Trivy Container Security

Scan containers, filesystems, and IaC templates for vulnerabilities with Trivy. Generates CI pipeline configs, custom policies in Rego, SBOM reports, and remediation strategies for CVEs.

This skill integrates Aqua Trivy into your development workflow. It scans Docker images for OS and language-specific vulnerabilities, checks IaC templates (Terraform, CloudFormation, Kubernetes manifests) for misconfigurations, generates SBOMs in CycloneDX/SPDX formats, creates custom Rego policies, and integrates with CI/CD pipelines. Covers vulnerability prioritization and remediation workflows.

When to use

Use when scanning Docker images for CVEs, auditing IaC templates, generating SBOMs for compliance, creating security gates in CI/CD, or writing custom security policies.

Examples

CI security gate

Add Trivy scanning to GitHub Actions

Create a GitHub Actions workflow that scans Docker images with Trivy, fails on critical CVEs, and uploads results to GitHub Security tab

IaC audit

Scan Terraform configs for misconfigurations

Scan my Terraform directory with Trivy for misconfigurations, generate a report of high-severity findings, and suggest fixes for each