github – Arvind Raja | The Digital Trace

Introduction

Ensuring security in containerized applications is a critical aspect of modern DevOps workflows. To enhance security and streamline vulnerability detection, I integrated Trivy into my GitHub repository, enabling automated security scanning within the CI/CD pipeline.

Objective

To automate vulnerability scanning for container images using Trivy within GitHub Actions, ensuring secure deployments with minimal manual intervention.

Step 1: Install Trivy v0.18.3

Run the following commands to download and install Trivy v0.18.3:

# Update package lists
sudo apt update

# Download Trivy v0.18.3 .deb package
wget https://github.com/aquasecurity/trivy/releases/download/v0.18.3/trivy_0.18.3_Linux-64bit.deb

# Install Trivy using dpkg
sudo dpkg -i trivy_0.18.3_Linux-64bit.deb

# Verify installation
trivy --version

Step 2: Create a GitHub Actions Workflow for Automated Scanning

To integrate Trivy into your GitHub repository (trivy-security-scan), create a workflow file.

Create the Workflow Directory and File

mkdir -p .github/workflows
nano .github/workflows/trivy-scan.yml

Add the Following Content

name: Trivy Security Scan

on:
  push:
    branches:
      - main
  pull_request:
    branches:
      - main

jobs:
  trivy-scan:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout Repository
        uses: actions/checkout@v4

      - name: Install Trivy v0.18.3
        run: |
          sudo apt update
          wget https://github.com/aquasecurity/trivy/releases/download/v0.18.3/trivy_0.18.3_Linux-64bit.deb
          sudo dpkg -i trivy_0.18.3_Linux-64bit.deb

      - name: Run Trivy Image Scan
        run: |
          trivy image alpine:latest > trivy-report.txt
          cat trivy-report.txt

      - name: Upload Scan Report
        uses: actions/upload-artifact@v4
        with:
          name: security-report
          path: trivy-report.txt

Click Here to Copy YAML

Step 3: Commit and Push the Workflow

git add .github/workflows/trivy-scan.yml
git commit -m "Added Trivy v0.18.3 security scan workflow"
git push origin main

Step 4: Verify GitHub Actions Workflow

Open your GitHub repository: https://github.com/ArvindRaja45/trivy-security-scan.
Click on the “Actions” tab.
Ensure the “Trivy Security Scan” workflow runs successfully.
Check the trivy-report.txt under Artifacts in GitHub Actions.

Final Outcome

Trivy v0.18.3 is installed using .deb package.
GitHub Actions will run Trivy security scans on Docker images.
Vulnerability reports are uploaded as artifacts for review.

Why This Matters?

By integrating security checks early in the CI/CD pipeline, we reduce risks and avoid last-minute surprises in production!

Security isn’t a one-time process—it’s a culture! How are you integrating security in your DevOps workflow? Let’s discuss in the comments!

skills

AppArmor, ArgoCD, Audit Logs, Azure, Bash Scripting, Bitbucket, CI/CD Pipelines, Cilium, ConfigMaps, Containerd, Docker, Falco, Git, GitHub, GitLab, GitLab CI, GitHub Actions, Grafana, Helm, Image Policy Webhooks, Infisical, Kubernetes, Kubesec, Kustomize, Linkerd, Linux, Loki, Longhorn, MongoDB, Multitasking, Network Policies, OPA, Pod Security Standards, Problem Solving, Prometheus, Python, RBAC, Rook & Ceph, Runtime Classes, Seccomp, Secrets, Shell Scripting, System Analysis, System Monitoring, Tekton, Terraform, Trivy.

Blog Posts

Kubernetes: The Cornerstone of Modern Container Orchestration
Introduction In today’s fast-paced world of cloud-native technologies, Kubernetes has become synonymous with container orchestration. Initially developed by Google and now maintained by the Cloud Native Computing Foundation (CNCF), Kubernetes is an open-source platform designed to automate the deployment, scaling, … Continue reading "Kubernetes: The Cornerstone of Modern Container Orchestration"
Setting Up a Secure Multi-tenant Kubernetes Cluster in Minikube
Introduction In Kubernetes, multi-tenancy enables multiple teams or projects to share the same cluster while maintaining isolation and security. However, ensuring proper access control and preventing resource conflicts is a challenge. This guide walks you through setting up a secure … Continue reading "Setting Up a Secure Multi-tenant Kubernetes Cluster in Minikube"
Implementing Pod Security Standards in Kubernetes: A Practical Guide
Introduction Securing Kubernetes workloads is critical to prevent security breaches and container escapes. Kubernetes Pod Security Standards (PSS) provide a framework for defining and enforcing security settings for Pods at different levels—Privileged, Baseline, and Restricted. In this guide, you’ll learn … Continue reading "Implementing Pod Security Standards in Kubernetes: A Practical Guide"
Automating Container Security Scans with Trivy in GitHub Actions
Introduction Ensuring security in containerized applications is a critical aspect of modern DevOps workflows. To enhance security and streamline vulnerability detection, I integrated Trivy into my GitHub repository, enabling automated security scanning within the CI/CD pipeline. Objective To automate vulnerability … Continue reading "Automating Container Security Scans with Trivy in GitHub Actions"
Mastering Kubernetes Network Security with NetworkPolicies
Introduction Did you know? By default, every pod in Kubernetes can talk to any other pod—leading to unrestricted internal communication and potential security risks. This is a major concern in production environments where microservices demand strict access controls. So, how … Continue reading "Mastering Kubernetes Network Security with NetworkPolicies"