Build: docker build -t scanner .
Run: docker run -it --rm -v $(HOME)/.cache/:/root/.cache/ -v /var/run/docker.sock:/var/run/docker.sock scanner /scan.sh
FROM aquasec/trivy | |
RUN apk add --no-cache docker-cli | |
ADD scan.sh /scan.sh | |
ENTRYPOINT ["sh"] |
#!/bin/sh | |
for cid in $(docker ps -q); do | |
image=$(docker inspect --format='{{.Config.Image}}' ${cid}) | |
if echo ${image} | grep -q '/'; then | |
echo "-------- Scanning ${image}" | |
trivy -q image -s CRITICAL ${image} | |
fi | |
done |