Trivy

Trivy is a linter for Security.

You can enable the Trivy linter with:

trunk check enable trivy

Auto Enabling

Trivy will be auto-enabled if any of its config files are present: trivy.yaml, .trivyignore, .trivyignore.yaml.

Settings

Trivy supports the following config files:

• trivy.yaml

• .trivyignore

• .trivyignore.yaml

• trivy-secret.yaml

You can move these files to .trunk/configs and trunk check will still find them. See Moving Linters for more info.

Usage Notes

Trivy has the following subcommands:

• config

• Runs trivy config (docs) )to scan for misconfigurations in infrastructure-as-code files. Enabled by default

• fx-vuln

• Runs trivy fs --scanners vuln (docs) to scan for security vulnerabilities. Disabled by default.

• fs-secret

• Runs trivy fs --scanners secret (docs) to scan for secrets. Disabled by default.

To enable/disable these, add the subcommands you want enabled in your .trunk/trunk.yaml as such:

lint:
  enabled:
    - trivy@0.45.1:
        commands: [config, fs-vuln]

Links

• Trivy site

• Trivy Trunk Code Quality integration source

• Trunk Code Quality's open source plugins repo