I'm interested in adding the trivy container scanner from acquasec as a verifier #2831
-
|
Howdy 🤠 I have used both testinfra and inspec as verifiers for various projects, and they both have their merits. Neither of them really helps to "shift left" in the pipeline ; there are the dev-sec profiles for inspec, yes, but they don't contain up-to-date vulnerability databases. I have always wanted to include build-time container scanning in our pipelines, instead of waiting until after the vulnerability has been included and sent to the registry for a scan. I have had some good experience with trivy from Acqua. I was wondering if it there's interest in including it as a verifier in Molecule? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
You can write your own verified for molecule as a plugin. Take a look at https://github.com/ansible-community/molecule-inspec We are not going to add more verifiers in core, in fact we are likely to sping-off even the testinfra one. Also based on your message I think you are bit confused about the purpose of verifier. You do not need a new verifier in order to use a tool like trivy scanner, just use ansible verifier and call the tool, or any number of tools you want. |
Beta Was this translation helpful? Give feedback.
You can write your own verified for molecule as a plugin. Take a look at https://github.com/ansible-community/molecule-inspec
We are not going to add more verifiers in core, in fact we are likely to sping-off even the testinfra one.
Also based on your message I think you are bit confused about the purpose of verifier. You do not need a new verifier in order to use a tool like trivy scanner, just use ansible verifier and call the tool, or any number of tools you want.