Plugins

turbot/trivy

GitHub
Overview
7Tables
Versions
GitHub
steampipe plugin install trivysteampipe plugin install trivy
On This Page
Documentation
Get started
Get involved
Get Involved
Edit on GitHub
Discuss on Slack
Source Code
turbot/steampipe-plugin-trivy
License
Apache License 2.0
Version
v0.1.0
Published
08 Sep 2022

Trivy + Steampipe

Steampipe is an open source CLI to instantly query cloud APIs using SQL.

Trivy Trivy is a vulnerability/misconfiguration/secret scanner for containers and other artifacts.

Scan images or files for vulnerabilities using a query:

select
  vulnerability_id,
  package_name,
  installed_version,
  title
from
  trivy_scan_vulnerability
where
  artifact_type = 'container_image'
  and artifact_name = 'turbot/steampipe';
+------------------+--------------+-------------------+----------------------------+
| vulnerability_id | package_name | installed_version | title                      |
+------------------+--------------+-------------------+----------------------------+
| CVE-2011-3374    | apt          | 1.8.2.3           | It was found that apt-key… |
| CVE-2022-23218   | libc-bin     | 2.28-10+deb10u1   | glibc: Stack-based buffer… |
| CVE-2022-1304    | e2fsprogs    | 1.44.5-1+deb10u3  | e2fsprogs: out-of-bounds … |
| CVE-2017-18018   | coreutils    | 8.30-3            | coreutils: race condition… |
| CVE-2022-0563    | bsdutils     | 2.33.1-0.1        | util-linux: partial discl… |
+------------------+--------------+-------------------+----------------------------+

Or, query the database of vulnerability definitions:

select
  name,
  published_date,
  title
from
  trivy_vulnerability
where
  name like 'CVE-2022-%'
order by
  name;
+---------------+---------------------------+------------------------------------+
| name          | published_date            | title                              |
+---------------+---------------------------+------------------------------------+
| CVE-2022-0001 | 2022-03-11T13:15:00-05:00 | hw: cpu: intel: Branch History In… |
| CVE-2022-0002 | 2022-03-11T13:15:00-05:00 | hw: cpu: intel: Intra-Mode BTI   … |
| CVE-2022-0005 | 2022-05-12T13:15:00-04:00 | hw: cpu: information disclosure v… |
| CVE-2022-0070 | 2022-04-19T19:15:00-04:00 | <null>                             |
| CVE-2022-0079 | 2022-01-02T22:15:00-05:00 | showdoc is vulnerable to Generati… |
| CVE-2022-0080 | 2022-01-02T07:15:00-05:00 | mruby is vulnerable to Heap-based… |
+---------------+---------------------------+------------------------------------+

Documentation

Get started

Install

Download and install the latest Trivy plugin:

steampipe plugin install trivy

Configuration

Installing the latest trivy plugin will create a config file (~/.steampipe/config/trivy.spc) with a single connection named trivy:

connection "trivy" {
  plugin = "trivy"


  # Container images to scan by default
  images = [ "turbot/steampipe", "ubuntu:latest" ]


  # File system paths to scan by default. Must be a full path.
  paths = [ "/your/code", "/more/of/your/code" ]
}

Get involved