Trivy
Plugin to find vulnerabilities, misconfigurations, secrets, SBOM and more.
A plugin to find vulnerabilities, misconfigurations, secrets, SBOM and more.
The below pipeline configuration demonstrates simple usage:
pipeline:
scan_vuln:
image: woodpeckerci/plugin-trivy
Settings
Settings Name | Default | Description |
---|---|---|
exit-code |
1 |
if an issue is detected let the step fail |
skip-dirs |
vendor,node_modules |
folders excluded from scan |
dir |
. |
root folder to scan from |
server |
none | use a trivy server, can be a service step or extern |
severity |
none | severities of security issues to be displayed (comma separated) (default "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL") |
db-repository |
ghcr.io/aquasecurity/trivy-db:2 |
specify the OCI registry URL to retrieve the vulnerability database. (e.g. docker.io/aquasec/trivy-db:2 ) |
Advanced settings
Settings Name | Default | Description |
---|---|---|
service |
false |
start trivy in server mode, instead of scanning |
service-port / server-port |
10000 |
the port trivy server will listen to |
server-timeout |
60 |
timeout the scanner waits for an server to be reachable (in seconds) |