Plugin to find vulnerabilities, misconfigurations, secrets, SBOM and more.
A plugin to find vulnerabilities, misconfigurations, secrets, SBOM and more.
The below pipeline configuration demonstrates simple usage:
pipeline: scan_vuln: image: woodpeckerci/plugin-trivy
||if an issue is detected let the step fail|
||folders excluded from scan|
||root folder to scan from|
||none||use a trivy server, can be a service step or extern|
||none||severities of security issues to be displayed (comma separated) (default "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL")|