Skip to content

devsecops.md

Latest commit

 

History

History
36 lines (24 loc) · 773 Bytes

devsecops.md

File metadata and controls

36 lines (24 loc) · 773 Bytes

DevSecOps

trivy

Tool to check vulnerabilities in docker images, git repo, filesystems, etc.

Scan a docker image:

trivy image alpine:latest

Scan a git repository:

trivy repo /opt/my_application/
# or using the trivy docker image:
docker run -v /opt/my_application/:/scan aquasec/trivy repo /scan

DepFuzzer

Tool from Synactiv to check for dependency confusion vulnerabilities in code repositories.

Usage for a python project:

git clone https://github.com/synacktiv/DepFuzzer
cd DepFuzzer
docker build -t depfuzzer:latest .
docker run --rm -it -v /opt/my_application/:/host depfuzzer --provider pypi --path /host