-
Notifications
You must be signed in to change notification settings - Fork 1
/
trivy.yaml
31 lines (25 loc) · 952 Bytes
/
trivy.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
# Trivy is a comprehensive security scanner. It can scan container images, filesystems, git
# repositories, SBOMs and Kubernetes clusters (targets) and look for vulnerabilities, IaC
# misconfigurations and exposed sensitive secrets (scanners). It can also generate SBOMs (Software
# Bill Of Materials).
cache-dir: $HOME/.cache/trivy
scan:
skip-dirs:
- kubernetes/users
skip-files:
- terragrunt/modules/prepare-cluster/sealed-secrets.key
- "**/.terragrunt-cache"
- "**/*.secret.yaml"
security-checks:
- vuln
# Trivy scans any container image, filesystem and git repository to detect exposed secrets like
# passwords, api keys, and tokens.
- secret
# Trivy provides built-in policies to detect configuration issues in Docker, Kubernetes,
# Terraform and CloudFormation. Also, you can write your own policies in Rego to scan JSON, YAML,
# etc.
- config
vulnerability:
ignore-unfixed: true
type:
- library