Implement automated security scanning in CI/CD pipelines. Detect vulnerabilities in container images, dependencies, and code before deployment to production.

Learning Objectives

Scan Docker images for vulnerabilities

Implement dependency scanning for npm/pip/etc

Add code quality and security linting

Set up automated security reporting

Create security gates that block deployments

Step 1

Install Trivy locally

Set up Trivy vulnerability scanner for testing.

Commands to Run

brew install trivy || sudo apt-get install trivy || echo 'Install from: https://aquasecurity.github.io/trivy'

trivy --version

docker pull nginx:latest

trivy image nginx:latest

What This Does

Trivy scans containers for OS and application vulnerabilities. Free, fast, accurate. Works with Docker images, filesystems, Git repos, and more.

Expected Outcome

Trivy installed and working. nginx:latest scan shows vulnerabilities with severity levels (CRITICAL, HIGH, MEDIUM, LOW).

Pro Tips

1
Trivy is free and open source
2
Scans OS packages and language dependencies
3
Regular updates for latest CVE database
4
Works offline after initial DB download
5
Supports multiple output formats

Was this step helpful?

204 — Security Scanning and Vulnerability Management