Send your Trivy scan results into New Relic Vulnerability Management to unify your security findings in one place. This integration utilizes the security data API's ability to process Trivy findings in SARIF.
Prerequisites
- A New Relic for the account you want to report data to.
Send data to New Relic
To ingest your Trivy scan result files in SARIF into New Relic, utilize the security data API with the X-SCANNER header set to Trivy.
Here's an example curl POST:
$curl --location --request POST 'https://security-api.newrelic.com/security/v1?repository=<https://github.com/MY_GITHUB_USER/MY_TRIVY_REPO>' \> --header 'Api-Key: YOUR_LICENSE_KEY' \> --header 'Content-Type: application/json' \> --header 'X-Scanner: Trivy' \> -d @nameOfSarifFile.jsonTip
Replace <RepositoryUrl> with your integration repository (optional).
Confirm scan import activity
The HTTP response from the POST will include a request uuid and information about the request. For example:
{ "success": false, "errorMessage": null, "uuid": "4740e3c8-dbc4-46e6-a4b2-a7fb6f918d20"}The request guid is included in all vulnerability events which can be queried with NRQL. These events are written in real time as the import job runs. To view the status and output of an import as it runs, use this NRQL query (replacing YOUR_REQUEST_ID with the uuid returned from your HTTP POST):
FROM Log SELECT * WHERE source = 'Trivy' AND requestId = 'YOUR_REQUEST_ID'To see scan results visit Vulnerability Management.