A ready-to-use CI/CD Pipeline for scanning vulnerabilities using Trivy.
Run the following command:
fluentci run trivy_pipeline
Or, if you want to use it as a template:
fluentci init -t trivy
This will create a .fluentci
folder in your project.
Now you can run the pipeline with:
fluentci run .
Use as a Dagger Module:
dagger install github.com/fluent-ci-templates/trivy-pipeline@main
Call a function from the module:
dagger call config --src . --exit-code 0
dagger call image --src . --exit-code 0 --image hashicorp/terraform:1.6
Variable | Description |
---|---|
TRIVY_IMAGE | The image to scan |
TRIVY_SBOM_PATH | The path to the software bill of materials |
TRIVY_EXIT_CODE | Specify exit code when any security issues are found. Defaults to 0 |
Job | Description |
---|---|
config | Scan configuration files |
fs | Scan a local filesystem |
repo | Scan a repository |
image | Scan a container image |
sbom | Scan a software bill of materials |
config(
src: Directory | string,
exitCode?: number,
format?: string,
outputFile?: string
): Promise<string>
fs(
src: Directory | string,
exitCode?: number,
format?: string,
outputFile?: string
): Promise<string>
repo(
src: Directory | string,
exitCode?: number,
repoUrl?: string,
format?: string,
outputFile?: string
): Promise<string>
image(
src: Directory | string,
exitCode?: number,
image?: string,
format?: string,
outputFile?: string
): Promise<string>
You can also use this pipeline programmatically:
import { fs } from "jsr:@fluentci/trivy";
await fs(".");