With unrelenting attacks from malicious hackers on business critical software and infrastructure, the "Shift-left" approach for security testing has gained substantial momentum in the enterprises. The recommended approach for an improved security posture is to test early and test often.
Trivy is an open-source vulnerability scanning tools - or a CLI utility - that can easily integrate into the development inner-loop and in the continuous integration (CI) pipeline. It looks for known vulnerabilities in target operating-system and third-party application dependencies and categorically displays the results.
In this meetup, Faheem, Principal DevOps Architect @ Amobee Inc, will review and demonstrate how Trivy works from the CLI and a Jenkins Pipeline.