Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/fluent-ci-templates/trivy-pipeline
A ready-to-use CI/CD Pipeline for scanning vulnerabilities using Trivy.
https://github.com/fluent-ci-templates/trivy-pipeline
cicd dagger deno pipeline trivy-scan typescript
Last synced: about 1 month ago
JSON representation
A ready-to-use CI/CD Pipeline for scanning vulnerabilities using Trivy.
- Host: GitHub
- URL: https://github.com/fluent-ci-templates/trivy-pipeline
- Owner: fluent-ci-templates
- License: mit
- Created: 2023-09-22T19:21:49.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2024-03-09T13:39:43.000Z (10 months ago)
- Last Synced: 2024-03-09T14:39:18.358Z (10 months ago)
- Topics: cicd, dagger, deno, pipeline, trivy-scan, typescript
- Language: TypeScript
- Homepage:
- Size: 213 KB
- Stars: 1
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
Awesome Lists containing this project
README
# Trivy Pipeline
[![fluentci pipeline](https://shield.fluentci.io/x/trivy_pipeline)](https://pkg.fluentci.io/trivy_pipeline)
![deno compatibility](https://shield.deno.dev/deno/^1.41)
[![dagger-min-version](https://shield.fluentci.io/dagger/v0.11.7)](https://dagger.io)
[![](https://jsr.io/badges/@fluentci/trivy)](https://jsr.io/@fluentci/trivy)
[![](https://img.shields.io/codecov/c/gh/fluent-ci-templates/trivy-pipeline)](https://codecov.io/gh/fluent-ci-templates/trivy-pipeline)
[![ci](https://github.com/fluent-ci-templates/trivy-pipeline/actions/workflows/ci.yml/badge.svg)](https://github.com/fluent-ci-templates/trivy-pipeline/actions/workflows/ci.yml)A ready-to-use CI/CD Pipeline for scanning vulnerabilities using [Trivy](https://trivy.dev/).
## 🚀 Usage
Run the following command:
```bash
fluentci run trivy_pipeline
```Or, if you want to use it as a template:
```bash
fluentci init -t trivy
```This will create a `.fluentci` folder in your project.
Now you can run the pipeline with:
```bash
fluentci run .
```## 🧩 Dagger Module
Use as a [Dagger](https://dagger.io) Module:
```bash
dagger install github.com/fluent-ci-templates/trivy-pipeline@main
```Call a function from the module:
```bash
dagger call config --src . --exit-code 0
dagger call image --src . --exit-code 0 --image hashicorp/terraform:1.6
```## 🛠️ Environment variables
| Variable | Description |
| ----------------------- | ------------------------------------------------------------------- |
| TRIVY_IMAGE | The image to scan |
| TRIVY_SBOM_PATH | The path to the software bill of materials |
| TRIVY_EXIT_CODE | Specify exit code when any security issues are found. Defaults to 0 |## ✨ Jobs
| Job | Description |
| -------- | --------------------------------------------- |
| config | Scan configuration files |
| fs | Scan a local filesystem |
| repo | Scan a repository |
| image | Scan a container image |
| sbom | Scan a software bill of materials |```typescript
config(
src: Directory | string,
exitCode?: number,
format?: string,
outputFile?: string
): Promisefs(
src: Directory | string,
exitCode?: number,
format?: string,
outputFile?: string
): Promiserepo(
src: Directory | string,
exitCode?: number,
repoUrl?: string,
format?: string,
outputFile?: string
): Promiseimage(
src: Directory | string,
exitCode?: number,
image?: string,
format?: string,
outputFile?: string
): Promise```
## 👨💻 Programmatic usage
You can also use this pipeline programmatically:
```ts
import { fs } from "jsr:@fluentci/trivy";await fs(".");
```