Скачать или смотреть Secure Your CI/CD: Trivy Image & Filesystem Scans in GitLab Pipelines

Want to integrate Trivy vulnerability scanning directly into your GitLab CI/CD pipeline for both Docker images and local filesystem scans? In this step-by-step tutorial, I’ll walk you through the exact configuration we used — including how to:

✅ Set up Trivy in your GitLab CI/CD pipeline
✅ Scan Docker images for HIGH & CRITICAL vulnerabilities
✅ Perform filesystem (fs) scans for secrets and misconfigurations
✅ Handle custom SSL certificates for private Harbor registries
✅ Generate and export a CycloneDX SBOM for your images
✅ Overcome common x509 errors, dependency issues, and pipeline failures

By the end, you’ll have a fully functional DevSecOps pipeline that scans every commit and merge request — catching vulnerabilities before they hit production.

Timestamps:
0:00 – Intro
0:42 – Why security scanning matters in CI/CD
2:15 – Installing Trivy in GitLab
4:10 – Setting up environment variables
6:00 – Fixing x509 certificate errors
8:25 – Running Docker image scans
10:40 – Filesystem scanning in GitLab
12:15 – Generating CycloneDX SBOM
13:55 – Final working pipeline demo

Resources:
🔗 Trivy Documentation – https://aquasecurity.github.io/trivy/
🔗 GitLab CI/CD Docs – https://docs.gitlab.com/ee/ci/
🔗 CycloneDX – https://cyclonedx.org/

#DevSecOps #Trivy #GitLab #Docker #SBOM #CICD #CloudSecurity #ContainerSecurity #HarborRegistry