Scanning Images for Vulnerabilities with Trivy

30 minutes
  • 2 Learning Objectives

About this Hands-on Lab

Software vulnerabilities within containers can create security risks to your Kubernetes environment. This lab will allow you to practice your skills with scanning images using Trivy to determine whether they contain critical vulnerabilities.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Scan the Images with Trivy and Save the Results

Check all of the Pods in the questionablesoft namespace. Scan their images with Trivy and save the results for each scan to files in /home/cloud_user. Give each file the name of the image and the .log extension (e.g., /home/cloud_user/myimage:1.1.0.log).

Note: Trivy is already installed on the control plane node. You do not need to install it yourself.

Delete Pods with Major Vulnerabilities

Delete any Pods that have high- or critical-severity vulnerabilities in their images. You can delete Pods with --force if you wish.

Additional Resources

Your company, SecuriCorp, is using Kubernetes to run several applications. Recently, the company has been working with an external contractor called QuestionableSoft.

The QuestionableSoft developers have deployed a few workloads into the questionablesoft namespace. Scan the images used by all Pods in this namespace with Trivy and save the results, then delete any Pods that have high- or critical-severity vulnerabilities.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?