Trivy
Last updated
Was this helpful?
Last updated
Was this helpful?
This plugin allows you to scan the Terraform code with trivy and provide output.
trivy is a static analysis security scanner that can be used for Terraform code.
.
.
Configuration options
Version: always points to the latest version.
Ignore status: list of vulnerability status to ignore (unknown, not_affected, affected, fixed, under_investigation, will_not_fix, fix_deferred, end_of_life)
Scanners: list of what security issues to detect (vuln, misconfig, secret, license)
Severity: severities of security issues to be displayed (UNKNOWN, LOW, MEDIUM, HIGH, CRITICAL)
Ignore failure: if enabled, the execution of the following stage will be triggered even if the task fails.
Offline scan: do not issue API requests to identify dependencies
Include ignored: include ignored checks in the result output.
Include passed: include passed checks in the result output.
Minimum severity: you can specify the minimum severity of result that should be reported. By default, every severity is reported. You must use one of CRITICAL, HIGH, MEDIUM, LOW.
Require approval: means that this task will not be executed until approved by people added in the approvers' list.
The task remains blocked until all approvers added in the list approve it.
Skip files: specify the files or glob patterns to skip
Sample output
Config: can be used to pass any valid Trivy configuration page (see )
