Check out the full write-up on Arindams blog: https://dev.to/arindam0310018/devops-acr-trivy-1o05
These are the slides from this meetup: https://www.meetup.com/de-DE/microsoft-azure-zurich-user-group/events/286652334/
In this session, Arindam demonstrates how to scan docker Images in Azure Container Registry with Aquasec Trivy using Azure DevOps Pipelines.
The low, medium, high and critical CVEs (Common Vulnerabilities and Exposures) scan report are stored in a storage account with datetime stamps. If for some reasons, the application team accepts the risk and wants to skip the low and medium vulnerabilities from the scan report, all we have to do is list the respective CVEs in the .trivyignore file and run the pipeline again to scan. The listed CVEs will no longer be in the scan report.
About Arindam:
Arindam is an Azure Cloud & DevOps Architect, Blogger and Speaker. He likes to call himself an infrastructure geek who is passionate about technology. He travelled across the world working in different roles and currently lives in Switzerland where he is engaged as an Infrastructure and Cloud DevOps Specialist.
Links:
Blog: https://dev.to/arindam0310018
Linkedin: https://www.linkedin.com/in/arindam-mitra-28981095/
Sessionize: https://sessionize.com/arindam0310018/
Twitter: https://twitter.com/arindam0310018
Github: https://github.com/arindam0310018
azurezurich
oracle4engineer
gonkun
shinnosuke_kishida
daikimori
ewolff
lapis2411
lemon
mashiike
yoshiitaka
.png){kind=icon}
3playmarketing
hirosatogamo
jonyablonski
paulrobertlloyd
eileencodes
shpigford
rmw
carmenintech
chriscoyier
colly
jrom
destraynor
hatefulcrawdad
danielanewman