Trivy
This plugin allows you to scan the Terraform code with trivy
and provide output.
trivy
is a static analysis security scanner that can be used for Terraform code.

Configuration options
Name: This is Brainboard field to describe what this task is about.
Version: always points to the latest version to give you the latest security checks released.
Extra environment variables: variables that you can define here that will be used as environment variables in the execution shell.
Ignore status: list of vulnerability status to ignore:
unknown
not_affected
affected
fixed
under_investigation
will_not_fix
fix_deferred
end_of_life
Scanners: list of what security issues to detect:
vuln
misconfig
secret
license
Severity: severities of security issues to be displayed:
UNKNOWN
LOW
MEDIUM
HIGH
CRITICAL
Ignore failure: if enabled, the execution of the following stage will be triggered even if the task fails.
Offline scan: do not issue API requests to identify dependencies
Require approval: means that this task will not be executed until approved by people added in the approvers' list.
The task remains blocked until all approvers added in the list approve it.
When enabled, it allows you to add approvers to the list
The approver has to be Brainboard user
Config: can be used to pass any valid Trivy configuration page (see documentation)
Skip files: specify the files or glob patterns to skip
Sample output

The output includes clickable links that open the relevant documentation pages listed in the 'More Information' section.
Last updated
Was this helpful?