trivy
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more.
Example (Config)
no available example in current language
// This example showcases how to pass configuration to the Trivy module.
func (m *Examples) Trivy_Config(ctx context.Context) error {
// Initialize Trivy module with custom configuration...
trivy := dag.Trivy(dagger.TrivyOpts{
Config: dag.CurrentModule().Source().File("trivy.yaml"),
})
// ...or pass it directly to the scan
scan := trivy.Image("alpine:latest", dagger.TrivyImageOpts{
Config: dag.CurrentModule().Source().File("trivy.yaml"),
})
// See "Output" example.
return output(ctx, scan)
}
no available example in current language
no available example in current language
Example (Rootfs)
no available example in current language
// This example showcases how to scan a rootfs with Trivy.
func (m *Examples) Trivy_Rootfs(ctx context.Context) error {
// Initialize Trivy module
// See "New" example.
trivy := m.Trivy
// Grab the rootfs of a container
rootfs := dag.Container().From("alpine:latest").Rootfs()
// Scan the rootfs
scan := trivy.Rootfs(rootfs)
// See "Output" example.
return output(ctx, scan)
}
no available example in current language
no available example in current language
Example (Container)
no available example in current language
// This example showcases how to scan a container with Trivy.
func (m *Examples) Trivy_Container(ctx context.Context) error {
// Initialize Trivy module
// See "New" example.
trivy := m.Trivy
// Grab or build a container
container := dag.Container().From("alpine:latest")
// Scan the container
scan := trivy.Container(container)
// See "Output" example.
return output(ctx, scan)
}
no available example in current language
no available example in current language
Example (Filesystem)
no available example in current language
// This example showcases how to scan a filesystem with Trivy.
func (m *Examples) Trivy_Filesystem(ctx context.Context) error {
// Initialize Trivy module
// See "New" example.
trivy := m.Trivy
// Grab a directory
directory := dag.Git("https://github.com/sagikazarmark/daggerverse.git").Head().Tree()
// Scan the filesystem
scan := trivy.Filesystem(directory)
// See "Output" example.
return output(ctx, scan)
}
no available example in current language
no available example in current language
Example (New)
no available example in current language
// This example showcases how to initialize the Trivy module.
func (m *Examples) Trivy_New() {
dag.Trivy(dagger.TrivyOpts{
// Persist cache between runs
Cache: dag.CacheVolume("trivy"),
// Preheat vulnerability database cache
WarmDatabaseCache: true,
})
}
no available example in current language
no available example in current language
Example (Helm)
no available example in current language
// This example showcases how to scan a Helm chart with Trivy.
func (m *Examples) Trivy_Helm(ctx context.Context) error {
// Initialize Trivy module
// See "New" example.
trivy := m.Trivy
// Grab or build a Helm chart package
chart := dag.Helm().Create("foo").Package()
// Scan the Helm chart
scan := trivy.HelmChart(chart.File())
// See "Output" example.
return output(ctx, scan)
}
no available example in current language
no available example in current language
Example (Sbom)
no available example in current language
// This example showcases how to scan an SBOM with Trivy.
func (m *Examples) Trivy_Sbom(ctx context.Context) error {
// Initialize Trivy module
// See "New" example.
trivy := m.Trivy
// Grab an SBOM
//
// Note: Trivy recommends using SBOMs generated by itself.
// See https://aquasecurity.github.io/trivy/latest/docs/target/sbom/ for more details.
sbom := trivy.Container(dag.Container().From("alpine:3.16.0")).
Report(dagger.TrivyReportFormatSpdxJson).
WithName("spdx.json")
// Scan the SBOM
scan := trivy.Sbom(sbom)
// See "Output" example.
return output(ctx, scan)
}
no available example in current language
no available example in current language
Example (Binary)
no available example in current language
// This example showcases how to scan a binary with Trivy.
func (m *Examples) Trivy_Binary(ctx context.Context) error {
// Initialize Trivy module
// See "New" example.
trivy := m.Trivy
// Grab a binary file
binary := dag.Container().From("alpine:latest").File("/usr/bin/env")
// Scan the binary
scan := trivy.Binary(binary)
// See "Output" example.
return output(ctx, scan)
}
no available example in current language
no available example in current language
Example (ImageTarball)
no available example in current language
// This example showcases how to scan an image tarball with Trivy.
func (m *Examples) Trivy_ImageTarball(ctx context.Context) error {
// Initialize Trivy module
// See "New" example.
trivy := m.Trivy
// Scan the image file (using a container here for simplicity, but any image file will do)
scan := trivy.ImageTarball(dag.Container().From("alpine:latest").AsTarball())
// See "Output" example.
return output(ctx, scan)
}
no available example in current language
no available example in current language
Example (Image)
no available example in current language
// This example showcases how to scan an image (pulled from a remote repository) with Trivy.
func (m *Examples) Trivy_Image(ctx context.Context) error {
// Initialize Trivy module
// See "New" example.
trivy := m.Trivy
// Scan the image
scan := trivy.Image("alpine:latest")
// See "Output" example.
return output(ctx, scan)
}
no available example in current language
no available example in current language
Example (Output)
no available example in current language
// This example showcases how to initialize the Trivy module.
func (m *Examples) Trivy_Output(ctx context.Context) error {
// Initialize Trivy module
// See "New" example.
trivy := m.Trivy
// Scan resources
scans := []*dagger.TrivyScan{
trivy.Container(dag.Container().From("alpine:latest")),
trivy.HelmChart(dag.Helm().Create("foo").Package().File()),
}
// Grab the the report output
{
output, err := scans[0].Output(ctx, dagger.TrivyScanOutputOpts{
// This is the default, but you can pass a format to this function as well
Format: dagger.TrivyReportFormatTable,
})
if err != nil {
return err
}
_ = output
}
// Grab the report as a file
{
output, err := scans[1].Report("json").Sync(ctx)
if err != nil {
return err
}
_ = output
}
return nil
}
no available example in current language
no available example in current language
Installation
dagger install github.com/luanmtruong/daggerverse/trivy@96c13b929c636316317f745ff36cda4e4c66f680
Entrypoint
Return Type
Trivy !
Arguments
Name | Type | Default Value | Description |
---|---|---|---|
version | String | - | Version (image tag) to use from the official image repository as a base container. |
container | Container | - | Custom container to use as a base container. Takes precedence over version. |
config | File | - | Trivy configuration file. |
cache | CacheVolume | - | Persist Trivy cache between runs. |
databaseRepository | String | - | OCI repository to retrieve trivy-db from. (default "ghcr.io/aquasecurity/trivy-db:2") |
warmDatabaseCache | Boolean | - | Warm the vulnerability database cache. |
Example
dagger -m github.com/luanmtruong/daggerverse/trivy@96c13b929c636316317f745ff36cda4e4c66f680 call \
func (m *myModule) example() *Trivy {
return dag.
Trivy()
}
@function
def example() -> dag.Trivy:
return (
dag.trivy()
)
@func()
example(): Trivy {
return dag
.trivy()
}
Types
Trivy 🔗
image() 🔗
Scan a container image.
See https://aquasecurity.github.io/trivy/latest/docs/target/container_image/ for more information.
Return Type
Scan !
Arguments
Name | Type | Default Value | Description |
---|---|---|---|
image | String ! | - | Name of the image to scan. |
config | File | - | Trivy configuration file. |
Example
dagger -m github.com/luanmtruong/daggerverse/trivy@96c13b929c636316317f745ff36cda4e4c66f680 call \
image --image string
func (m *myModule) example(image string) *TrivyScan {
return dag.
Trivy().
Image(image)
}
@function
def example(image: str) -> dag.TrivyScan:
return (
dag.trivy()
.image(image)
)
@func()
example(image: string): TrivyScan {
return dag
.trivy()
.image(image)
}
imageTarball() 🔗
Scan a container image tarball.
See https://aquasecurity.github.io/trivy/latest/docs/target/container_image/ for more information.
Return Type
Scan !
Arguments
Name | Type | Default Value | Description |
---|---|---|---|
image | File ! | - | Input file to the image (to use instead of pulling). |
config | File | - | Trivy configuration file. |
Example
dagger -m github.com/luanmtruong/daggerverse/trivy@96c13b929c636316317f745ff36cda4e4c66f680 call \
image-tarball --image file:path
func (m *myModule) example(image *File) *TrivyScan {
return dag.
Trivy().
ImageTarball(image)
}
@function
def example(image: dagger.File) -> dag.TrivyScan:
return (
dag.trivy()
.image_tarball(image)
)
@func()
example(image: File): TrivyScan {
return dag
.trivy()
.imageTarball(image)
}
container() 🔗
Scan a container.
See https://aquasecurity.github.io/trivy/latest/docs/target/container_image/ for more information.
Return Type
Scan !
Arguments
Name | Type | Default Value | Description |
---|---|---|---|
container | Container ! | - | Image container to scan. |
config | File | - | Trivy configuration file. |
Example
dagger -m github.com/luanmtruong/daggerverse/trivy@96c13b929c636316317f745ff36cda4e4c66f680 call \
container --container IMAGE:TAG
func (m *myModule) example(container *Container) *TrivyScan {
return dag.
Trivy().
Container(container)
}
@function
def example(container: dagger.Container) -> dag.TrivyScan:
return (
dag.trivy()
.container(container)
)
@func()
example(container: Container): TrivyScan {
return dag
.trivy()
.container(container)
}
helmChart() 🔗
Scan a Helm chart.
Return Type
Scan !
Arguments
Name | Type | Default Value | Description |
---|---|---|---|
chart | File ! | - | Helm chart package to scan. |
set | [String ! ] | - | Inline values for the Helm chart (equivalent of --set parameter of the helm install command). |
setString | [String ! ] | - | Inline values for the Helm chart (equivalent of --set-string parameter of the helm install command). |
values | [File ! ] | - | Values files for the Helm chart (equivalent of --values parameter of the helm install command). |
kubeVersion | String | - | Kubernetes version used for Capabilities.KubeVersion. |
apiVersions | [String ! ] | - | Available API versions used for Capabilities.APIVersions. |
config | File | - | Trivy configuration file. |
Example
dagger -m github.com/luanmtruong/daggerverse/trivy@96c13b929c636316317f745ff36cda4e4c66f680 call \
helm-chart --chart file:path
func (m *myModule) example(chart *File) *TrivyScan {
return dag.
Trivy().
HelmChart(chart)
}
@function
def example(chart: dagger.File) -> dag.TrivyScan:
return (
dag.trivy()
.helm_chart(chart)
)
@func()
example(chart: File): TrivyScan {
return dag
.trivy()
.helmChart(chart)
}
filesystem() 🔗
Scan a filesystem.
See https://aquasecurity.github.io/trivy/latest/docs/target/filesystem/ for more information.
Return Type
Scan !
Arguments
Name | Type | Default Value | Description |
---|---|---|---|
directory | Directory ! | - | Directory to scan. |
target | String | "." | Subpath within the directory to scan. |
config | File | - | Trivy configuration file. |
Example
dagger -m github.com/luanmtruong/daggerverse/trivy@96c13b929c636316317f745ff36cda4e4c66f680 call \
filesystem --directory DIR_PATH
func (m *myModule) example(directory *Directory) *TrivyScan {
return dag.
Trivy().
Filesystem(directory)
}
@function
def example(directory: dagger.Directory) -> dag.TrivyScan:
return (
dag.trivy()
.filesystem(directory)
)
@func()
example(directory: Directory): TrivyScan {
return dag
.trivy()
.filesystem(directory)
}
rootfs() 🔗
Scan a root filesystem.
See https://aquasecurity.github.io/trivy/latest/docs/target/rootfs/ for more information.
Return Type
Scan !
Arguments
Name | Type | Default Value | Description |
---|---|---|---|
directory | Directory ! | - | Directory to scan. |
target | String | "." | Subpath within the directory to scan. |
config | File | - | Trivy configuration file. |
Example
dagger -m github.com/luanmtruong/daggerverse/trivy@96c13b929c636316317f745ff36cda4e4c66f680 call \
rootfs --directory DIR_PATH
func (m *myModule) example(directory *Directory) *TrivyScan {
return dag.
Trivy().
Rootfs(directory)
}
@function
def example(directory: dagger.Directory) -> dag.TrivyScan:
return (
dag.trivy()
.rootfs(directory)
)
@func()
example(directory: Directory): TrivyScan {
return dag
.trivy()
.rootfs(directory)
}
binary() 🔗
Scan a binary.
This is a convenience method to scan a binary file that normally falls under the rootfs target.
See https://aquasecurity.github.io/trivy/latest/docs/target/rootfs/ for more information.
Return Type
Scan !
Arguments
Name | Type | Default Value | Description |
---|---|---|---|
binary | File ! | - | Binary to scan. |
config | File | - | Trivy configuration file. |
Example
dagger -m github.com/luanmtruong/daggerverse/trivy@96c13b929c636316317f745ff36cda4e4c66f680 call \
binary --binary file:path
func (m *myModule) example(binary *File) *TrivyScan {
return dag.
Trivy().
Binary(binary)
}
@function
def example(binary: dagger.File) -> dag.TrivyScan:
return (
dag.trivy()
.binary(binary)
)
@func()
example(binary: File): TrivyScan {
return dag
.trivy()
.binary(binary)
}
sbom() 🔗
Scan an SBOM.
See https://aquasecurity.github.io/trivy/latest/docs/target/sbom/ for more information.
Return Type
Scan !
Arguments
Name | Type | Default Value | Description |
---|---|---|---|
sbom | File ! | - | SBOM to scan. |
config | File | - | Trivy configuration file. |
Example
dagger -m github.com/luanmtruong/daggerverse/trivy@96c13b929c636316317f745ff36cda4e4c66f680 call \
sbom --sbom file:path
func (m *myModule) example(sbom *File) *TrivyScan {
return dag.
Trivy().
Sbom(sbom)
}
@function
def example(sbom: dagger.File) -> dag.TrivyScan:
return (
dag.trivy()
.sbom(sbom)
)
@func()
example(sbom: File): TrivyScan {
return dag
.trivy()
.sbom(sbom)
}
Scan 🔗
output() 🔗
Get the scan results.
Return Type
String !
Arguments
Name | Type | Default Value | Description |
---|---|---|---|
format | Enum | - | Trivy report format. |
Example
dagger -m github.com/luanmtruong/daggerverse/trivy@96c13b929c636316317f745ff36cda4e4c66f680 call \
sbom --sbom file:path \
output
func (m *myModule) example(ctx context.Context, sbom *File) string {
return dag.
Trivy().
Sbom(sbom).
Output(ctx)
}
@function
async def example(sbom: dagger.File) -> str:
return await (
dag.trivy()
.sbom(sbom)
.output()
)
@func()
async example(sbom: File): Promise<string> {
return dag
.trivy()
.sbom(sbom)
.output()
}
report() 🔗
Get the scan report as a file.
Return Type
File !
Arguments
Name | Type | Default Value | Description |
---|---|---|---|
format | Enum ! | - | Trivy report format. |
Example
dagger -m github.com/luanmtruong/daggerverse/trivy@96c13b929c636316317f745ff36cda4e4c66f680 call \
sbom --sbom file:path \
report
func (m *myModule) example(sbom *File, format ) *File {
return dag.
Trivy().
Sbom(sbom).
Report(format)
}
@function
def example(sbom: dagger.File, format: ) -> dagger.File:
return (
dag.trivy()
.sbom(sbom)
.report(format)
)
@func()
example(sbom: File, format: ): File {
return dag
.trivy()
.sbom(sbom)
.report(format)
}