This tutorial details
- Scan your container image for vulnerabilities
- Generate an attestation with Cosign
- Trivy CLI installed
- Cosign installed
Scan your container image for vulnerabilities and save the scan result to a scan.json file:
trivy image --ignore-unfixed --format json --output scan.json anaisurlichs/cns-website:0.0.6
- --ignore-unfixed: Ensures that only the vulnerabilities are displayed that have a already a fix available
- --output scan.json: The scan output is scaved to a scan.json file instead of being displayed in the terminal.
Note: Replace the container image with the container image that you would like to scan.
The following command generates an attestation for the vulnerability scan and uploads it to our container image:
cosign attest --replace --predicate scan.json --type vuln anaisurlichs/cns-website:0.0.6
Note: Replace the container image with the container image that you would like to scan.
See here for more details.