longer supported by the distribution: alpine 3.15.0
2022-02-03T10:08:19.128Z WARN The vulnerability detection may be insufficient because security updates are not provided
ruby-3.1.tar (alpine 3.15.0)
============================
Total: 3 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 3, CRITICAL: 0)
+----------+------------------+----------+-------------------+---------------+---------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+----------+------------------+----------+-------------------+---------------+---------------------------------------+
| gmp | CVE-2021-43618 | HIGH | 6.2.1-r0 | 6.2.1-r1 | gmp: Integer overflow and resultant |
| | | | | | buffer overflow via crafted input |
| | | | | | --&gt;avd.aquasec.com/nvd/cve-2021-43618 |
+----------+ + + + + +
| gmp-dev | | | | | |
| | | | | | |
| | | | | | |
+----------+ + + + + +
| libgmpxx | | | | | |
| | | | | | |
| | | | | | |
+----------+------------------+----------+-------------------+---------------+---------------------------------------+
Node.js (node-pkg)
==================
Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)
Ruby (gemspec)
==============
Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)
</code></pre></div>
</details>
<h3 id="oci-layout">OCI Layout<a class="headerlink" href="#oci-layout" title="Permanent link">&para;</a></h3>
<p>Trivy supports image directories compliant with <a href="https://github.com/opencontainers/image-spec/blob/master/spec.md">Open Container Image Layout Specification</a>.</p>
<p>Buildah:</p>
<div class="highlight"><pre><span></span><code>$ buildah push docker.io/library/alpine:3.11 oci:/path/to/alpine
$ trivy image --input /path/to/alpine
</code></pre></div>
<p>Skopeo:</p>
<div class="highlight"><pre><span></span><code>$ skopeo copy docker-daemon:alpine:3.11 oci:/path/to/alpine
$ trivy image --input /path/to/alpine
</code></pre></div>
<p>Referencing specific images can be done by their tag or by their manifest digest:
<div class="highlight"><pre><span></span><code># Referenced by tag
$ trivy image --input /path/to/alpine:3.15
# Referenced by digest
$ trivy image --input /path/to/alpine@sha256:82389ea44e50c696aba18393b168a833929506f5b29b9d75eb817acceb6d54ba
</code></pre></div></p>
<h2 id="sbom">SBOM<a class="headerlink" href="#sbom" title="Permanent link">&para;</a></h2>
<p>Trivy supports the generation of Software Bill of Materials (SBOM) for container images and the search for SBOMs during vulnerability scanning.</p>
<h3 id="generation">Generation<a class="headerlink" href="#generation" title="Permanent link">&para;</a></h3>
<p>Trivy can generate SBOM for container images.
See <a href="../../supply-chain/sbom/">here</a> for details.</p>
<h3 id="discover-sbom-inside-container-images">Discover SBOM inside container images<a class="headerlink" href="#discover-sbom-inside-container-images" title="Permanent link">&para;</a></h3>
<p>Trivy can search for Software Bill of Materials (SBOMs) within container image files and scan their components for vulnerabilities.</p>
<h4 id="third-party-sbom-files">Third-party SBOM files<a class="headerlink" href="#third-party-sbom-files" title="Permanent link">&para;</a></h4>
<p>SBOM specifications define key requirements for component documentation<sup id="fnref:2"><a class="footnote-ref" href="#fn:2">2</a></sup>.
However, different tools and systems often have varying approaches to documenting component types and their relationships.</p>
<p>Due to these variations, Trivy cannot always accurately interpret SBOMs generated by other tools.
For example, it may have difficulty determining the correct file paths to component information files (such as lock files or binaries).
In such cases, Trivy uses the path to the scanned SBOM file itself to maintain traceability and ensure accurate dependency reporting.</p>
<h3 id="discover-sbom-referencing-the-container-image">Discover SBOM referencing the container image<a class="headerlink" href="#discover-sbom-referencing-the-container-image" title="Permanent link">&para;</a></h3>
<p>Trivy can search for Software Bill of Materials (SBOMs) that reference container images.
If an SBOM is found, the vulnerability scan is performed using the SBOM instead of the container image.
By using the SBOM, you can perform a vulnerability scan more quickly, as it allows you to skip pulling the container image and analyzing its layers.</p>
<p>To enable this functionality, you need to specify the <code>--sbom-sources</code> flag.
The following two sources are supported:</p>
<ul>
<li>OCI Registry (<code>oci</code>)</li>
<li>Rekor (<code>rekor</code>)</li>
</ul>
<p>Example:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>trivy<span class="w"> </span>image<span class="w"> </span>--sbom-sources<span class="w"> </span>oci<span class="w"> </span>ghcr.io/knqyf263/oci-referrers
<span class="m">2023</span>-03-05T17:36:55.278+0200<span class="w"> </span>INFO<span class="w"> </span>Vulnerability<span class="w"> </span>scanning<span class="w"> </span>is<span class="w"> </span>enabled
<span class="m">2023</span>-03-05T17:36:58.103+0200<span class="w"> </span>INFO<span class="w"> </span>Detected<span class="w"> </span>SBOM<span class="w"> </span>format:<span class="w"> </span>cyclonedx-json
<span class="m">2023</span>-03-05T17:36:58.129+0200<span class="w"> </span>INFO<span class="w"> </span>Found<span class="w"> </span>SBOM<span class="w"> </span><span class="o">(</span>cyclonedx<span class="o">)</span><span class="w"> </span><span class="k">in</span><span class="w"> </span>the<span class="w"> </span>OCI<span class="w"> </span>referrers
...
ghcr.io/knqyf263/oci-referrers<span class="w"> </span><span class="o">(</span>alpine<span class="w"> </span><span class="m">3</span>.16.2<span class="o">)</span>
<span class="o">==============================================</span>
Total:<span class="w"> </span><span class="m">17</span><span class="w"> </span><span class="o">(</span>UNKNOWN:<span class="w"> </span><span class="m">0</span>,<span class="w"> </span>LOW:<span class="w"> </span><span class="m">0</span>,<span class="w"> </span>MEDIUM:<span class="w"> </span><span class="m">5</span>,<span class="w"> </span>HIGH:<span class="w"> </span><span class="m">9</span>,<span class="w"> </span>CRITICAL:<span class="w"> </span><span class="m">3</span><span class="o">)</span>
</code></pre></div>
<p>The OCI Registry utilizes the <a href="https://github.com/opencontainers/distribution-spec/blob/main/spec.md#listing-referrers">Referrers API</a>.
For more information about Rekor, please refer to <a href="../../supply-chain/attestation/rekor/">its documentation</a>.</p>
<h2 id="compliance">Compliance<a class="headerlink" href="#compliance" title="Permanent link">&para;</a></h2>
<div class="admonition warning">
<p class="admonition-title">EXPERIMENTAL</p>
<p>This feature might change without preserving backwards compatibility.</p>
</div>
<p>This section describes container image specific compliance reports.
For an overview of Trivy's Compliance feature, including working with custom compliance, check out the <a href="../../compliance/compliance/">Compliance documentation</a>.</p>
<h3 id="built-in-reports">Built in reports<a class="headerlink" href="#built-in-reports" title="Permanent link">&para;</a></h3>
<p>The following reports are available out of the box:</p>
<table>
<thead>
<tr>
<th>Compliance</th>
<th>Version</th>
<th>Name for command</th>
<th>More info</th>
</tr>
</thead>
<tbody>
<tr>
<td>CIS Docker Community Edition Benchmark</td>
<td>1.1.0</td>
<td><code>docker-cis-1.6.0</code></td>
<td><a href="https://www.aquasec.com/cloud-native-academy/docker-container/docker-cis-benchmark/">Link</a></td>
</tr>
</tbody>
</table>
<h3 id="examples">Examples<a class="headerlink" href="#examples" title="Permanent link">&para;</a></h3>
<p>Scan a container image configuration and generate a compliance summary report:</p>
<div class="highlight"><pre><span></span><code>trivy image --compliance docker-cis-1.6.0 [YOUR_IMAGE_NAME]
</code></pre></div>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>The <code>Issues</code> column represent the total number of failed checks for this control.</p>
</div>
<h2 id="authentication">Authentication<a class="headerlink" href="#authentication" title="Permanent link">&para;</a></h2>
<p>Please reference <a href="../../advanced/private-registries/">this page</a>.</p>
<h2 id="scan-cache">Scan Cache<a class="headerlink" href="#scan-cache" title="Permanent link">&para;</a></h2>
<p>When scanning container images, it stores analysis results in the cache, using the image ID and the layer IDs as the key.
This approach enables faster scans of the same container image or different images that share layers.</p>
<p>More details are available in the <a href="../../configuration/cache/#scan-cache-backend">cache documentation</a>.</p>
<h2 id="options">Options<a class="headerlink" href="#options" title="Permanent link">&para;</a></h2>
<h3 id="scan-image-on-a-specific-architecture-and-os">Scan Image on a specific Architecture and OS<a class="headerlink" href="#scan-image-on-a-specific-architecture-and-os" title="Permanent link">&para;</a></h3>
<p>By default, Trivy loads an image on a "linux/amd64" machine.
To customise this, pass a <code>--platform</code> argument in the format OS/Architecture for the image:</p>
<div class="highlight"><pre><span></span><code>$ trivy image --platform=os/architecture [YOUR_IMAGE_NAME]
</code></pre></div>
<p>For example:</p>
<div class="highlight"><pre><span></span><code>$ trivy image --platform=linux/arm alpine:3.16.1
</code></pre></div>
<details>
<summary>Result</summary>
<div class="highlight"><pre><span></span><code>2022-10-25T21:00:50.972+0300 INFO Vulnerability scanning is enabled
2022-10-25T21:00:50.972+0300 INFO Secret scanning is enabled
2022-10-25T21:00:50.972+0300 INFO If your scanning is slow, please try &#39;--scanners vuln&#39; to disable secret scanning
2022-10-25T21:00:50.972+0300 INFO Please see also https://trivy.dev/dev/docs/secret/scanning/#recommendation for faster secret detection
2022-10-25T21:00:56.190+0300 INFO Detected OS: alpine
2022-10-25T21:00:56.190+0300 INFO Detecting Alpine vulnerabilities...
2022-10-25T21:00:56.191+0300 INFO Number of language-specific files: 0
alpine:3.16.1 (alpine 3.16.1)
=============================
Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 1)
┌─────────┬────────────────┬──────────┬───────────────────┬───────────────┬─────────────────────────────────────────────────────────────┐
│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │
├─────────┼────────────────┼──────────┼───────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤
│ zlib │ CVE-2022-37434 │ CRITICAL │ 1.2.12-r1 │ 1.2.12-r2 │ zlib: heap-based buffer over-read and overflow in inflate() │
│ │ │ │ │ │ in inflate.c via a... │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-37434 │
└─────────┴────────────────┴──────────┴───────────────────┴───────────────┴─────────────────────────────────────────────────────────────┘
</code></pre></div>
</details>
<h3 id="configure-docker-daemon-socket-to-connect-to">Configure Docker daemon socket to connect to.<a class="headerlink" href="#configure-docker-daemon-socket-to-connect-to" title="Permanent link">&para;</a></h3>
<p>You can configure Docker daemon socket with <code>DOCKER_HOST</code> or <code>--docker-host</code>.</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>trivy<span class="w"> </span>image<span class="w"> </span>--docker-host<span class="w"> </span>tcp://127.0.0.1:2375<span class="w"> </span>YOUR_IMAGE
</code></pre></div>
<h3 id="configure-podman-daemon-socket-to-connect-to">Configure Podman daemon socket to connect to.<a class="headerlink" href="#configure-podman-daemon-socket-to-connect-to" title="Permanent link">&para;</a></h3>
<p>You can configure Podman daemon socket with <code>--podman-host</code>.</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>trivy<span class="w"> </span>image<span class="w"> </span>--podman-host<span class="w"> </span>/run/user/1000/podman/podman.sock<span class="w"> </span>YOUR_IMAGE
</code></pre></div>
<h3 id="prevent-scanning-oversized-container-images">Prevent scanning oversized container images<a class="headerlink" href="#prevent-scanning-oversized-container-images" title="Permanent link">&para;</a></h3>
<p>Use the <code>--max-image-size</code> flag to avoid scanning images that exceed a specified size. The size is specified in a human-readable format<sup id="fnref:1"><a class="footnote-ref" href="#fn:1">1</a></sup> (e.g., <code>100MB</code>, <code>10GB</code>).</p>
<p>An error is returned in the following cases:</p>
<ul>
<li>if the compressed image size exceeds the limit,</li>
<li>if the accumulated size of the uncompressed layers exceeds the limit during their pulling.</li>
</ul>
<p>The layers are pulled into a temporary folder during their pulling and are always cleaned up, even after a successful scan.</p>
<div class="admonition warning">
<p class="admonition-title">EXPERIMENTAL</p>
<p>This feature might change without preserving backwards compatibility.</p>
</div>
<p>Example Usage:
<div class="highlight"><pre><span></span><code><span class="c1"># Limit uncompressed image size to 10GB</span>
$<span class="w"> </span>trivy<span class="w"> </span>image<span class="w"> </span>--max-image-size<span class="o">=</span>10GB<span class="w"> </span>myapp:latest
</code></pre></div></p>
<p>Error Output:
<div class="highlight"><pre><span></span><code>Error:<span class="w"> </span>uncompressed<span class="w"> </span>image<span class="w"> </span>size<span class="w"> </span><span class="o">(</span>15GB<span class="o">)</span><span class="w"> </span>exceeds<span class="w"> </span>maximum<span class="w"> </span>allowed<span class="w"> </span>size<span class="w"> </span><span class="o">(</span>10GB<span class="o">)</span>
</code></pre></div></p>
<div class="footnote">
<hr />
<ol>
<li id="fn:1">
<p>Trivy uses decimal (SI) prefixes (based on 1000) for size.&#160;<a class="footnote-backref" href="#fnref:1" title="Jump back to footnote 1 in the text">&#8617;</a></p>
</li>
<li id="fn:2">
<p>SPDX uses <code>package</code> instead of <code>component</code>.&#160;<a class="footnote-backref" href="#fnref:2" title="Jump back to footnote 2 in the text">&#8617;</a></p>
</li>
</ol>
</div>
</article>
</div>
<script>var tabs=__md_get("__tabs");if(Array.isArray(tabs))e:for(var set of document.querySelectorAll(".tabbed-set")){var labels=set.querySelector(".tabbed-labels");for(var tab of tabs)for(var label of labels.getElementsByTagName("label"))if(label.innerText.trim()===tab){var input=document.getElementById(label.htmlFor);input.checked=!0;continue e}}</script>
<script>var target=document.getElementById(location.hash.slice(1));target&&target.name&&(target.checked=target.name.startsWith("__tabbed_"))</script>
</div>
</main>
<footer class="md-footer">
<nav class="md-footer__inner md-grid" aria-label="Footer" >
<a href="../../" class="md-footer__link md-footer__link--prev" aria-label="Previous: Overview">
<div class="md-footer__button md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11z"/></svg>
</div>
<div class="md-footer__title">
<span class="md-footer__direction">
Previous
</span>
<div class="md-ellipsis">
Overview
</div>
</div>
</a>
<a href="../filesystem/" class="md-footer__link md-footer__link--next" aria-label="Next: Filesystem">
<div class="md-footer__title">
<span class="md-footer__direction">
Next
</span>
<div class="md-ellipsis">
Filesystem
</div>
</div>
<div class="md-footer__button md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M4 11v2h12l-5.5 5.5 1.42 1.42L19.84 12l-7.92-7.92L10.5 5.5 16 11z"/></svg>
</div>
</a>
</nav>
<div class="md-footer-meta md-typeset">
<div class="md-footer-meta__inner md-grid">
<div class="md-copyright">
</div>
<div class="md-social">
<a href="https://twitter.com/AquaTrivy" target="_blank" rel="noopener" title="twitter.com" class="md-social__link">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><!--! Font Awesome Free 6.6.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc.--><path d="M389.2 48h70.6L305.6 224.2 487 464H345L233.7 318.6 106.5 464H35.8l164.9-188.5L26.8 48h145.6l100.5 132.9zm-24.8 373.8h39.1L151.1 88h-42z"/></svg>
</a>
<a href="https://github.com/aquasecurity/trivy" target="_blank" rel="noopener" title="github.com" class="md-social__link">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 496 512"><!--! Font Awesome Free 6.6.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc.--><path d="M165.9 397.4c0 2-2.3 3.6-5.2 3.6-3.3.3-5.6-1.3-5.6-3.6 0-2 2.3-3.6 5.2-3.6 3-.3 5.6 1.3 5.6 3.6m-31.1-4.5c-.7 2 1.3 4.3 4.3 4.9 2.6 1 5.6 0 6.2-2s-1.3-4.3-4.3-5.2c-2.6-.7-5.5.3-6.2 2.3m44.2-1.7c-2.9.7-4.9 2.6-4.6 4.9.3 2 2.9 3.3 5.9 2.6 2.9-.7 4.9-2.6 4.6-4.6-.3-1.9-3-3.2-5.9-2.9M244.8 8C106.1 8 0 113.3 0 252c0 110.9 69.8 205.8 169.5 239.2 12.8 2.3 17.3-5.6 17.3-12.1 0-6.2-.3-40.4-.3-61.4 0 0-70 15-84.7-29.8 0 0-11.4-29.1-27.8-36.6 0 0-22.9-15.7 1.6-15.4 0 0 24.9 2 38.6 25.8 21.9 38.6 58.6 27.5 72.9 20.9 2.3-16 8.8-27.1 16-33.7-55.9-6.2-112.3-14.3-112.3-110.5 0-27.5 7.6-41.3 23.6-58.9-2.6-6.5-11.1-33.3 2.6-67.9 20.9-6.5 69 27 69 27 20-5.6 41.5-8.5 62.8-8.5s42.8 2.9 62.8 8.5c0 0 48.1-33.6 69-27 13.7 34.7 5.2 61.4 2.6 67.9 16 17.7 25.8 31.5 25.8 58.9 0 96.5-58.9 104.2-114.8 110.5 9.2 7.9 17 22.9 17 46.4 0 33.7-.3 75.4-.3 83.6 0 6.5 4.6 14.4 17.3 12.1C428.2 457.8 496 362.9 496 252 496 113.3 383.5 8 244.8 8M97.2 352.9c-1.3 1-1 3.3.7 5.2 1.6 1.6 3.9 2.3 5.2 1 1.3-1 1-3.3-.7-5.2-1.6-1.6-3.9-2.3-5.2-1m-10.8-8.1c-.7 1.3.3 2.9 2.3 3.9 1.6 1 3.6.7 4.3-.7.7-1.3-.3-2.9-2.3-3.9-2-.6-3.6-.3-4.3.7m32.4 35.6c-1.6 1.3-1 4.3 1.3 6.2 2.3 2.3 5.2 2.6 6.5 1 1.3-1.3.7-4.3-1.3-6.2-2.2-2.3-5.2-2.6-6.5-1m-11.4-14.7c-1.6 1-1.6 3.6 0 5.9s4.3 3.3 5.6 2.3c1.6-1.3 1.6-3.9 0-6.2-1.4-2.3-4-3.3-5.6-2"/></svg>
</a>
<a href="https://github.com/aquasecurity/trivy" target="_blank" rel="noopener" title="github.com" class="md-social__link">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 6.6.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc.--><path d="M94.12 315.1c0 25.9-21.16 47.06-47.06 47.06S0 341 0 315.1s21.16-47.06 47.06-47.06h47.06zm23.72 0c0-25.9 21.16-47.06 47.06-47.06s47.06 21.16 47.06 47.06v117.84c0 25.9-21.16 47.06-47.06 47.06s-47.06-21.16-47.06-47.06zm47.06-188.98c-25.9 0-47.06-21.16-47.06-47.06S139 32 164.9 32s47.06 21.16 47.06 47.06v47.06zm0 23.72c25.9 0 47.06 21.16 47.06 47.06s-21.16 47.06-47.06 47.06H47.06C21.16 243.96 0 222.8 0 196.9s21.16-47.06 47.06-47.06zm188.98 47.06c0-25.9 21.16-47.06 47.06-47.06S448 171 448 196.9s-21.16 47.06-47.06 47.06h-47.06zm-23.72 0c0 25.9-21.16 47.06-47.06 47.06s-47.06-21.16-47.06-47.06V79.06c0-25.9 21.16-47.06 47.06-47.06s47.06 21.16 47.06 47.06zM283.1 385.88c25.9 0 47.06 21.16 47.06 47.06S309 480 283.1 480s-47.06-21.16-47.06-47.06v-47.06zm0-23.72c-25.9 0-47.06-21.16-47.06-47.06s21.16-47.06 47.06-47.06h117.84c25.9 0 47.06 21.16 47.06 47.06s-21.16 47.06-47.06 47.06z"/></svg>
</a>
</div>
</div>
</div>
</footer>
</div>
<div class="md-dialog" data-md-component="dialog">
<div class="md-dialog__inner md-typeset"></div>
</div>
<script id="__config" type="application/json">{"base": "../../..", "features": ["navigation.tabs", "navigation.tabs.sticky", "navigation.sections", "navigation.footer", "content.action.edit", "content.tabs.link", "content.code.annotate", "content.code.copy"], "search": "../../../assets/javascripts/workers/search.c7c1ca2c.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}, "version": {"default": "latest", "method": "mike", "provider": "mike"}}</script>
<script src="../../../assets/javascripts/bundle.203fd0bc.min.js"></script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink