Trivy Github Action
Trivy is an open-source comprehensive security scanner developed by Aqua Security that detects vulnerabilities, misconfigurations, secrets, and compliance issues across container images, filesystems, repositories, and Kubernetes clusters.
It provides fast, accurate security scanning with minimal configuration, making it one of the most widely adopted tools in cloud-native security.
🔹 Key Features of Trivy
- Vulnerability Scanning: Detects CVEs in OS packages and application dependencies.
- IaC Misconfiguration Detection: Scans Terraform, Kubernetes, Helm, and Dockerfiles.
- Secrets Scanning: Identifies hard-coded secrets and credentials.
- Kubernetes Security: Scans clusters and manifests for security issues.
- SBOM Support: Generates and consumes SBOMs.
- CI/CD Friendly: Designed for fast pipeline execution.
As part of Ananta Cloud’s unified security scanning strategy, we provide a standardized GitHub Action for Trivy to enforce security checks across the entire software lifecycle.
🔹 What It Does?
- Scans container images and repositories for vulnerabilities.
- Detects misconfigurations and exposed secrets.
- Enforces severity-based security gates.
- Produces detailed security reports.
- Integrates with Ananta Cloud’s DevSecOps controls.
🔹 Benefits of Using Ananta Cloud’s Trivy Action
- All-in-One Security Scanning
- Fast Feedback for Developers
- Shift-Left Security Enablement
- Reduced Tool Sprawl
- Enterprise-Grade Security Coverage
🔹 Supported Inputs
| Name | Description | Required |
|---|---|---|
scan-type | Type of scan (image, fs, repo, config) | ✔️ Yes |
image | Container image name with tag | ❌ No |
severity-threshold | Fail pipeline on specified severity | ❌ No |
ignore-unfixed | Ignore unfixed vulnerabilities | ❌ No |
🔹 Supported Outputs
None
🔹 Usage
- name: Run Trivy security scan
uses: anantacloud/actions/tree/main/security/trivy
with:
scan-type: image
image: docker-image:tag
severity-threshold: high