TABLE OF CONTENTS

Introduction

This document helps to understand how to review the available Aqua supply chain Trivy plugin "aqua" and how to install specific version as required in case needed.


Please note that  it is always recommended to use latest version of "aqua" plugin unless its specifically required.


Applicability

This KB article is specifically applicable for the SaaS supply chain module scans where Aqua Trivy is run in enterprise mode


Steps/Procedure



How to get to know the available version details of "aqua" plugin?


Trivy plugin "aqua' enables the trivy to run in commercial/enterprise mode that helps the trivy scanners to work in more efficient way and connect with aqua console to enforce policies defined in Aqua Supply Chain console. 


To have the plugin installed when the trivy scanner is initiated, its required to define the plugin name as value to the environment variable "TRIVY_RUN_AS_PLUGIN". To install the aqua plugin its defined as TRIVY_RUN_AS_PLUGIN=aqua.

By default,  this will install the latest version of the plugin. 


The available version/tags of 'aqua' trivy plugin is available here



How to view the current installed aqua plugin version if already installed 


To know about the version of plugin currently installed, may trigger below command


# trivy plugin list #--List all installed plugin

# trivy plugin info aqua #--Get information on the aqua plugin installed

Install specific version of aqua plugin


Method-A


When using the environment variable "TRIVY_RUN_AS_PLUGIN=aqua", 


In this case, specifying the version details at the end by prefixing "@" symbol before the version as below example


export TRIVY_RUN_AS_PLUGIN=aqua@v0.178.9

Setting the above environment variable and running the Trivy binary will force the specific version to be downloaded and used for the scanning


Method-B


are If in case customers need to make sure the plugins downloaded before the trivy binary executes the scan, this can be achieved with the below method

 

# trivy plugin install aqua@v0.178.8

OR

# trivy plugin install github.com/aquasecurity/trivy-plugin-aqua.git?ref=v0.200.0

===
Verification
# trivy plugin list
Installed Plugins:
  Name:    aqua
  Version: v0.200.0


Additional Resources


[1] https://github.com/aquasecurity/trivy-plugin-aqua/tags

[2] https://github.com/aquasecurity/trivy/releases

[3] htps://github.com/aquasecurity/trivy-plugin-aqua/releases

[4] https://github.com/aquasecurity/trivy

image