Welcome to Trivy Discussions!

[lizrice]

👋 Welcome!

We’re using Discussions here on GitHub as a place to connect with other members of our community where we can all

• Ask any questions about Trivy
• Share ideas for integrations and improvements
• Engage with each other while being open-minded and kind

Help us get started! Comment below with an introduction of yourself - we’d love to hear what you think of Trivy and how you’d like to see it develop

[Johannestegner]

Hi! I'm Johannes!

I work mainly with back-end development and operations and I rely a lot on docker and kubernetes, which makes security and especially container & dependency scanning a very high priority for me.
I build a whole lot of docker images, and I use Trivy as my primary container scanning tool (not only, but primary!).

I really enjoy trivy, especially the fact that it does not only scan the container itself but also all potential packages inside of it. The only thing I miss is for it to scan binaries and libraries that is built from source for the container rather than installed via the package manager, something that I've seen (and commented on) issues posted from other users with similar wishes. :)

Great tool and happy to be a part of the userbase/community! :)

[knqyf263]

Hi @Johannestegner, thank you for sharing your wishes! We're also interested in binary scanning. At the moment, we have to add the support of other programming languages like Java and .NET. After that, I believe we can work on binary scanning, though I can't promise when that will be.

[Johannestegner]

Understandable! If I had any idea at all how it would be possible to make in some way, I'd create a pull request, hehe.
Been reading some issues about it where someone mentioned an idea about a manifest file for applications that one build themselves, and that could be something I'd try out someday ;)

Thanks for the program, it's really nice :)

[knqyf263]

Thanks! Any PR on binary scanning is always welcome😉

[Johannestegner]

I created a pull request in the fanal repository which would make it possible to scan "user defined" packages. It's quite simple, and would love a review and possibly pointers to make it good and work as you guys would like it to!

aquasecurity/fanal#137

[knqyf263]

Great! I'll have a look. Thanks.