Introductions
Trivy
Trivy has different scanners that look for different security issues, and different targets where it can find those issues.
Targets:
Container Image
Filesystem
Git repository (remote)
Kubernetes cluster or resource
Scanners:
OS packages and software dependencies in use (SBOM)
Known vulnerabilities (CVEs)
IaC misconfigurations
Sensitive information and secrets
Snyk
Snyk is a developer-first cloud-native security tool. It covers multiple areas of application security:
Snyk Open Source: Find and automatically fix open source vulnerabilities
Snyk Code: Find and fix vulnerabilities in your application code in real time
Snyk Container: Find and fix vulnerabilities in container images and Kubernetes applications
Snyk Infrastructure as Code: Find and fix insecure configurations in Terraform and Kubernetes code
Installation
On MacOS using HomeBrew
Trivy | Snyk |
---|---|
brew tap aquasecurity/trivy brew install trivy | brew tap snyk/tap brew install snyk |
Process of usage
Let’s say we wanted to scan the container for the official python image python:3.4-alpine
Trivy | Snyk |
---|---|
trivy image python:3.4-alpine | snyk auth <SNYK_API_TOKEN> snyk container test python:3.4-alpine |
Output Examples
Trivy
Snyk
In addition Snyk also provides UI based analysis for better navigation and visibility when running the monitor command.
Summary
Snyk has alot more 3rd Party integrations than trivy and also has a continuous cloud scanning feature without having to manually run scanning process separately.
Trivy on the other hand was able to detect more vulnerabilities and was very straightforward to use without needing any authentication or limitation as its totally open source.
Attachments:
Screen Shot 2022-11-15 at 1.49.33 PM.png (image/png)
Screen Shot 2022-11-15 at 1.51.13 PM.png (image/png)
Screen Shot 2022-11-15 at 1.51.27 PM.png (image/png)
Screen Shot 2022-11-15 at 1.55.51 PM.png (image/png)
Screen Shot 2022-11-15 at 1.56.02 PM.png (image/png)
Screen Shot 2022-11-15 at 1.55.51 PM.png (image/png)
Screen Shot 2022-11-15 at 1.56.02 PM.png (image/png)