securecodebox/parser-trivy-sbom
1.1K
OWASP secureCodeBox is an automated and scalable open source solution that can be used to integrate various security vulnerability scanners with a simple and lightweight interface. The secureCodeBox mission is to support DevSecOps Teams to make it easy to automate security vulnerability testing in different scenarios.
With the secureCodeBox we provide a toolchain for continuous scanning of applications to find the low-hanging fruit issues early in the development process and free the resources of the penetration tester to concentrate on the major security issues.
The secureCodeBox project is running on Kubernetes. To install it you need Helm, a package manager for Kubernetes. It is also possible to start the different integrated security vulnerability scanners based on a docker infrastructure.
You can find resources to help you get started on our documentation website including instruction on how to install the secureCodeBox project and guides to help you run your first scans with it.
latest
(represents the latest stable release build)0.59.0
This parser
image is intended to work in combination with the corresponding security scanner docker image to parse the findings
results. For more information details please take a look at the documentation page: https://www.securecodebox.io/docs/scanners/trivy-sbom.
docker pull securecodebox/parser-trivy-sbom
Trivy
(tri
pronounced like trigger, vy
pronounced like envy) is a simple and comprehensive vulnerability scanner for containers and other artifacts.
A software vulnerability is a glitch, flaw, or weakness present in the software or in an Operating System.
Trivy
detects vulnerabilities of OS packages (Alpine, RHEL, CentOS, etc.) and application dependencies (Bundler, Composer, npm, yarn, etc.).
Trivy
is easy to use. Just install the binary, and you're ready to scan. All you need to do for scanning is to specify a target such as an image name of the container.
To learn more about the Trivy scanner itself visit Trivy's GitHub Repository.
This chart uses Trivy's SBOM support to generate Software Bills of Material in CycloneDX format for container images. You can use the Dependency-Track hook to send the generated SBOMs to an instance of Dependency-Track to manage them there.
You are welcome, please join us on... 👋
secureCodeBox is an official OWASP project.
As with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc from the base distribution, along with any direct or indirect dependencies of the primary software being contained).
As for any pre-built image usage, it is the image user's responsibility to ensure that any use of this image complies with any relevant licenses for all software contained within.
docker pull securecodebox/parser-trivy-sbom