trivy
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more.
Installation
dagger install github.com/sagikazarmark/daggerverse/trivy@6133ad18e131b891d4723b8e25d69f5de077b472Entrypoint
Return Type
Trivy !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| version | String | - | Version (image tag) to use from the official image repository as a base container. |
| container | Container | - | Custom container to use as a base container. Takes precedence over version. |
| config | File | - | Trivy configuration file. |
| cache | CacheVolume | - | Persist Trivy cache between runs. |
| databaseRepository | String | - | OCI repository to retrieve trivy-db from. (default "ghcr.io/aquasecurity/trivy-db:2") |
| warmDatabaseCache | Boolean | - | Warm the vulnerability database cache. |
Example
dagger -m github.com/sagikazarmark/daggerverse/trivy@6133ad18e131b891d4723b8e25d69f5de077b472 call \
func (m *MyModule) Example() *dagger.Trivy {
return dag.
Trivy()
}@function
def example() -> dagger.Trivy:
return (
dag.trivy()
)@func()
example(): Trivy {
return dag
.trivy()
}Types
Trivy 🔗
image() 🔗
Scan a container image.
See https://aquasecurity.github.io/trivy/latest/docs/target/container_image/ for more information.
Return Type
Scan !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| image | String ! | - | Name of the image to scan. |
| config | File | - | Trivy configuration file. |
Example
dagger -m github.com/sagikazarmark/daggerverse/trivy@6133ad18e131b891d4723b8e25d69f5de077b472 call \
image --image stringfunc (m *MyModule) Example(image string) *dagger.TrivyScan {
return dag.
Trivy().
Image(image)
}@function
def example(image: str) -> dagger.TrivyScan:
return (
dag.trivy()
.image(image)
)@func()
example(image: string): TrivyScan {
return dag
.trivy()
.image(image)
}imageTarball() 🔗
Scan a container image tarball.
See https://aquasecurity.github.io/trivy/latest/docs/target/container_image/ for more information.
Return Type
Scan !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| image | File ! | - | Input file to the image (to use instead of pulling). |
| config | File | - | Trivy configuration file. |
Example
dagger -m github.com/sagikazarmark/daggerverse/trivy@6133ad18e131b891d4723b8e25d69f5de077b472 call \
image-tarball --image file:pathfunc (m *MyModule) Example(image *dagger.File) *dagger.TrivyScan {
return dag.
Trivy().
ImageTarball(image)
}@function
def example(image: dagger.File) -> dagger.TrivyScan:
return (
dag.trivy()
.image_tarball(image)
)@func()
example(image: File): TrivyScan {
return dag
.trivy()
.imageTarball(image)
}container() 🔗
Scan a container.
See https://aquasecurity.github.io/trivy/latest/docs/target/container_image/ for more information.
Return Type
Scan !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| container | Container ! | - | Image container to scan. |
| config | File | - | Trivy configuration file. |
Example
dagger -m github.com/sagikazarmark/daggerverse/trivy@6133ad18e131b891d4723b8e25d69f5de077b472 call \
container --container IMAGE:TAGfunc (m *MyModule) Example(container *dagger.Container) *dagger.TrivyScan {
return dag.
Trivy().
Container(container)
}@function
def example(container: dagger.Container) -> dagger.TrivyScan:
return (
dag.trivy()
.container(container)
)@func()
example(container: Container): TrivyScan {
return dag
.trivy()
.container(container)
}helmChart() 🔗
Scan a Helm chart.
Return Type
Scan !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| chart | File ! | - | Helm chart package to scan. |
| set | [String ! ] | - | Inline values for the Helm chart (equivalent of --set parameter of the helm install command). |
| setString | [String ! ] | - | Inline values for the Helm chart (equivalent of --set-string parameter of the helm install command). |
| values | [File ! ] | - | Values files for the Helm chart (equivalent of --values parameter of the helm install command). |
| kubeVersion | String | - | Kubernetes version used for Capabilities.KubeVersion. |
| apiVersions | [String ! ] | - | Available API versions used for Capabilities.APIVersions. |
| config | File | - | Trivy configuration file. |
Example
dagger -m github.com/sagikazarmark/daggerverse/trivy@6133ad18e131b891d4723b8e25d69f5de077b472 call \
helm-chart --chart file:pathfunc (m *MyModule) Example(chart *dagger.File) *dagger.TrivyScan {
return dag.
Trivy().
HelmChart(chart)
}@function
def example(chart: dagger.File) -> dagger.TrivyScan:
return (
dag.trivy()
.helm_chart(chart)
)@func()
example(chart: File): TrivyScan {
return dag
.trivy()
.helmChart(chart)
}filesystem() 🔗
Scan a filesystem.
See https://aquasecurity.github.io/trivy/latest/docs/target/filesystem/ for more information.
Return Type
Scan !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| directory | Directory ! | - | Directory to scan. |
| target | String | "." | Subpath within the directory to scan. |
| config | File | - | Trivy configuration file. |
Example
dagger -m github.com/sagikazarmark/daggerverse/trivy@6133ad18e131b891d4723b8e25d69f5de077b472 call \
filesystem --directory DIR_PATHfunc (m *MyModule) Example(directory *dagger.Directory) *dagger.TrivyScan {
return dag.
Trivy().
Filesystem(directory)
}@function
def example(directory: dagger.Directory) -> dagger.TrivyScan:
return (
dag.trivy()
.filesystem(directory)
)@func()
example(directory: Directory): TrivyScan {
return dag
.trivy()
.filesystem(directory)
}rootfs() 🔗
Scan a root filesystem.
See https://aquasecurity.github.io/trivy/latest/docs/target/rootfs/ for more information.
Return Type
Scan !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| directory | Directory ! | - | Directory to scan. |
| target | String | "." | Subpath within the directory to scan. |
| config | File | - | Trivy configuration file. |
Example
dagger -m github.com/sagikazarmark/daggerverse/trivy@6133ad18e131b891d4723b8e25d69f5de077b472 call \
rootfs --directory DIR_PATHfunc (m *MyModule) Example(directory *dagger.Directory) *dagger.TrivyScan {
return dag.
Trivy().
Rootfs(directory)
}@function
def example(directory: dagger.Directory) -> dagger.TrivyScan:
return (
dag.trivy()
.rootfs(directory)
)@func()
example(directory: Directory): TrivyScan {
return dag
.trivy()
.rootfs(directory)
}binary() 🔗
Scan a binary.
This is a convenience method to scan a binary file that normally falls under the rootfs target.
See https://aquasecurity.github.io/trivy/latest/docs/target/rootfs/ for more information.
Return Type
Scan !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| binary | File ! | - | Binary to scan. |
| config | File | - | Trivy configuration file. |
Example
dagger -m github.com/sagikazarmark/daggerverse/trivy@6133ad18e131b891d4723b8e25d69f5de077b472 call \
binary --binary file:pathfunc (m *MyModule) Example(binary *dagger.File) *dagger.TrivyScan {
return dag.
Trivy().
Binary(binary)
}@function
def example(binary: dagger.File) -> dagger.TrivyScan:
return (
dag.trivy()
.binary(binary)
)@func()
example(binary: File): TrivyScan {
return dag
.trivy()
.binary(binary)
}sbom() 🔗
Scan an SBOM.
See https://aquasecurity.github.io/trivy/latest/docs/target/sbom/ for more information.
Return Type
Scan !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| sbom | File ! | - | SBOM to scan. |
| config | File | - | Trivy configuration file. |
Example
dagger -m github.com/sagikazarmark/daggerverse/trivy@6133ad18e131b891d4723b8e25d69f5de077b472 call \
sbom --sbom file:pathfunc (m *MyModule) Example(sbom *dagger.File) *dagger.TrivyScan {
return dag.
Trivy().
Sbom(sbom)
}@function
def example(sbom: dagger.File) -> dagger.TrivyScan:
return (
dag.trivy()
.sbom(sbom)
)@func()
example(sbom: File): TrivyScan {
return dag
.trivy()
.sbom(sbom)
}Scan 🔗
output() 🔗
Get the scan results.
Return Type
String !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| format | Enum | - | Trivy report format. |
Example
dagger -m github.com/sagikazarmark/daggerverse/trivy@6133ad18e131b891d4723b8e25d69f5de077b472 call \
sbom --sbom file:path \
outputfunc (m *MyModule) Example(ctx context.Context, sbom *dagger.File) string {
return dag.
Trivy().
Sbom(sbom).
Output(ctx)
}@function
async def example(sbom: dagger.File) -> str:
return await (
dag.trivy()
.sbom(sbom)
.output()
)@func()
async example(sbom: File): Promise<string> {
return dag
.trivy()
.sbom(sbom)
.output()
}report() 🔗
Get the scan report as a file.
Return Type
File !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| format | Enum ! | - | Trivy report format. |
Example
dagger -m github.com/sagikazarmark/daggerverse/trivy@6133ad18e131b891d4723b8e25d69f5de077b472 call \
sbom --sbom file:path \
reportfunc (m *MyModule) Example(sbom *dagger.File, format ) *dagger.File {
return dag.
Trivy().
Sbom(sbom).
Report(format)
}@function
def example(sbom: dagger.File, format: ) -> dagger.File:
return (
dag.trivy()
.sbom(sbom)
.report(format)
)@func()
example(sbom: File, format: ): File {
return dag
.trivy()
.sbom(sbom)
.report(format)
}