Go to file
fl0pp5 6d77ab7839
Some checks are pending
Trivy DB / Build DB (push) Has started running
migrate to ALT workflow
2024-05-28 16:02:25 +03:00
.github migrate to ALT workflow 2024-05-28 16:02:25 +03:00
cmd/trivy-db BREAKING: bump schema version to v2 (#168) 2022-01-04 21:49:14 +02:00
pkg feat: add ALT Linux support 2024-04-01 17:17:37 +03:00
.gitignore feat: add k8s vulns (#332) 2023-10-05 17:12:11 +03:00
.golangci.yml chore: enable more linters (#356) 2023-09-21 14:56:30 +03:00
Dockerfile chore: bump up Go to 1.17 (#166) 2021-12-22 14:09:43 +02:00
go.mod chore(deps): bump go.etcd.io/bbolt from 1.3.8 to 1.3.9 (#387) 2024-03-04 17:22:05 +04:00
go.sum chore(deps): bump go.etcd.io/bbolt from 1.3.8 to 1.3.9 (#387) 2024-03-04 17:22:05 +04:00
LICENSE Change license to Apache 2.0 2020-03-11 18:17:03 +00:00
Makefile migrate to ALT workflow 2024-05-28 16:02:25 +03:00
NOTICE Change license to Apache 2.0 2020-03-11 18:17:03 +00:00
README.md chore(docs): remove upload command (#311) 2023-05-17 11:35:39 +03:00

trivy-db

Build DB GitHub Release Downloads Go Report Card Go Doc License

Overview

trivy-db is a CLI tool and a library to manipulate Trivy DB.

Library

Trivy uses trivy-db internally to manipulate vulnerability DB. This DB has vulnerability information from NVD, Red Hat, Debian, etc.

CLI

The trivy-db CLI tool builds vulnerability DBs. A GitHub Actions workflow periodically builds a fresh version of the vulnerability DB using trivy-db and uploads it to the GitHub Container Registry (see Download the vulnerability database below).

NAME:
   trivy-db - Trivy DB builder

USAGE:
   main [global options] command [command options] image_name

VERSION:
   0.0.1

COMMANDS:
     build    build a database file
     help, h  Shows a list of commands or help for one command

GLOBAL OPTIONS:
   --help, -h     show help
   --version, -v  print the version

Building the DB

You can utilize make db-all to build the database, the DB artifact is outputted to the assets folder.

Alternatively Docker is supported, you can run docker build . -t trivy-db.

If you want to build a trivy integration test DB, please run make create-test-db

Update interval

Every 6 hours

Download the vulnerability database

version 1 (deprecated)

Trivy DB v1 reached the end of support on February 2023. Please upgrade Trivy to v0.23.0 or later.

Read more about the Trivy DB v1 deprecation in the discussion.

version 2

Trivy DB v2 is hosted on GHCR. Although GitHub displays the docker pull command by default, please note that it cannot be downloaded using docker pull as it is not a container image.

You can download the actual compiled database via Trivy or Oras CLI.

Trivy:

TRIVY_TEMP_DIR=$(mktemp -d)
trivy --cache-dir $TRIVY_TEMP_DIR image --download-db-only
tar -cf ./db.tar.gz -C $TRIVY_TEMP_DIR/db metadata.json trivy.db
rm -rf $TRIVY_TEMP_DIR

oras >= v0.13.0:

$ oras pull ghcr.io/aquasecurity/trivy-db:2

oras < v0.13.0:

$ oras pull -a ghcr.io/aquasecurity/trivy-db:2

The database can be used for Air-Gapped Environment.