Explore our guide on Trivy, the comprehensive vulnerability scanner. Learn about its features, installation, and configuration.
Trivyarrow-up-right is a linter for Security.
You can enable the Trivy linter with:
trunk check enable trivy
Trivy will be auto-enabled if any of its config files are present: trivy.yaml, .trivyignore, .trivyignore.yaml.
trivy.yaml
.trivyignore
.trivyignore.yaml
Trivy supports the following config files:
trivy-secret.yaml
You can move these files to .trunk/configs and trunk check will still find them. See Moving Linters for more info.
.trunk/configs
trunk check
Trivy has the following subcommands:
config
Runs trivy config (docs) arrow-up-right)to scan for misconfigurations in infrastructure-as-code files. Enabled by default
trivy config
fx-vuln
Runs trivy fs --scanners vuln (docsarrow-up-right) to scan for security vulnerabilities. Disabled by default.
trivy fs --scanners vuln
fs-secret
Runs trivy fs --scanners secret (docsarrow-up-right) to scan for secrets. Disabled by default.
trivy fs --scanners secret
To enable/disable these, add the subcommands you want enabled in your .trunk/trunk.yaml as such:
.trunk/trunk.yaml
Trivy sitearrow-up-right
Trivy Trunk Code Quality integration sourcearrow-up-right
Trunk Code Quality's open source plugins repoarrow-up-right
Last updated 1 year ago
lint: enabled: - [email protected]: commands: [config, fs-vuln]
