Logo

dev-resources.site

for different kinds of informations.

Trivy Vulnerability Scans Adnvanced Filtering

Published at
12/12/2024
Categories
trivy
vulnerabilities
security
opensource
Author
secure_daily
Main Article
https://dev.to/secure_daily/trivy-vulnerability-scans-adnvanced-filtering-em8
Categories
4 categories in total
trivy
open
vulnerabilities
open
security
open
opensource
open
Author
12 person written this
secure_daily
open
Trivy Vulnerability Scans Adnvanced Filtering

Hi there!

It's been a while since I posted anything, but it is all cause of the good reasons. The last 2 years were busy for me both at work and day-to-day.

Anyway, I just wanted to share the cool feature I discovered in Trivy that really sets it apart from all other OSS security scanners. I am talking about the advanced filtering, that is using Open Policy Agent and Rego scripts to make decisions on what should be ignored from the scan results. It is described in details in the Trivy's official documentation, and although it is an experimental feature, it has been around since older version of Trivy.

I want to wrap this short blog post, by sharing a Rego script allowing to filter the CVEs based on the grace period:

package trivy

import data.lib.trivy

default ignore = false

now_ns := time.now_ns()
days_7_ns = 7 * 24 * 60 * 60 * 1000000000
days_30_ns = 30 * 24 * 60 * 60 * 1000000000
days_90_ns = 90 * 24 * 60 * 60 * 1000000000
days_180_ns = 180 * 24 * 60 * 60 * 1000000000


published_date = d {
    d := input.PublishedDate
}

ignore {
    input.Severity == "CRITICAL"
    published_date_ns := time.parse_rfc3339_ns(published_date)
    time_diff_ns = now_ns - published_date_ns
    time_diff_ns < days_7_ns
}

ignore {
    input.Severity == "HIGH"
    published_date_ns := time.parse_rfc3339_ns(published_date)
    time_diff_ns = now_ns - published_date_ns
    time_diff_ns < days_30_ns
}

ignore {
    input.Severity == "MEDIUM"
    published_date_ns := time.parse_rfc3339_ns(published_date)
    time_diff_ns = now_ns - published_date_ns
    time_diff_ns < days_90_ns
}

ignore {
    input.Severity == "LOW"
    published_date_ns := time.parse_rfc3339_ns(published_date)
    time_diff_ns = now_ns - published_date_ns
    time_diff_ns < days_180_ns
}
Enter fullscreen mode Exit fullscreen mode

The following script queries the results of the scans and checks for severity and evaluates against the set grace policy.

It is really exciting to have this capability in the OSS, since normally you would have to pay for premium subscription to get a scanner use advanced filtering in the policies.

vulnerabilities Article's
30 articles in total
Favicon
Introducing vulne-soldier: A Modern AWS EC2 Vulnerability Remediation Tool
Favicon
API Vulnerabilities in Laravel: Identify & Secure Your Endpoints
Favicon
Host Header Injection in Laravel: Risks and Prevention
Favicon
๐ƒ๐ข๐ ๐ฒ๐จ๐ฎ ๐ค๐ง๐จ๐ฐ ๐ญ๐ก๐š๐ญ ๐จ๐ฏ๐ž๐ซ ๐Ÿ•๐Ÿ“% ๐จ๐Ÿ ๐จ๐ฉ๐ž๐ง-๐ฌ๐จ๐ฎ๐ซ๐œ๐ž ๐œ๐จ๐ฆ๐ฉ๐จ๐ง๐ž๐ง๐ญ๐ฌ ๐ข๐ง๐ญ๐ซ๐จ๐๐ฎ๐œ๐ž ๐ก๐ข๐ ๐ก-๐ซ๐ข๐ฌ๐ค ๐ฏ๐ฎ๐ฅ๐ง๐ž๐ซ๐š๐›๐ข๐ฅ๐ข๐ญ๐ข๐ž๐ฌ?
Favicon
AWS Glue vulnerabilities in default packages
Favicon
Path Manipulation in Laravel: Secure Your App from Vulnerabilities
Favicon
DevSecops Tools in CICD Pipeline
Favicon
MitM Attacks in Laravel: Prevention and Coding Examples
Favicon
Zero-Day Vulnerabilities: A Growing Threat to Your digital Safety
Favicon
Weak Password Policies in Laravel: A Security Guide
Favicon
Trivy Vulnerability Scans Adnvanced Filtering
Favicon
Preventing XML External Entity (XXE) Injection in Laravel Applications
Favicon
Remote Code Execution (RCE) in Laravel: Prevention & Example
Favicon
Symlink Vulnerability in ManagedConfiguration Framework A12+ ?!
Favicon
Deus in Machina: Pinging Jesus in the Digital Confessional
Favicon
Fix Security Misconfigurations in Laravel for Safer Web Apps
Favicon
Open Redirects in Laravel: A Critical Guide to Secure Your Application
Favicon
Prevent Sensitive Data Exposure in Laravel: Best Practices
Favicon
Enhance Website Security: Prevent Session Fixation in Laravel
Favicon
How to Test for Security Vulnerabilities Even If Youโ€™re Not a Security Expert
Favicon
Preventing Clickjacking in Laravel Applications
Favicon
Understanding Vulnerabilities, Threats, and Risks: Safeguarding Your Business Reputation
Favicon
Unrestricted File Upload in Laravel: A Guide to Securing Your Application
Favicon
Understanding Vulnerabilities, Threats, and Risks: Safeguarding Your Business Reputation
Favicon
Preventing File Inclusion Vulnerabilities in Laravel Applications
Favicon
Automotive Industry Cyber Security Solutions
Favicon
POC โ€” CVE-2024โ€“10914 Command Injection Vulnerability in `name` parameter for D-Link NAS
Favicon
Preventing SQL Injection (SQLi) in React.js Apps
Favicon
Retail Sector Cyber Security Services
Favicon
Prevent SQL Injection in RESTful APIs: A Comprehensive Guide

Featured ones:

Favicon
Open
abubakersiddique761
Favicon
Open
0x3d_site
Favicon
Open
0x2e_tech
Favicon
Open
0x4c-quest
Favicon
Open
gittech