trivy
Installation
Entrypoint
Types
Trivy
Scan
- output()
- report()

trivy

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more.

Example (Container)

no available example in current language

// This example showcases how to scan a container with Trivy.
func (m *Examples) Trivy_Container(ctx context.Context) error {
	// Initialize Trivy module
	// See "New" example.
	trivy := m.Trivy

	// Grab or build a container
	container := dag.Container().From("alpine:latest")

	// Scan the container
	scan := trivy.Container(container)

	// See "Output" example.
	return output(ctx, scan)
}

no available example in current language

no available example in current language

Example (Filesystem)

no available example in current language

// This example showcases how to scan a filesystem with Trivy.
func (m *Examples) Trivy_Filesystem(ctx context.Context) error {
	// Initialize Trivy module
	// See "New" example.
	trivy := m.Trivy

	// Grab a directory
	directory := dag.Git("https://github.com/sagikazarmark/daggerverse.git").Head().Tree()

	// Scan the filesystem
	scan := trivy.Filesystem(directory)

	// See "Output" example.
	return output(ctx, scan)
}

no available example in current language

no available example in current language

Example (New)

no available example in current language

// This example showcases how to initialize the Trivy module.
func (m *Examples) Trivy_New() {
	dag.Trivy(dagger.TrivyOpts{
		// Persist cache between runs
		Cache: dag.CacheVolume("trivy"),

		// Preheat vulnerability database cache
		WarmDatabaseCache: true,
	})
}

no available example in current language

no available example in current language

Example (Helm)

no available example in current language

// This example showcases how to scan a Helm chart with Trivy.
func (m *Examples) Trivy_Helm(ctx context.Context) error {
	// Initialize Trivy module
	// See "New" example.
	trivy := m.Trivy

	// Grab or build a Helm chart package
	chart := dag.Helm().Create("foo").Package()

	// Scan the Helm chart
	scan := trivy.HelmChart(chart.File())

	// See "Output" example.
	return output(ctx, scan)
}

no available example in current language

no available example in current language

Example (Image)

no available example in current language

// This example showcases how to scan an image (pulled from a remote repository) with Trivy.
func (m *Examples) Trivy_Image(ctx context.Context) error {
	// Initialize Trivy module
	// See "New" example.
	trivy := m.Trivy

	// Scan the image
	scan := trivy.Image("alpine:latest")

	// See "Output" example.
	return output(ctx, scan)
}

no available example in current language

no available example in current language

Example (ImageFile)

no available example in current language

// This example showcases how to scan an image archive with Trivy.
func (m *Examples) Trivy_ImageFile(ctx context.Context) error {
	// Initialize Trivy module
	// See "New" example.
	trivy := m.Trivy

	// Scan the image file (using a container here for simplicity, but any image file will do)
	scan := trivy.ImageFile(dag.Container().From("alpine:latest").AsTarball())

	// See "Output" example.
	return output(ctx, scan)
}

no available example in current language

no available example in current language

Example (Sbom)

no available example in current language

// This example showcases how to scan an SBOM with Trivy.
func (m *Examples) Trivy_Sbom(ctx context.Context) error {
	// Initialize Trivy module
	// See "New" example.
	trivy := m.Trivy

	// Grab an SBOM
	//
	// Note: Trivy recommends using SBOMs generated by itself.
	// See https://aquasecurity.github.io/trivy/latest/docs/target/sbom/ for more details.
	sbom := trivy.Container(dag.Container().From("alpine:3.16.0")).
		Report("spdx-json").
		WithName("spdx.json")

	// Scan the SBOM
	scan := trivy.Sbom(sbom)

	// See "Output" example.
	return output(ctx, scan)
}

no available example in current language

no available example in current language

Example (Binary)

no available example in current language

// This example showcases how to scan a binary with Trivy.
func (m *Examples) Trivy_Binary(ctx context.Context) error {
	// Initialize Trivy module
	// See "New" example.
	trivy := m.Trivy

	// Grab a binary file
	binary := dag.Container().From("alpine:latest").File("/usr/bin/env")

	// Scan the binary
	scan := trivy.Binary(binary)

	// See "Output" example.
	return output(ctx, scan)
}

no available example in current language

no available example in current language

Example (Config)

no available example in current language

// This example showcases how to pass configuration to the Trivy module.
func (m *Examples) Trivy_Config(ctx context.Context) error {
	// Initialize Trivy module with custom configuration...
	trivy := dag.Trivy(dagger.TrivyOpts{
		Config: dag.CurrentModule().Source().File("trivy.yaml"),
	})

	// ...or pass it directly to the scan
	scan := trivy.Image("alpine:latest", dagger.TrivyImageOpts{
		Config: dag.CurrentModule().Source().File("trivy.yaml"),
	})

	// See "Output" example.
	return output(ctx, scan)
}

no available example in current language

no available example in current language

Example (Output)

no available example in current language

// This example showcases how to initialize the Trivy module.
func (m *Examples) Trivy_Output(ctx context.Context) error {
	// Initialize Trivy module
	// See "New" example.
	trivy := m.Trivy

	// Scan resources
	scans := []*dagger.TrivyScan{
		trivy.Container(dag.Container().From("alpine:latest")),
		trivy.HelmChart(dag.Helm().Create("foo").Package().File()),
	}

	// Grab the the report output
	{
		output, err := scans[0].Output(ctx, dagger.TrivyScanOutputOpts{
			// This is the default, but you can pass a format to this function as well
			Format: "table",
		})
		if err != nil {
			return err
		}

		_ = output
	}

	// Grab the report as a file
	{
		output, err := scans[1].Report("json").Sync(ctx)
		if err != nil {
			return err
		}

		_ = output
	}

	return nil
}

no available example in current language

no available example in current language

Example (Rootfs)

no available example in current language

// This example showcases how to scan a rootfs with Trivy.
func (m *Examples) Trivy_Rootfs(ctx context.Context) error {
	// Initialize Trivy module
	// See "New" example.
	trivy := m.Trivy

	// Grab the rootfs of a container
	rootfs := dag.Container().From("alpine:latest").Rootfs()

	// Scan the rootfs
	scan := trivy.Rootfs(rootfs)

	// See "Output" example.
	return output(ctx, scan)
}

no available example in current language

no available example in current language

Installation

dagger install github.com/sagikazarmark/daggerverse/trivy@v0.4.0

Entrypoint

Return Type

Trivy !

Arguments

Name	Type	Default Value	Description
version	String	-	Version (image tag) to use from the official image repository as a base container.
container	Container	-	Custom container to use as a base container. Takes precedence over version.
config	File	-	Trivy configuration file.
cache	CacheVolume	-	Persist Trivy cache between runs.
databaseRepository	String	-	OCI repository to retrieve trivy-db from. (default "ghcr.io/aquasecurity/trivy-db:2")
warmDatabaseCache	Boolean	-	Warm the vulnerability database cache.

Example

dagger -m github.com/sagikazarmark/daggerverse/trivy@173b9238311cd0c7337a6ba21d6e911845dcaaac call \

func (m *MyModule) Example() *dagger.Trivy  {
	return dag.
			Trivy()
}

@function
def example() -> dagger.Trivy:
	return (
		dag.trivy()
	)

@func()
example(): Trivy {
	return dag
		.trivy()
}

Types

Trivy 🔗

image() 🔗

Scan a container image.

See https://aquasecurity.github.io/trivy/latest/docs/target/container_image/ for more information.

Return Type

Scan !

Arguments

Name	Type	Default Value	Description
image	String !	-	Name of the image to scan.
config	File	-	Trivy configuration file.

Example

dagger -m github.com/sagikazarmark/daggerverse/trivy@173b9238311cd0c7337a6ba21d6e911845dcaaac call \
 image --image string

func (m *MyModule) Example(image string) *dagger.TrivyScan  {
	return dag.
			Trivy().
			Image(image)
}

@function
def example(image: str) -> dagger.TrivyScan:
	return (
		dag.trivy()
		.image(image)
	)

@func()
example(image: string): TrivyScan {
	return dag
		.trivy()
		.image(image)
}

imageFile() 🔗

Scan a container image file.

See https://aquasecurity.github.io/trivy/latest/docs/target/container_image/ for more information.

Return Type

Scan !

Arguments

Name	Type	Default Value	Description
image	File !	-	Input file to the image (to use instead of pulling).
config	File	-	Trivy configuration file.

Example

dagger -m github.com/sagikazarmark/daggerverse/trivy@173b9238311cd0c7337a6ba21d6e911845dcaaac call \
 image-file --image file:path

func (m *MyModule) Example(image *dagger.File) *dagger.TrivyScan  {
	return dag.
			Trivy().
			ImageFile(image)
}

@function
def example(image: dagger.File) -> dagger.TrivyScan:
	return (
		dag.trivy()
		.image_file(image)
	)

@func()
example(image: File): TrivyScan {
	return dag
		.trivy()
		.imageFile(image)
}

container() 🔗

Scan a container.

See https://aquasecurity.github.io/trivy/latest/docs/target/container_image/ for more information.

Return Type

Scan !

Arguments

Name	Type	Default Value	Description
container	Container !	-	Image container to scan.
config	File	-	Trivy configuration file.

Example

dagger -m github.com/sagikazarmark/daggerverse/trivy@173b9238311cd0c7337a6ba21d6e911845dcaaac call \
 container --container IMAGE:TAG

func (m *MyModule) Example(container *dagger.Container) *dagger.TrivyScan  {
	return dag.
			Trivy().
			Container(container)
}

@function
def example(container: dagger.Container) -> dagger.TrivyScan:
	return (
		dag.trivy()
		.container(container)
	)

@func()
example(container: Container): TrivyScan {
	return dag
		.trivy()
		.container(container)
}

helmChart() 🔗

Scan a Helm chart.

Return Type

Scan !

Arguments

Name	Type	Default Value	Description
chart	File !	-	Helm chart package to scan.
set	[String ! ]	-	Inline values for the Helm chart (equivalent of --set parameter of the helm install command).
setString	[String ! ]	-	Inline values for the Helm chart (equivalent of --set-string parameter of the helm install command).
values	[File ! ]	-	Values files for the Helm chart (equivalent of --values parameter of the helm install command).
kubeVersion	String	-	Kubernetes version used for Capabilities.KubeVersion.
apiVersions	[String ! ]	-	Available API versions used for Capabilities.APIVersions.
config	File	-	Trivy configuration file.

Example

dagger -m github.com/sagikazarmark/daggerverse/trivy@173b9238311cd0c7337a6ba21d6e911845dcaaac call \
 helm-chart --chart file:path

func (m *MyModule) Example(chart *dagger.File) *dagger.TrivyScan  {
	return dag.
			Trivy().
			HelmChart(chart)
}

@function
def example(chart: dagger.File) -> dagger.TrivyScan:
	return (
		dag.trivy()
		.helm_chart(chart)
	)

@func()
example(chart: File): TrivyScan {
	return dag
		.trivy()
		.helmChart(chart)
}

filesystem() 🔗

Scan a filesystem.

See https://aquasecurity.github.io/trivy/latest/docs/target/filesystem/ for more information.

Return Type

Scan !

Arguments

Name	Type	Default Value	Description
directory	Directory !	-	Directory to scan.
target	String	"."	Subpath within the directory to scan.
config	File	-	Trivy configuration file.

Example

dagger -m github.com/sagikazarmark/daggerverse/trivy@173b9238311cd0c7337a6ba21d6e911845dcaaac call \
 filesystem --directory DIR_PATH

func (m *MyModule) Example(directory *dagger.Directory) *dagger.TrivyScan  {
	return dag.
			Trivy().
			Filesystem(directory)
}

@function
def example(directory: dagger.Directory) -> dagger.TrivyScan:
	return (
		dag.trivy()
		.filesystem(directory)
	)

@func()
example(directory: Directory): TrivyScan {
	return dag
		.trivy()
		.filesystem(directory)
}

rootfs() 🔗

Scan a root filesystem.

See https://aquasecurity.github.io/trivy/latest/docs/target/rootfs/ for more information.

Return Type

Scan !

Arguments

Name	Type	Default Value	Description
directory	Directory !	-	Directory to scan.
target	String	"."	Subpath within the directory to scan.
config	File	-	Trivy configuration file.

Example

dagger -m github.com/sagikazarmark/daggerverse/trivy@173b9238311cd0c7337a6ba21d6e911845dcaaac call \
 rootfs --directory DIR_PATH

func (m *MyModule) Example(directory *dagger.Directory) *dagger.TrivyScan  {
	return dag.
			Trivy().
			Rootfs(directory)
}

@function
def example(directory: dagger.Directory) -> dagger.TrivyScan:
	return (
		dag.trivy()
		.rootfs(directory)
	)

@func()
example(directory: Directory): TrivyScan {
	return dag
		.trivy()
		.rootfs(directory)
}

binary() 🔗

Scan a binary.

This is a convenience method to scan a binary file that normally falls under the rootfs target.

See https://aquasecurity.github.io/trivy/latest/docs/target/rootfs/ for more information.

Return Type

Scan !

Arguments

Name	Type	Default Value	Description
binary	File !	-	Binary to scan.
config	File	-	Trivy configuration file.

Example

dagger -m github.com/sagikazarmark/daggerverse/trivy@173b9238311cd0c7337a6ba21d6e911845dcaaac call \
 binary --binary file:path

func (m *MyModule) Example(binary *dagger.File) *dagger.TrivyScan  {
	return dag.
			Trivy().
			Binary(binary)
}

@function
def example(binary: dagger.File) -> dagger.TrivyScan:
	return (
		dag.trivy()
		.binary(binary)
	)

@func()
example(binary: File): TrivyScan {
	return dag
		.trivy()
		.binary(binary)
}

sbom() 🔗

Scan an SBOM.

See https://aquasecurity.github.io/trivy/latest/docs/target/sbom/ for more information.

Return Type

Scan !

Arguments

Name	Type	Default Value	Description
sbom	File !	-	SBOM to scan.
config	File	-	Trivy configuration file.

Example

dagger -m github.com/sagikazarmark/daggerverse/trivy@173b9238311cd0c7337a6ba21d6e911845dcaaac call \
 sbom --sbom file:path

func (m *MyModule) Example(sbom *dagger.File) *dagger.TrivyScan  {
	return dag.
			Trivy().
			Sbom(sbom)
}

@function
def example(sbom: dagger.File) -> dagger.TrivyScan:
	return (
		dag.trivy()
		.sbom(sbom)
	)

@func()
example(sbom: File): TrivyScan {
	return dag
		.trivy()
		.sbom(sbom)
}

Scan 🔗

output() 🔗

Get the scan results.

Return Type

String !

Arguments

Name	Type	Default Value	Description
format	String	-	Trivy report format.

Example

dagger -m github.com/sagikazarmark/daggerverse/trivy@173b9238311cd0c7337a6ba21d6e911845dcaaac call \
 sbom --sbom file:path \
 output

func (m *MyModule) Example(ctx context.Context, sbom *dagger.File) string  {
	return dag.
			Trivy().
			Sbom(sbom).
			Output(ctx)
}

@function
async def example(sbom: dagger.File) -> str:
	return await (
		dag.trivy()
		.sbom(sbom)
		.output()
	)

@func()
async example(sbom: File): Promise<string> {
	return dag
		.trivy()
		.sbom(sbom)
		.output()
}

report() 🔗

Get the scan report as a file.

Return Type

File !

Arguments

Name	Type	Default Value	Description
format	String !	-	Trivy report format.

Example

dagger -m github.com/sagikazarmark/daggerverse/trivy@173b9238311cd0c7337a6ba21d6e911845dcaaac call \
 sbom --sbom file:path \
 report --format string

func (m *MyModule) Example(sbom *dagger.File, format string) *dagger.File  {
	return dag.
			Trivy().
			Sbom(sbom).
			Report(format)
}

@function
def example(sbom: dagger.File, format: str) -> dagger.File:
	return (
		dag.trivy()
		.sbom(sbom)
		.report(format)
	)

@func()
example(sbom: File, format: string): File {
	return dag
		.trivy()
		.sbom(sbom)
		.report(format)
}