Session

Azure Container Registry with Aquasec Trivy and Azure DevOps

In this Session, I demonstrate how to Scan Docker Images in Azure Container Registry with Aquasec Trivy using Azure DevOps Pipelines.

The Low, Medium, High and Critical CVEs (Common Vulnerabilities and Exposures) scan report are stored in Storage Account with Date time Stamp. If for some reasons, Application team accepts the risk and wants to skip the Low and Medium Vulnerabilities from the Scan report, all we have to do is list the respective CVEs in the .trivyignore file and run the pipeline again to scan. The listed CVEs will no longer be in the Scan Report.

For more details, please refer my blog:-
- https://dev.to/arindam0310018/devops-acr-trivy-1o05

Arindam Mitra

2 x Microsoft MVP, Sessionize Active Speaker 2023, Cloud Services Lead, Blogger ✍️, Public Speaker 🔊, Jogger 🏃‍♂️, Hiking 🥾, Traveler, Citizen of the 🌎

Zürich, Switzerland

Actions

Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.

Jump to top