Trivy

Trivy Container Scanning integration

This CLI is able to sync asset, scans and vulnerabilities from a folder containing Trivy .json scan files.

• trivy - Import a folder of Trivy .json scan files and sync assets, vulnerabilities and scans to RegScale.

Trivy Processing Workflow

The CLI will process each Trivy .json file and load assets, vulnerabilities and scans to RegScale.

• import_scans - Import Trivy scans and assets to RegScale

Required Parameters

🚧

You cannot use folder_path along with aws-profile, s3-prefix, and s3-bucket. You also cannot use regscale_ssp_id and component_id.

• folder_path - The full folder path where the Trivy .json files are located
• aws-profile - AWS profile to use for S3 acccess Used in conjunction with s3-prefix and s3-bucket
• s3-prefix - Prefix (folder path) within the S3 bucket Used in conjunction with aws-profile and s3-bucket
• s3-bucket - S3 bucket to download scan files from Used in conjunction with aws-profile and s3-prefix
• regscale_ssp_id - The ID number from RegScale of the System Security Plan
• component_id- The ID number from RegScale of the component

Optional Parameters

• scan_date - The date the scan was completed, if not provided it will use today's date
• destination - Directory to download the files to when using the aws & s3 options, if not provided it will use a temporary directory
• file_pattern - File pattern to use when determining which .json files to import

Additional Information:

The CLI provides detailed logging throughout the process to indicate progress and to provide troubleshooting in case of issues.

Example Commands

Import Trivy scans to SSP #16 in RegScale using the files located in the scans folder.

• regscale trivy import_scans --regscale_ssp_id 16 --folder_path /path/to/scans

📘

NOTE: See All Scanner Integrations for information about how this updates Issues/POAMs