Skip to content

Latest commit

 

History

History
108 lines (80 loc) · 2.91 KB

README.md

File metadata and controls

108 lines (80 loc) · 2.91 KB

Trivy Pipeline

fluentci pipeline deno compatibility dagger-min-version ci

A ready-to-use CI/CD Pipeline for scanning vulnerabilities using Trivy.

🚀 Usage

Run the following command:

fluentci run trivy_pipeline

Or, if you want to use it as a template:

fluentci init -t trivy

This will create a .fluentci folder in your project.

Now you can run the pipeline with:

fluentci run .

🧩 Dagger Module

Use as a Dagger Module:

dagger install github.com/fluent-ci-templates/trivy-pipeline@main

Call a function from the module:

dagger call config --src . --exit-code 0
dagger call image --src . --exit-code 0 --image hashicorp/terraform:1.6

🛠️ Environment variables

Variable Description
TRIVY_IMAGE The image to scan
TRIVY_SBOM_PATH The path to the software bill of materials
TRIVY_EXIT_CODE Specify exit code when any security issues are found. Defaults to 0

✨ Jobs

Job Description
config Scan configuration files
fs Scan a local filesystem
repo Scan a repository
image Scan a container image
sbom Scan a software bill of materials
config(
  src: Directory | string,
  exitCode?: number,
  format?: string,
  outputFile?: string
): Promise<string>

fs(
  src: Directory | string,
  exitCode?: number,
  format?: string,
  outputFile?: string
): Promise<string>

repo(
  src: Directory | string,
  exitCode?: number,
  repoUrl?: string,
  format?: string,
  outputFile?: string
): Promise<string>

image(
  src: Directory | string,
  exitCode?: number,
  image?: string,
  format?: string,
  outputFile?: string
): Promise<string>

👨‍💻 Programmatic usage

You can also use this pipeline programmatically:

import { fs } from "jsr:@fluentci/trivy";

await fs(".");