Trivy
Trivy is a linter for Security.
You can enable the Trivy linter with:
trunk check enable trivy

Auto Enabling
Trivy will be auto-enabled if any of its config files are present: trivy.yaml
, .trivyignore
, .trivyignore.yaml
.
Settings
Trivy supports the following config files:
trivy.yaml
.trivyignore
.trivyignore.yaml
trivy-secret.yaml
You can move these files to .trunk/configs
and trunk check
will still find them. See Moving Linters for more info.
Usage Notes
Trivy has the following subcommands:
config
Runs
trivy config
(docs) )to scan for misconfigurations in infrastructure-as-code files. Enabled by defaultfx-vuln
Runs
trivy fs --scanners vuln
(docs) to scan for security vulnerabilities. Disabled by default.fs-secret
Runs
trivy fs --scanners secret
(docs) to scan for secrets. Disabled by default.
To enable/disable these, add the subcommands you want enabled in your .trunk/trunk.yaml
as such:
lint:
enabled:
- [email protected]:
commands: [config, fs-vuln]
Links
Trivy Trunk Code Quality integration source
Trunk Code Quality's open source plugins repo
Last updated