GITBOOK-478: No subject

whitespots · May 20, 2024 · 722b7f3 · 722b7f3
1 parent db93de4
commit 722b7f3
Show file tree

Hide file tree

Showing 2 changed files with 42 additions and 0 deletions.
diff --git a/...nner-description/image-and-code-dependency-scanners/trivy-vulners.com-plugin.md b/...nner-description/image-and-code-dependency-scanners/trivy-vulners.com-plugin.md
@@ -6,6 +6,10 @@ description: >-
 
 # Trivy vulners.com plugin
 
+**Auditor Job Name**: Vulners Trivy\
+**Auditor image:** registry.gitlab.com/whitespots-public/security-images/trivy:0.46.0\
+**AppSec Portal Importer Name**: Vulners Trivy
+
 Trivy is a versatile security scanning tool designed to identify potential vulnerabilities in both **container images** and **code repositories** (two operating modes). It offers comprehensive coverage of potential security issues, including known vulnerabilities in operating system packages and application dependencies.
 
 Trivy's container scanning capabilities are particularly noteworthy, as it can inspect Docker images for vulnerabilities within OS packages, libraries, and other components. This ensures that containerized applications are built on a secure foundation, minimizing the risk of exploitation through known vulnerabilities.

diff --git a/...portal/scanners/scanner-description/image-and-code-dependency-scanners/trivy.md b/...portal/scanners/scanner-description/image-and-code-dependency-scanners/trivy.md
@@ -6,8 +6,46 @@ description: >-
 
 # Trivy
 
+**Auditor Job Name**: Trivy Code Dependencies, Trivy Image Dependencies\
+**Auditor image:** registry.gitlab.com/whitespots-public/security-images/trivy:0.46.0\
+**AppSec Portal Importer Name**: Trivy Scan
+
 Trivy is a versatile security scanning tool designed to identify potential vulnerabilities in both **container images** and **code repositories** (two operating modes). It offers comprehensive coverage of potential security issues, including known vulnerabilities in operating system packages and application dependencies.
 
 Trivy's container scanning capabilities are particularly noteworthy, as it can inspect Docker images for vulnerabilities within OS packages, libraries, and other components. This ensures that containerized applications are built on a secure foundation, minimizing the risk of exploitation through known vulnerabilities.
 
 In addition to container scanning, Trivy also supports code scanning by examining code repositories for security issues.
+
+#### Curl example
+
+{% code overflow="wrap" %}
+```
+curl -X POST localhost/api/v1/scan/import/ -H "Authorization: Token a75bb26171cf391671e67b128bfc8ae1c779ff7b" -H "Content-Type: multipart/form-data" -F "file=@./trivy-code.json" -F "product_name=Product1" -F "product_type=Application" -F "scanner_name=Trivy Scan" -F "branch=dev" -F "repository=git@gitlab.com:whitespots-public/appsec-portal.git"
+```
+{% endcode %}
+
+{% code overflow="wrap" %}
+```
+curl -X POST localhost/api/v1/scan/import/ -H "Authorization: Token a75bb26171cf391671e67b128bfc8ae1c779ff7b" -H "Content-Type: multipart/form-data" -F "file=@./trivy-image.json" -F "product_name=Product1" -F "product_type=Application" -F "scanner_name=Trivy Scan" -F "branch=dev"  -F "docker_image=registry.gitlab.com/whitespots-public/appsec-portal/back/auto_validator:latest"
+```
+{% endcode %}
+
+In this command, the following parameters are used:
+
+1. `-X POST`: specifies the HTTP method to be used (in this case, POST)
+2. `-H "Authorization: Token <authorization_token>"`: specifies the [**authorization token**](../../importing-reports-from-scanners-to-appsec-portal/#authorization-token) obtained from AppSec Portal.
+3. `-H "Content-Type: multipart/form-data"`: specifies the content type of the request.
+4. `-F "file=@<report_file_path>"`: specifies the **path to the report file** generated by the scanner.
+5. `-F "product_name=<product_name>"`: specifies the **name of the product** being scanned.
+6. `-F "product_type=<product_type>"`: specifies the **type of the product** being scanned.
+7. `-F "scanner_name=<scanner_name>"`: specifies the **name of the scanner** used to generate the report (Trivy Scan)
+8. `-F "branch=<branch_name>"`: (_optional_) specifies the name of the branch in the source code repository (if applicable) This parameter is particularly useful when you want to associate the scan results with a specific branch in your repository. If not provided, the scan will be associated with the default branch
+
+Asset information, if an [auditor ](broken-reference)is used
+
+9. `-F "repository=<repository SSH URL>"`: If your product is **code** in a repository enter the address of your **repository** in a specific format, for example: git@gitlab.com:whitespots-public/appsec-portal.git
+10. &#x20;\-F "docker\_image=\<registry address>": If your product is **image** enter the address of the **registry** where your product is located, for example: registry.gitlab.com/whitespots-public/appsec-portal/back/auto\_validator:latest
+11. \-F "domain=\<domain>": If your product is **web** enter the **domain name** of your product, for example: whitespots.io
+12. \-F "host=\<host>": If your product is **web** enter the **IP address** of your product, for example: 0.0.0.0
+
+**Report example:**