https://github.com/fluent-ci-templates/trivy-pipeline

A ready-to-use CI/CD Pipeline for scanning vulnerabilities using Trivy.
https://github.com/fluent-ci-templates/trivy-pipeline

cicd dagger deno pipeline trivy-scan typescript

Last synced: 2 months ago
JSON representation

A ready-to-use CI/CD Pipeline for scanning vulnerabilities using Trivy.

• Host: GitHub
• URL: https://github.com/fluent-ci-templates/trivy-pipeline
• Owner: fluent-ci-templates
• License: mit
• Created: 2023-09-22T19:21:49.000Z (about 1 year ago)
• Default Branch: main
• Last Pushed: 2024-03-09T13:39:43.000Z (8 months ago)
• Last Synced: 2024-03-09T14:39:18.358Z (8 months ago)
• Topics: cicd, dagger, deno, pipeline, trivy-scan, typescript
• Language: TypeScript
• Homepage:
• Size: 213 KB
• Stars: 1
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • Contributing: CONTRIBUTING.md
  • License: LICENSE
  • Code of conduct: CODE_OF_CONDUCT.md

Awesome Lists containing this project

README

        
# Trivy Pipeline

[![fluentci pipeline](https://shield.fluentci.io/x/trivy_pipeline)](https://pkg.fluentci.io/trivy_pipeline)

![deno compatibility](https://shield.deno.dev/deno/^1.41)

[![dagger-min-version](https://shield.fluentci.io/dagger/v0.11.7)](https://dagger.io)

[![](https://jsr.io/badges/@fluentci/trivy)](https://jsr.io/@fluentci/trivy)

[![](https://img.shields.io/codecov/c/gh/fluent-ci-templates/trivy-pipeline)](https://codecov.io/gh/fluent-ci-templates/trivy-pipeline)

[![ci](https://github.com/fluent-ci-templates/trivy-pipeline/actions/workflows/ci.yml/badge.svg)](https://github.com/fluent-ci-templates/trivy-pipeline/actions/workflows/ci.yml)

A ready-to-use CI/CD Pipeline for scanning vulnerabilities using [Trivy](https://trivy.dev/).

## 🚀 Usage

Run the following command:

```bash

fluentci run trivy_pipeline

```

Or, if you want to use it as a template:

```bash

fluentci init -t trivy

```

This will create a `.fluentci` folder in your project.

Now you can run the pipeline with:

```bash

fluentci run .

```

## 🧩 Dagger Module

Use as a [Dagger](https://dagger.io) Module:

```bash

dagger install github.com/fluent-ci-templates/trivy-pipeline@main

```

Call a function from the module:

```bash

dagger call config --src . --exit-code 0

dagger call image --src . --exit-code 0 --image hashicorp/terraform:1.6

```

## 🛠️ Environment variables

| Variable                | Description                                                         |

| ----------------------- | ------------------------------------------------------------------- |

| TRIVY_IMAGE             | The image to scan                                                   |

| TRIVY_SBOM_PATH         | The path to the software bill of materials                          |

| TRIVY_EXIT_CODE         | Specify exit code when any security issues are found. Defaults to 0 |

## ✨ Jobs

| Job      | Description                                   |

| -------- | --------------------------------------------- |

| config   | Scan configuration files                      |

| fs       | Scan a local filesystem                       |

| repo     | Scan a repository                             |

| image    | Scan a container image                        |

| sbom     | Scan a software bill of materials             |

```typescript

config(

  src: Directory | string,

  exitCode?: number,

  format?: string,

  outputFile?: string

): Promise

fs(

  src: Directory | string,

  exitCode?: number,

  format?: string,

  outputFile?: string

): Promise

repo(

  src: Directory | string,

  exitCode?: number,

  repoUrl?: string,

  format?: string,

  outputFile?: string

): Promise

image(

  src: Directory | string,

  exitCode?: number,

  image?: string,

  format?: string,

  outputFile?: string

): Promise

```

## 👨‍💻 Programmatic usage

You can also use this pipeline programmatically:

```ts

import { fs } from "jsr:@fluentci/trivy";

await fs(".");

```