Views:
Trend Micro Artifact Scanner (TMAS) can be integrated into your continuous integration (CI) or continuous delivery (CD) pipeline.
For example, Jenkins projects can automatically build, test, and push Docker images to a Docker registry. Once pushed, the image may be instantly available to run in an orchestration environment. If open source vulnerabilities exist in the image, then they are a risk when the image is run. Since images are intended to be immutable, images should be scanned before they're deployed to a cluster.
Examples of artifacts that TMAS can scan include:
  • Container Images
  • Binary Files
  • Directories with source code
  • OCI Archives

Use GitHub action to install TMAS

The TMAS GitHub action uses automated CI/CD integration to run scans in every pull request or push to enforce policies directly in the pipeline.
The TMAS GitHub action includes the following functionality:
  • Runs scans on GitHub repository source code as well as container images and build artifacts.
  • Automatically posts pull request comments with scan results and detailed logging.
  • Installs the specified TMAS CLI version on the GitHub runner and executes scans on a chosen artifact.
  • Automatically updates to the latest TMAS version.
  • Add Code Security policies to enforce policy standards, like allowing or blocking pull request merges that meet particular parameters. Learn more.
    Note
    Note
    Policy enforcement is only supported for Code Security deployments.
Learn more about using the TMAS GitHub action.

Manually install TMAS

TMAS scans artifacts inside your CI/CD pipelines. You can install the Trend Micro Artifact Scanner CLI into your CI/CD pipeline to perform scans before artifacts are deployed to production. For vulnerability scans, TMAS takes the artifact that you want to scan and generates a Software Bill of Materials (SBOM). It then uploads the SBOM to Trend Vision One for processing and returns a vulnerability report.
Select your system architecture to download the artifact scanner installer for integration in your CI/CD pipeline. You can check the latest version using metadata.json.
Architecture
Darwin_arm64 (MacOS - Apple Silicon chipset)
Darwin_x86_64 (MacOS - Intel chipset)
Linux_arm64
Linux_i386
Linux_x86_64
Windows_arm64
Windows_i386
Windows_x86_64
Related information