Overview

Skill Level: Any Skill Level

Recipe explains about the following.

1. How to integrate trivy in Jenkins
2. How to integrate trivy in Tekton

Ingredients

Note:

The full content of the recipe is available in GIT at the below location.

https://github.com/GandhiCloudLab/devsecops-with-trivy

The snapshots only given in this recipe here.

Step-by-step

  1. Introduction

    DevSecOps ensures the security by doing Vulnerability scanning on the container images. There are several tools available for image scanning.

    Trivy is a Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI.

    The more information on Trivy is available in https://github.com/aquasecurity/trivy

    In this article, we will see, how to implement trivy in Jenkins and Tekton pipelines.

  2. Integrating Trivy in jenkins

    The CICD process contains several steps. There could be a step called Build Image that will build a image and Push the image to the image registry.

    01-jenkins-pipeline

    Need to split the step into 3 steps.

    Build Image
    Trivy Scan
    Push Image

    Here is the modified pipeline.

    02-jenkins-pipeline-with-trivy

     

    You can see more information in

    https://github.com/GandhiCloudLab/devsecops-with-trivy/#1-Integrating-Trivy-in-Jenkins

  3. Integrating Trivy in Tekton

    The CICD process contains several steps. There could be a step called Build that will build a image and Push the image to the image registry.

    05-tekton-pipeline

    Need to split the step into 3 steps.

    build
    image-scan
    push

    Here is the modified pipeline.

    06-tekton-pipeline-with-trivy

     

    You can see more information in

    https://github.com/GandhiCloudLab/devsecops-with-trivy/#2-Integrating-Trivy-in-Tekton

     

     

Join The Discussion