trivy
Installation
Entrypoint
Types
Trivy
- scanFilesystem()
- scanImage()

trivy

This module provides Dagger functions for scanning Docker images and filesystem
directories using Trivy, the open-source vulnerability scanner from Aqua Security.
It demonstrates how to configure containers with Trivy, accept optional inputs
like scan severity and credentials, and return results as Dagger file outputs or
raw text.

The `ScanFilesystem` function scans a directory for vulnerabilities and returns
a Trivy report as a file. The `ScanImage` function scans a container image by
reference and returns the vulnerability report as plain text. These functions
serve as a reference for integrating Trivy into secure CI/CD pipelines using Dagger.

Installation

dagger install github.com/stuttgart-things/dagger/trivy@v0.23.0

Entrypoint

Return Type

Trivy

Example

dagger -m github.com/stuttgart-things/dagger/trivy@41f188e601ad0a6cef3e70bf61bc318fe82eec71 call \

func (m *MyModule) Example() *dagger.Trivy  {
	return dag.
			Trivy()
}

@function
def example() -> dagger.Trivy:
	return (
		dag.trivy()
	)

@func()
example(): Trivy {
	return dag
		.trivy()
}

Types

Trivy 🔗

scanFilesystem() 🔗

Return Type

File !

Arguments

Name	Type	Default Value	Description
src	Directory !	-	No description provided
severity	String	"HIGH,CRITICAL"	No description provided
trivyVersion	String	"0.64.1"	No description provided

Example

dagger -m github.com/stuttgart-things/dagger/trivy@41f188e601ad0a6cef3e70bf61bc318fe82eec71 call \
 scan-filesystem --src DIR_PATH

func (m *MyModule) Example(src *dagger.Directory) *dagger.File  {
	return dag.
			Trivy().
			ScanFilesystem(src)
}

@function
def example(src: dagger.Directory) -> dagger.File:
	return (
		dag.trivy()
		.scan_filesystem(src)
	)

@func()
example(src: Directory): File {
	return dag
		.trivy()
		.scanFilesystem(src)
}

scanImage() 🔗

TrivyScan performs a security scan on a Docker image using its reference

Return Type

File !

Arguments

Name	Type	Default Value	Description
imageRef	String !	-	Fully qualified image reference (e.g., "ttl.sh/my-repo:1.0.0")
registryUser	Secret	-	No description provided
registryPassword	Secret	-	No description provided
severity	String	"HIGH,CRITICAL"	No description provided
trivyVersion	String	"0.64.1"	No description provided

Example

dagger -m github.com/stuttgart-things/dagger/trivy@41f188e601ad0a6cef3e70bf61bc318fe82eec71 call \
 scan-image --image-ref string

func (m *MyModule) Example(imageRef string) *dagger.File  {
	return dag.
			Trivy().
			ScanImage(imageRef)
}

@function
def example(image_ref: str) -> dagger.File:
	return (
		dag.trivy()
		.scan_image(image_ref)
	)

@func()
example(imageRef: string): File {
	return dag
		.trivy()
		.scanImage(imageRef)
}