| description | title | layout | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Explore our guide on Trivy, the comprehensive vulnerability scanner. Learn about its features, installation, and configuration. |
Trunk | How to run Trivy |
|
Trivy is a linter for Security.
You can enable the Trivy linter with:
trunk check enable trivy
Trivy will be auto-enabled if any of its config files are present: trivy.yaml, .trivyignore, .trivyignore.yaml.
Trivy supports the following config files:
trivy.yaml.trivyignore.trivyignore.yamltrivy-secret.yaml
You can move these files to .trunk/configs and trunk check will still find them. See Moving Linters for more info.
Trivy has the following subcommands:
-
config -
Runs
trivy config(docs) )to scan for misconfigurations in infrastructure-as-code files. Enabled by default -
fx-vuln -
Runs
trivy fs --scanners vuln(docs) to scan for security vulnerabilities. Disabled by default. -
fs-secret -
Runs
trivy fs --scanners secret(docs) to scan for secrets. Disabled by default.
To enable/disable these, add the subcommands you want enabled in your .trunk/trunk.yaml as such:
lint:
enabled:
- [email protected]:
commands: [config, fs-vuln]- Trivy site
- Trivy Trunk Code Quality integration source
- Trunk Code Quality's open source plugins repo