ishenwei/nexus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
eedfafcae292f1e1c4e27e9cbde3a70381176598
nexus/wiki/concepts/Vulnerability-Scanning.md

70 lines
1.6 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# Vulnerability Scanning
## Definition
Vulnerability scanning is the automated process of identifying and cataloging security weaknesses in systems, networks, or applications.
## Concept
漏洞扫描是自动识别和分类系统、网络或应用程序安全弱点的过程。
## Types
### Network Vulnerability Scanning
- 扫描网络设备和配置
- 识别开放端口和服务
- 检测配置弱点
### Web Application Scanning
- 检测 Web 应用漏洞
- 爬取和测试所有页面
- 测试 API 端点
### Container Image Scanning
- 检查镜像中的漏洞
- 分析操作系统包
- 检测应用依赖
### Database Scanning
- 配置审计
- 弱密码检测
- 权限检查
## Tools
- Nessus — 综合漏洞扫描器
- OpenVAS — 开源漏洞扫描
- Qualys — 云端漏洞管理
- Trivy — 容器镜像扫描
- Clair — 容器漏洞分析
## Integration with DevSecOps
### CI/CD Pipeline
```yaml
# 示例Trivy 容器扫描
security_scan:
stage: security
script:
- trivy image myapp:latest
allow_failure: true
```
### Shift-Left Application
- 早期发现漏洞
- 集成到 IDE
- 开发时实时检查
### Shift-Right Application
- 持续监控生产环境
- 定期扫描
- 自动化补丁管理
## Related Concepts
- [[DevSecOps]] — 漏洞扫描是持续安全的重要组成
- [[SAST]] — 代码级漏洞检测
- [[DAST]] — 动态漏洞检测
- [[SCA]] — 依赖漏洞检测
- [[Shift-Left-Security]] — 早期发现
- [[Shift-Right-Security]] — 持续监控
## Sources
- [[what-is-devsecops-best-practices-benefits-and-tools]]
Reference in New Issue View Git Blame Copy Permalink