steampipe plugin install trivy

Trivy + Steampipe

Steampipe is an open-source zero-ETL engine to instantly query cloud APIs using SQL.

Trivy is a vulnerability/misconfiguration/secret scanner for containers and other artifacts.

Scan images or files for vulnerabilities using a query:

select
vulnerability_id,
package_name,
installed_version,
title
from
trivy_scan_vulnerability
where
artifact_type = 'container_image'
and artifact_name = 'turbot/steampipe';
+------------------+--------------+-------------------+----------------------------+
| vulnerability_id | package_name | installed_version | title |
+------------------+--------------+-------------------+----------------------------+
| CVE-2011-3374 | apt | 1.8.2.3 | It was found that apt-key… |
| CVE-2022-23218 | libc-bin | 2.28-10+deb10u1 | glibc: Stack-based buffer… |
| CVE-2022-1304 | e2fsprogs | 1.44.5-1+deb10u3 | e2fsprogs: out-of-bounds … |
| CVE-2017-18018 | coreutils | 8.30-3 | coreutils: race condition… |
| CVE-2022-0563 | bsdutils | 2.33.1-0.1 | util-linux: partial discl… |
+------------------+--------------+-------------------+----------------------------+

Or, query the database of vulnerability definitions:

select
name,
published_date,
title
from
trivy_vulnerability
where
name like 'CVE-2022-%'
order by
name;
+---------------+---------------------------+------------------------------------+
| name | published_date | title |
+---------------+---------------------------+------------------------------------+
| CVE-2022-0001 | 2022-03-11T13:15:00-05:00 | hw: cpu: intel: Branch History In… |
| CVE-2022-0002 | 2022-03-11T13:15:00-05:00 | hw: cpu: intel: Intra-Mode BTI … |
| CVE-2022-0005 | 2022-05-12T13:15:00-04:00 | hw: cpu: information disclosure v… |
| CVE-2022-0070 | 2022-04-19T19:15:00-04:00 | <null> |
| CVE-2022-0079 | 2022-01-02T22:15:00-05:00 | showdoc is vulnerable to Generati… |
| CVE-2022-0080 | 2022-01-02T07:15:00-05:00 | mruby is vulnerable to Heap-based… |
+---------------+---------------------------+------------------------------------+

Documentation

Get started

Install

Download and install the latest Trivy plugin:

steampipe plugin install trivy

Configuration

Installing the latest trivy plugin will create a config file (~/.steampipe/config/trivy.spc) with a single connection named trivy:

connection "trivy" {
plugin = "trivy"
# Container images to scan by default
images = [ "turbot/steampipe", "ubuntu:latest" ]
# File system paths to scan by default. Must be a full path.
paths = [ "/your/code", "/more/of/your/code" ]
}

Postgres FDW

This plugin is available as a native Postgres FDW. Unlike Steampipe CLI, which ships with an embedded Postgres server instance, the Postgres FDW can be installed in any supported Postgres database version.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_postgres_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/postgres.sh)" -- trivy

The installer will prompt you for the plugin name and version, download and install the appropriate files for your OS, system architecture, and Postgres version.

To configure the Postgres FDW, you will create an extension, foreign server, and schema and import the foreign schema.

CREATE EXTENSION IF NOT EXISTS steampipe_postgres_trivy;
CREATE SERVER steampipe_trivy FOREIGN DATA WRAPPER steampipe_postgres_trivy OPTIONS (config '<your_config>');
CREATE SCHEMA trivy;
IMPORT FOREIGN SCHEMA trivy FROM SERVER steampipe_trivy INTO trivy;

SQLite Extension

This plugin is available as a SQLite Extension, making the tables available as SQLite virtual tables.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_sqlite_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/sqlite.sh)" -- trivy

The installer will prompt you for the plugin name, version, and destination directory. It will then determine the OS and system architecture, and it will download and install the appropriate package.

To configure the SQLite extension, load the extension module and then run the steampipe_configure_trivy function to configure it with plugin-specific options.

$ sqlite3
sqlite> .load ./steampipe_sqlite_extension_trivy.so
sqlite> select steampipe_configure_trivy('<your_config>');

Export

This plugin is available as a standalone Export CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- trivy

You can pass the configuration to the command with the --config argument:

steampipe_export_trivy --config '<your_config>' <table_name>