Well, on this subject I like to draw your attention to something called
OpenKAT.
It is being actively developed by the Dutch ministry of Health.
https://github.com/minvws/nl-kat-coordination
It is scanner, but also a temporal database of findings, and a reporting
tool conforming to international security standards.
If you like to play with it, my recent contribution is an Ansible
playbook that installs it all in a VM, this is currently a MR I am
working on.
On 10/26/23 09:16, Werner Heuser via lpi-examdev wrote:
702.3
consider to include trivy security scanner.
Targets:
* Container Image
* Filesystem
* Git Repository (remote)
* Virtual Machine Image
* Kubernetes
* AWS
https://github.com/aquasecurity/trivy
https://www.howtogeek.com/devops/how-to-use-trivy-to-find-vulnerabilities-in-docker-containers/
--
|=| Werner Heuser
|=| gpg: https://keybase.io/wehe00
_______________________________________________
lpi-examdev mailing list
[email protected]
https://list.lpi.org/mailman/listinfo/lpi-examdev
--
Jeroen Baten | EMAIL :[email protected]
____ _ __ | web :www.i2rs.nl
| )|_)(_ | tel : +31 (0)648519096
_|_/_| \__) | Frisolaan 16, 4101 JK, Culemborg, the Netherlands
_______________________________________________
lpi-examdev mailing list
[email protected]
https://list.lpi.org/mailman/listinfo/lpi-examdev
