# Trivy

This plugin allows you to scan the Terraform code with `trivy` and provide output.

`trivy` is a static analysis security scanner that can be used for Terraform code.

* [Home page](https://trivy.dev/latest/docs/coverage/iac/terraform/)
* [Source code on GitHub](https://github.com/aquasecurity/trivy)

<figure><img src="/files/13iHMsiLX7n8orf6loJY" alt=""><figcaption></figcaption></figure>

**Configuration options**

1. Name: This is Brainboard field to describe what this task is about.
2. Version: always points to the latest version to give you the latest security checks released.
3. Extra environment variables: variables that you can define here that will be used as environment variables in the execution shell.
4. Ignore status: list of vulnerability status to ignore:
   1. `unknown`
   2. `not_affected`
   3. `affected`
   4. `fixed`
   5. `under_investigation`
   6. `will_not_fix`
   7. `fix_deferred`
   8. `end_of_life`
5. Scanners: list of what security issues to detect:
   1. `vuln`
   2. `misconfig`
   3. `secret`
   4. `license`
6. Severity: severities of security issues to be displayed:
   1. `UNKNOWN`
   2. `LOW`
   3. `MEDIUM`
   4. `HIGH`
   5. `CRITICAL`
7. Ignore failure: if enabled, the execution of the following stage will be triggered even if the task fails.
8. Offline scan: do not issue API requests to identify dependencies
9. Require approval: means that this task will not be executed until approved by people added in the approvers' list.
   * The task remains blocked until all approvers added in the list approve it.
   * When enabled, it allows you to add approvers to the list<br>

     <figure><img src="/files/0838xuaB3y6QzvXCMeMd" alt=""><figcaption></figcaption></figure>
   * The approver has to be Brainboard user
10. Config: can be used to pass any valid Trivy configuration page (see [documentation](https://trivy.dev/latest/docs/references/configuration/config-file/))
11. Skip files: specify the files or glob patterns to skip

**Sample output**

<figure><img src="/files/FBeJgd7guNaf7FkH964j" alt=""><figcaption></figcaption></figure>

The output includes clickable links that open the relevant documentation pages listed in the 'More Information' section.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.brainboard.co/automation/supported-plugins/security/trivy.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.