Container Security with Trivy

ίϯςφηΩϡϦςΟπʔϧ 5SJWZͷ঺հ ౻ଜڡ߂ʢ೥ʣ

໨࣍ w ࣗݾ঺հ w ҆શͳίϯςφͱ͸ w ίϯςφεΩϟφπʔϧ w 5SJWZͷ঺հ w
5SJWZͷ࢓૊Έʹ͍ͭͯ

ࣗݾ঺հ

౻ଜ ڡ߂ # Trivy/helmͷίϯτϦϏϡʔλ Github: @masahiro331

ࠓճͷ࿩ͷഎܠ ίϯςφΞϓϦέʔγϣϯͷ   ੬ऑੑΛ؅ཧ҆͠શʹ͍ͨ͠

ຊ୊

҆શͳίϯςφͱ͸ʁ

৴པ͞Εͨݸਓஂମ͕อक ҆શͳύοέʔδΛར༻

ίϯςφ಺Ͱར༻͞ΕΔύοέʔδ w 04ύοέʔδ   31.ύοέʔδ EFCύοέʔδ FUD w ΞϓϦέʔγϣϯύοέʔδ  
OQNύοέʔδ HFNύοέʔδ FUD

ίϯςφ಺Ͱར༻͞ΕΔύοέʔδ w 04ύοέʔδ   31.ύοέʔδ EFCύοέʔδ FUD w ΞϓϦέʔγϣϯύοέʔδ  
OQNύοέʔδ HFNύοέʔδ FUD ͜ΕΒͷύοέʔδʹ੬ऑੑ͕ແ͍͔ɺ   ΋͘͠͸Өڹ͠ͳ͍͜ͱ൑அ͢Δඞཁ͕͋Δ

ύοέʔδͷ੬ऑੑΛೝࣝ͢Δඞཁ͕͋Δ ͦͷͨΊʹ͸

ύοέʔδͷ੬ऑੑΛೝࣝ͢Δඞཁ͕͋Δ ίϯςφεΩϟϯπʔϧͰ੬ऑੑͷࣗಈݕ஌ ͦͷͨΊʹ͸

ίϯςφͷεΩϟϯπʔϧҰཡ w 5SJWZ w $MBJS w "ODIPSF&OHJOF w 2VBZ w
.JDSP4DBOOFS w %PDLFS)VC w ($3

ίϯςφεΩϟϯπʔϧͱͯ͠5SJWZΛ࠾༻

5SJWZͱ͸ w LORZGࢯ͕։ൃͨ͠ίϯς φεΩϟϯπʔϧ w ଞͷεΩϟϯπʔϧͱൺֱͯ͠ ಋೖ͕༰қ w ΞϓϦέʔγϣϯύοέʔδͷ ੬ऑੑݕ஌΋Մೳ
w ಠࣗͷํ๏Ͱ"MQJOFͷ੬ऑੑΛ ݕ஌͍ͯ͠ΔͨΊਫ਼౓͕ߴ͍ LORZGࢯ

֤εΩϟϯπʔϧͷݕূ݁Ռ ࢀߟ৘ใIUUQTHJUIVCDPNLORZGUSJWZPWFSWJFX

֤εΩϟϯπʔϧͷݕূ݁Ռ ࢀߟ৘ใIUUQTHJUIVCDPNLORZGUSJWZPWFSWJFX ΞϓϦέʔγϣϯ ύοέʔδ΋ΈΕΔ

5SJWZͷରԠύοέʔδ w (FN fi MFMPDL SVCZ w 1JQ fi
MFMPDL QZUIPO w 1PFUSZMPDL QZUIPO w $PNQPTFSMPDL 1)1 w 1BDLBHFMPDLKTPO KBWBTDSJQU w ZBSOMPDL KBWBTDSJQU w $BSHPMPDL 3VTU

֤εΩϟϯπʔϧͷݕূ݁Ռ ࢀߟ৘ใIUUQTHJUIVCDPNLORZGUSJWZPWFSWJFX ಋೖ͕༰қ

5SJWZͷಋೖ

5SJWZͷ࢖͍ํ

֤εΩϟϯπʔϧͷݕূ݁Ռ ࢀߟ৘ใIUUQTHJUIVCDPNLORZGUSJWZPWFSWJFX ݕ஌ਫ਼౓͕ߴ͍

֤εΩϟϯπʔϧͷݕূ݁Ռ ࢀߟ৘ใIUUQTHJUIVCDPNLORZGUSJWZPWFSWJFX $*্Ͱ࢖͍΍͍͢

5SJWZͷ࢓૊Έʹ͍ͭͯ঺հ

5SJWZͷߏ੒ %PDLFS3FHJTUSZ ᶅ੬ऑੑݕ஌ ੬ऑੑ%# ᶃ੬ऑੑ৘ใͷऔಘ ᶄ%PDLFS-BZFSΛऔಘ͠ *NBHFΛ૊ΈཱͯΔ

੬ऑੑ%# %PDLFS3FHJTUSZ ᶃ੬ऑੑ৘ใͷऔಘ ᶅ੬ऑੑݕ஌ ੬ऑੑ%#ʹ͍ͭͯ ᶄ%PDLFS-BZFSΛऔಘ͠ *NBHFΛ૊ΈཱͯΔ

੬ऑੑ%#ʹ͍ͭͯ w ੬ऑੑ৘ใ͸HJUIVCϦϙδτϦͰ؅ཧ͍ͯ͠Δ w 5SJWZ͸ॳճىಈ࣌ʹ੬ऑੑ৘ใΛDMPOF͢Δ w ࣍ճىಈҎ߱͸HJUͷࠩ෼Ξοϓσʔτ w ϩʔΧϧͷσʔλϕʔεͱͯ͠CCPMU%#Λ࢖༻

ॳճ࣮ߦ࣌ʹHJUIVC͔Β੬ऑੑ৘ใΛऔಘ ੬ऑੑϦϙδτϦ $BDIFWVMOMJTU HJUDMPOF

࣍ճҎ߱͸HJUQVMMͰͷࠩ෼ߋ৽ ੬ऑੑϦϙδτϦ $BDIFWVMOMJTU HJUQVMM

੬ऑੑ৘ใ͸$JSDMF$*Ͱఆظߋ৽ ੬ऑੑϦϙδτϦ $BDIFWVMOMJTU $SPO+PCͰͷߋ৽ ੬ऑੑσʔλιʔε 5SBWJT$*

HJUϦϙδτϦΛܦ༝͢Δཧ༝ w ੬ऑੑσʔλιʔε 3FE)BU4FDVSJUZ%BUB ͳͲ ͷλΠϜΞ΢τ͕ϢʔβʹӨڹ͢ΔͷΛΛ๷͙ͨΊ w ߋ৽σʔλΛࠩ෼Ξοϓσʔτ͢Δ͜ͱ͕Մೳ

%PDLFS*NBHFͷղੳʹ͍ͭͯ

੬ऑੑ%# %PDLFS3FHJTUSZ ᶃ੬ऑੑ৘ใͷऔಘ ᶅ੬ऑੑݕ஌ %PDLFS*NBHFͷղੳʹ͍ͭͯ ᶄ%PDLFS-BZFSΛऔಘ͠ *NBHFΛ૊ΈཱͯΔ

%PDLFS*NBHFͷղੳʹ͍ͭͯ w 5SJWZ͸ҎԼͷεςοϓͰ%PDLFS*NBHFΛղੳ %PDLFS3FHJTUSZ͔Β*NBHF-BZFSΛऔಘ *NBHF-BZFSΛ૊ΈཱͯͯϑΝΠϧΛऔΓग़͢ ੬ऑੑݕ஌ʹඞཁͳϑΝΠϧΛऔಘ ECJOTUBMMFE
(FN fi MFMPDLͳͲ   w "MQJOFʹ͍ͭͯ͸36/ίϚϯυ΋ղੳ͢ΔͨΊελςΟοΫϦ ϯΫ͞ΕͨϥΠϒϥϦͷ੬ऑੑ΋ݕ஌

'30.DPNQPTFSBMQJOF "%%DPNQPTFSMPDLQIQBQQDPNQPTFSMPDL $.%<CJOCBTI> ྫ͑͹͜Μͳ%PDLFS fi MF

*NBHF-BZFSΛऔಘ͢Δ '30.DPNQPTFS "%%DPNQPTFSMPDL 36/CJOCBTI

*NBHF-BZFSΛੵΈॏͶ*NBHFΛ࡞੒ %PDLFS*NBHF '30.DPNQPTFS "%%DPNQPTFSMPDL 36/CJOCBTI

*NBHF͔Βొ࿥ͨ͠ϑΝΠϧΛऔΓग़͢ %PDLFS*NBHF $PNQPTFSMPDL BMQJOFSFMFBTF ECJOTUBMMFE '30.DPNQPTFS "%%DPNQPTFSMPDL 36/CJOCBTI

੬ऑੑ%# %PDLFS3FHJTUSZ ᶃ੬ऑੑ৘ใͷऔಘ ᶅ੬ऑੑݕ஌ ੬ऑੑݕ஌ʹ͍ͭͯ ᶄ%PDLFS-BZFSΛऔಘ͠ *NBHFΛ૊ΈཱͯΔ

(FN fi MFMPDL ΠϯετʔϧࡁΈύοέʔδΛύʔε (&. SFNPUFIUUQTSVCZHFNTPSH TQFDT BDUJPODBCMF
BDUJPOQBDL OJPS d XFCTPDLFUESJWFS BDUJPONBJMFS BDUJPOQBDL BDUJPOWJFX BDUJWFKPC NBJM d SBJMTEPNUFTUJOH d 1JQ fi MFMPDL BNRQ\ IBTIFT< TIBCFC TIBBCD > WFSTJPO ^ BVUPQFQ\ IBTIFT< TIBECC > WFSTJPO ^ $2C[FL,/CH/R6K$S%+LPH71%H 1MJCTTM 7DS "Y@ 4 * 544-TIBSFEMJCSBSJFT 6IUUQTXXXPQFOTTMPSH -0QFO44- PPQFOTTM N5JNP5FSBTUJNPUFSBT!JLJ fi U DCCCCDEDBCCFFFCC %TPMJCDNVTMY@TPTPMJCDSZQUPTP QTPMJCTTMTP SMJCSFTTM 'MJC 3MJCTTMTP B ;24I29.-(31(CR%Q8;/-Y/N#V5 'VTS 'VTSMJC 3MJCTTMTP B ;2KQFZQ)0H.JIXM(1NND ECJOTUBMMFE

੬ऑੑ%#͔Βऔಘͨ͠σʔλͱಥ߹ (FN fi MFMPDL (&. SFNPUFIUUQTSVCZHFNTPSH TQFDT BDUJPODBCMF
BDUJPOQBDL OJPS d XFCTPDLFUESJWFS BDUJPONBJMFS BDUJPOQBDL BDUJPOWJFX 1JQ fi MFMPDL BNRQ\ IBTIFT< TIBCFC TIBBCD > WFSTJPO ^ BVUPQFQ\ $2C[FL,/CH/R6K$S%+LPH71%H 1MJCTTM 7DS "Y@ 4 * 544-TIBSFEMJCSBSJFT 6IUUQTXXXPQFOTTMPSH -0QFO44- PPQFOTTM N5JNP5FSBTUJNPUFSBT!JLJ fi U DCCCCDEDBCCFFFC C %TPMJCDNVTMY@TPTPMJCDSZQUPTP QTPMJCTTMTP SMJCSFTTM 'MJC 3MJCTTMTP ECJOTUBMMFE ੬ऑੑ৘ใ

࠷ޙʹ w 5SJWZ͸γϯϓϧͳ੬ऑੑݕ஌͚ͩΛఏڙ w ͜ͷػೳΛར༻ͯ͠৽ͨͳ%FW4FD0QTπʔ ϧͷ։ൃͳͲ΋ظ଴Ͱ͖Δ w ͜ͷػೳΛར༻ͯ͠LVCFSOFUFT؀ڥͷ੬ऑੑ ݕ஌ΛࣗಈԽ͍ͨ͠

͓ΘΓ

Container Security with Trivy

Container Security with Trivy

More Decks by Masahiro331

Other Decks in Technology

Featured

Transcript