security

Solid

Generate Tekton Task that uses Trivy to scan generated container for vulnerabilities.

Data & Documents 26 stars 27 forks Updated 2 weeks ago Apache-2.0

Install

View on GitHub

Quality Score: 77/100

Stars 20%

Recency 20%

Frontmatter 20%

Documentation 15%

Issue Health 10%

License 10%

100

Description 5%

100

Skill Content

# Vulnerabilities Scan Generate a Tekton task that uses Trivy to scan a container image and abort the pipeline in case of critical or high vulnerabilities. ## Instructions for Bob ### Step 1: Generate a Tekton Task using Trivy The task should receive as parameter the container image name. The task should only fail if the container image contains CRITICAL or HIGH vulnerabilities. 1. Use the `aquasec/trivy:0.50.0` container to run the `trivy` command. 2. The `exit-code` should be 1 when a vulnerability is found. The following snippet shows an example: ```yaml apiVersion: tekton.dev/v1 kind: Task metadata: name: trivy-scan spec: params: - name: image-name type: string steps: - name: scan image: aquasec/trivy:0.50.0 script: | trivy image --severity CRITICAL,HIGH \ --exit-code 1 \ $(params.image-name):$(git rev-parse --short HEAD) ``` ## Critical - Use only trivy tool for vulnerabilities

Details

Author: IBM
Repository: IBM/bob-demo
Created: 3 months ago
Last Updated: 2 weeks ago
Language: Java
License: Apache-2.0

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Featured

dashboard

View all tracked vulnerabilities and their current status

2,972 Updated 3 days ago

davepoon

Code & Development Featured

security-reviewer

Identifies security vulnerabilities, generates structured audit reports with severity ratings, and provides actionable remediation guidance. Use when conducting security audits, reviewing code for vulnerabilities, or analyzing infrastructure security. Invoke for SAST scans, penetration testing, DevSecOps practices, cloud security reviews, dependency audits, secrets scanning, or compliance checks. Produces vulnerability reports, prioritized recommendations, and compliance checklists.

9,342 Updated 5 days ago

Jeffallan

Data & Documents Solid

scv-scan

Systematically audit Solidity smart contract codebases for security vulnerabilities using a 4-phase approach - load a vulnerability cheatsheet, sweep code with grep and semantic analysis, deep-validate candidates against reference files, and output a severity-ranked findings

99 Updated 2 months ago

kadenzipfel

Code & Development Solid

fix-vulnerability

Fix a vm2 sandbox escape vulnerability given a Security Advisory ID (GHSA/CVE). Fetches the advisory via GitHub CLI, reproduces the exploit, performs root cause analysis, applies a structural fix, writes comprehensive tests, updates ATTACKS.md, and red-teams the result. Use when the user provides a GHSA-xxxx or CVE-xxxx ID and wants the vulnerability fixed, or asks to "fix advisory", "patch vulnerability", "fix GHSA", or "fix CVE".

4,067 Updated 1 weeks ago

patriksimek

DevOps & Infrastructure Featured

terrashark

Prevent Terraform/OpenTofu hallucinations by diagnosing and fixing failure modes: identity churn, secret exposure, blast-radius mistakes, CI drift, and compliance gate gaps. Use when generating, reviewing, refactoring, or migrating IaC and when building delivery/testing pipelines.

429 Updated yesterday

LukasNiessen