A ready-to-use CI/CD Pipeline for scanning vulnerabilities using Trivy.
Run the following command:
fluentci run trivy_pipelineOr, if you want to use it as a template:
fluentci init -t trivyThis will create a .fluentci folder in your project.
Now you can run the pipeline with:
fluentci run .Use as a Dagger Module:
dagger install github.com/fluent-ci-templates/trivy-pipeline@mainCall a function from the module:
dagger call config --src . --exit-code 0
dagger call image --src . --exit-code 0 --image hashicorp/terraform:1.6| Variable | Description |
|---|---|
| TRIVY_IMAGE | The image to scan |
| TRIVY_SBOM_PATH | The path to the software bill of materials |
| TRIVY_EXIT_CODE | Specify exit code when any security issues are found. Defaults to 0 |
| Job | Description |
|---|---|
| config | Scan configuration files |
| fs | Scan a local filesystem |
| repo | Scan a repository |
| image | Scan a container image |
| sbom | Scan a software bill of materials |
config(
src: Directory | string,
exitCode?: number,
format?: string,
outputFile?: string
): Promise<string>
fs(
src: Directory | string,
exitCode?: number,
format?: string,
outputFile?: string
): Promise<string>
repo(
src: Directory | string,
exitCode?: number,
repoUrl?: string,
format?: string,
outputFile?: string
): Promise<string>
image(
src: Directory | string,
exitCode?: number,
image?: string,
format?: string,
outputFile?: string
): Promise<string>You can also use this pipeline programmatically:
import { fs } from "jsr:@fluentci/trivy";
await fs(".");