srinivasKandukuri
commented
1 year ago Hi @ktzsolt we already have the Docker desktop extension https://hub.docker.com/r/aquasec/trivy-docker-extension
Closed ktzsolt closed 1 year ago
srinivasKandukuri
commented
1 year ago Hi @ktzsolt we already have the Docker desktop extension https://hub.docker.com/r/aquasec/trivy-docker-extension
ktzsolt
commented
1 year ago hi @srinivasKandukuri I already use it and I like it but it is useful only to scan the built images but not the Dockerfiles and k8s manifests in a local directory (a cloned git repo).
The trivy-vscode-extension is able to scan Dockerfile and k8s manifest but only in WSL2 envrionment as far as I understand because there is no windows binary for trivy. So a solution would be something like to run the trivy binary in a docker container in wsl2 and make it report back to the vscode extension that is running in windows natively.
ktzsolt
commented
1 year ago On second thought, I close this issue because this is a edge case. When I already do Dockerfiles and k8s manifestst that means that the stuff I work on is linux (wsl2) compatible and I don't need to use windows binaries for developing those stuff like .NET (core) or nodejs. So I will just move my .NET core and nodejs dev setup into WSL2 and continue to develop there.
It would be nice to run trivy extension as a docker container with Docker Desktop on Windows. I use WSL2 whenever I can and the extension is working there but for some project WSL2 is not needed or simply can't use for some/many reasons.
Thank you!