Trivy Scanner - сканер уязвимостей#

See also

Гитхаб: https://github.com/aquasecurity/harbor-scanner-trivy

Файл docker-compose.yml для Trivy:

version: '2.1'
networks:
 trivy_network:

services:
 trivy-adapter:
   image: aquasec/harbor-scanner-trivy:0.16.1
   restart: always
   ports:
     - "8282:8080"
   depends_on:
     - trivy-redis
   logging:
     driver: "json-file"
     options:
       max-size: 100m
   environment:
     - SCANNER_LOG_LEVEL=info
     - SCANNER_API_SERVER_ADDR=0.0.0.0:8080
#      - SCANNER_API_SERVER_TLS_CERTIFICATE=
#      - SCANNER_API_SERVER_TLS_KEY=
#      - SCANNER_API_SERVER_CLIENT_CAS=
     - SCANNER_API_SERVER_READ_TIMEOUT=15s
     - SCANNER_API_SERVER_WRITE_TIMEOUT=15s
     - SCANNER_API_SERVER_IDLE_TIMEOUT=60s
#      - SCANNER_TRIVY_CACHE_DIR=/home/scanner/.cache/trivy
#      - SCANNER_TRIVY_REPORTS_DIR=/home/scanner/.cache/reports
     - SCANNER_TRIVY_DEBUG_MODE=false
     - SCANNER_TRIVY_VULN_TYPE=os,library
     - SCANNER_TRIVY_SEVERITY=UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
     - SCANNER_TRIVY_IGNORE_UNFIXED=false
     - SCANNER_TRIVY_SKIP_UPDATE=false
     - SCANNER_TRIVY_GITHUB_TOKEN=
     - SCANNER_TRIVY_INSECURE=false
     - SCANNER_STORE_REDIS_NAMESPACE=harbor.scanner.trivy:store
     - SCANNER_STORE_REDIS_SCAN_JOB_TTL=1h
     - SCANNER_JOB_QUEUE_REDIS_NAMESPACE=harbor.scanner.trivy:job-queue
     - SCANNER_JOB_QUEUE_WORKER_CONCURRENCY=1
     - SCANNER_REDIS_URL=redis://trivy-redis:6379
     - SCANNER_REDIS_POOL_MAX_ACTIVE=5
     - SCANNER_REDIS_POOL_MAX_IDLE=5
     - SCANNER_REDIS_POOL_IDLE_TIMEOUT=5m
     - SCANNER_REDIS_POOL_CONNECTION_TIMEOUT=1s
     - SCANNER_REDIS_POOL_READ_TIMEOUT=1s
     - SCANNER_REDIS_POOL_WRITE_TIMEOUT=1s
#      - HTTP_PROXY=
#      - HTTPS_PROXY=
#      - NO_PROXY=
   networks:
     - trivy_network

 trivy-redis:
   container_name: trivy-redis
   image: redis:alpine
   restart: always
   command:
     - 'redis-server'
     - '--loglevel ${REDIS_LOGLEVEL:-warning}'
     - '--databases 2'
     - '--save 900 1'
     - '--save 300 10'
     - '--save 60 10000'
     - '--maxmemory ${REDIS_MAXMEM:-50mb}'
     - '--maxmemory-policy ${REDIS_POLICY:-noeviction}'
#      - '--requirepass ${REDIS_PASS}'
#    volumes:
#      - redis:/data
   environment:
    - REDIS_REPLICATION_MODE=master
   networks:
     - trivy_network