Session
Azure Container Registry with Aquasec Trivy and Azure DevOps
In this Session, I demonstrate how to Scan Docker Images in Azure Container Registry with Aquasec Trivy using Azure DevOps Pipelines.
The Low, Medium, High and Critical CVEs (Common Vulnerabilities and Exposures) scan report are stored in Storage Account with Date time Stamp. If for some reasons, Application team accepts the risk and wants to skip the Low and Medium Vulnerabilities from the Scan report, all we have to do is list the respective CVEs in the .trivyignore file and run the pipeline again to scan. The listed CVEs will no longer be in the Scan Report.
For more details, please refer my blog:-
- https://dev.to/arindam0310018/devops-acr-trivy-1o05
Arindam Mitra
Microsoft MVP in Developer Technologies | Azure Cloud Solutions & DevOps Architect | Technical Blogger | Speaker | Traveler | Citizen of the World
Zürich, Switzerland
Links
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top