github.com/ishita82/trivy-gitaction@v0.0.0-20240206054925-e937cc05f8e3/docs/getting-started/installation.md (about) 1 # Installing Trivy 2 3 In this section you will find an aggregation of the different ways to install Trivy. installations are listed as either "official" or "community". Official integrations are developed by the core Trivy team and supported by it. Community integrations are integrations developed by the community, and collected here for your convenience. For support or questions about community integrations, please contact the original developers. 4 5 ## Install using Package Manager 6 7 ### RHEL/CentOS (Official) 8 9 === "Repository" 10 Add repository setting to `/etc/yum.repos.d`. 11 12 ``` bash 13 RELEASE_VERSION=$(grep -Po '(?<=VERSION_ID=")[0-9]' /etc/os-release) 14 cat << EOF | sudo tee -a /etc/yum.repos.d/trivy.repo 15 [trivy] 16 name=Trivy repository 17 baseurl=https://aquasecurity.github.io/trivy-repo/rpm/releases/$RELEASE_VERSION/\$basearch/ 18 gpgcheck=1 19 enabled=1 20 gpgkey=https://aquasecurity.github.io/trivy-repo/rpm/public.key 21 EOF 22 sudo yum -y update 23 sudo yum -y install trivy 24 ``` 25 26 === "RPM" 27 28 ``` bash 29 rpm -ivh https://github.com/aquasecurity/trivy/releases/download/{{ git.tag }}/trivy_{{ git.tag[1:] }}_Linux-64bit.rpm 30 ``` 31 32 ### Debian/Ubuntu (Official) 33 34 === "Repository" 35 Add repository setting to `/etc/apt/sources.list.d`. 36 37 ``` bash 38 sudo apt-get install wget apt-transport-https gnupg lsb-release 39 wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | gpg --dearmor | sudo tee /usr/share/keyrings/trivy.gpg > /dev/null 40 echo "deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main" | sudo tee -a /etc/apt/sources.list.d/trivy.list 41 sudo apt-get update 42 sudo apt-get install trivy 43 ``` 44 45 === "DEB" 46 47 ``` bash 48 wget https://github.com/aquasecurity/trivy/releases/download/{{ git.tag }}/trivy_{{ git.tag[1:] }}_Linux-64bit.deb 49 sudo dpkg -i trivy_{{ git.tag[1:] }}_Linux-64bit.deb 50 ``` 51 52 ### Homebrew (Official) 53 54 Homebrew for MacOS and Linux. 55 56 ```bash 57 brew install trivy 58 ``` 59 60 ### Arch Linux (Community) 61 62 Arch Linux Package Repository. 63 64 ```bash 65 pacman -S trivy 66 ``` 67 68 References: 69 - <https://archlinux.org/packages/extra/x86_64/trivy/> 70 - <https://gitlab.archlinux.org/archlinux/packaging/packages/trivy/-/blob/main/PKGBUILD> 71 72 73 ### MacPorts (Community) 74 75 [MacPorts](https://www.macports.org) for MacOS. 76 77 ```bash 78 sudo port install trivy 79 ``` 80 81 References: 82 - <https://ports.macports.org/port/trivy/details/> 83 84 ### Nix/NixOS (Community) 85 86 Nix package manager for Linux and MacOS. 87 88 === "Command line" 89 90 `nix-env --install -A nixpkgs.trivy` 91 92 === "Configuration" 93 94 ```nix 95 # your other config ... 96 environment.systemPackages = with pkgs; [ 97 # your other packages ... 98 trivy 99 ]; 100 ``` 101 102 === "Home Manager" 103 104 ```nix 105 # your other config ... 106 home.packages = with pkgs; [ 107 # your other packages ... 108 trivy 109 ]; 110 ``` 111 112 References: 113 - <https://github.com/NixOS/nixpkgs/blob/master/pkgs/tools/admin/trivy/default.nix> 114 115 ## Install from GitHub Release (Official) 116 117 ### Download Binary 118 119 1. Download the file for your operating system/architecture from [GitHub Release assets](https://github.com/aquasecurity/trivy/releases/tag/{{ git.tag }}) (`curl -LO https://url.to/trivy.tar.gz`). 120 2. Unpack the downloaded archive (`tar -xzf ./trivy.tar.gz`). 121 3. Put the binary somewhere in your `$PATH` (e.g `mv ./trivy /usr/local/bin/`). 122 4. Make sure the binary has execution bit turned on (`chmod +x ./trivy`). 123 124 ### Install Script 125 126 The process above can be automated by the following script: 127 128 ```bash 129 curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin {{ git.tag }} 130 ``` 131 132 ### Install from source 133 134 ```bash 135 git clone --depth 1 --branch {{ git.tag }} https://github.com/aquasecurity/trivy 136 cd trivy 137 go install ./cmd/trivy 138 ``` 139 140 ## Use container image 141 142 1. Pull Trivy image (`docker pull aquasec/trivy:{{ git.tag[1:] }}`) 143 2. It is advisable to mount a consistent [cache dir](../docs/configuration/cache.md) on the host into the Trivy container. 144 3. For scanning container images with Trivy, mount `docker.sock` from the host into the Trivy container. 145 146 Example: 147 148 ``` bash 149 docker run -v /var/run/docker.sock:/var/run/docker.sock -v $HOME/Library/Caches:/root/.cache/ aquasec/trivy:{{ git.tag[1:] }} image python:3.4-alpine 150 ``` 151 152 | Registry | Repository | Link | Supportability | 153 |--------------------------------------|-------------------------------------|-----------------------------------------------------------------------|----------------| 154 | Docker Hub | `docker.io/aquasec/trivy` | https://hub.docker.com/r/aquasec/trivy | Official | 155 | GitHub Container Registry (GHCR) | `ghcr.io/aquasecurity/trivy` | https://github.com/orgs/aquasecurity/packages/container/package/trivy | Official | 156 | AWS Elastic Container Registry (ECR) | `public.ecr.aws/aquasecurity/trivy` | https://gallery.ecr.aws/aquasecurity/trivy | Official | 157 158 ## Other Tools to use and deploy Trivy 159 160 For additional tools and ways to install and use Trivy in different environments such as in IDE, Kubernetes or CI/CD, see [Ecosystem section](../ecosystem/index.md).