search
Log inGet a demo

Trivy

Explore our guide on Trivy, the comprehensive vulnerability scanner. Learn about its features, installation, and configuration.

Trivyarrow-up-right is a linter for Security.

You can enable the Trivy linter with:

trunk check enable trivy
trivy example output

hashtag
Auto Enabling

Trivy will be auto-enabled if any of its config files are present: trivy.yaml, .trivyignore, .trivyignore.yaml.

hashtag
Settings

Trivy supports the following config files:

  • trivy.yaml

  • .trivyignore

  • .trivyignore.yaml

  • trivy-secret.yaml

You can move these files to .trunk/configs and trunk check will still find them. See Moving Linters for more info.

hashtag
Usage Notes

Trivy has the following subcommands:

  • config

  • Runs trivy config (docs) arrow-up-right)to scan for misconfigurations in infrastructure-as-code files. Enabled by default

  • fx-vuln

  • Runs trivy fs --scanners vuln (docsarrow-up-right) to scan for security vulnerabilities. Disabled by default.

  • fs-secret

  • Runs trivy fs --scanners secret (docsarrow-up-right) to scan for secrets. Disabled by default.

To enable/disable these, add the subcommands you want enabled in your .trunk/trunk.yaml as such:

hashtag
Links

Last updated

Was this helpful?