Skip to main content

Trivy

Trify is a comprehensive and versatile security scanner. Trivy has scanners that look for security issues, and targets where it can find those issues.

🚀 Usage​

Add the following command to your CI configuration file:

# Scan config files for miscongurations
fluentci run --wasm trivy config . --format=table --exit-code=1
# Scan container images for vulnerabilities
fluentci run --wasm trivy image hashicorp/terraform:1.6 --format=table --exit-code=1

Commands​

NameDescription
setupInstall Trivy
configScan config files for miscongurations
imageScan container images for vulnerabilities
fsScan local filesystem
repoScan a git repository
sbomScan SBOM for vulnerabilities and licenses
rootfsScan rootfs

Code examples​

Add fluentci-pdk crate to your Cargo.toml:

[dependencies]
fluentci-pdk = "0.2.1"

Use the following code to call a module function:

use fluentci_pdk::dag;

// ...

dag().call(
"https://pkg.fluentci.io/[email protected]?wasm=1",
"config",
vec!["."],
);

dag().call(
"https://pkg.fluentci.io/[email protected]?wasm=1",
"image",
vec!["hashicorp/terraform:1.6"],
);

CI/CD Integration​

The following example shows how to integrate FluentCI with popular CI providers to scan vulnerabilities using Trivy:

ci.yml
name: ci
on:
push:
branches:
- main
jobs:
tasks:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Setup Fluent CI
uses: fluentci-io/setup-fluentci@v5
with:
wasm: true
plugin: trivy
args: |
config . --format=table --exit-code=1