← ClaudeAtlas

sca-trivylisted

Software Composition Analysis (SCA) and container vulnerability scanning using Aqua Trivy for identifying CVE vulnerabilities in dependencies, container images, IaC misconfigurations, and license compliance risks. Use when: (1) Scanning container images and filesystems for vulnerabilities and misconfigurations, (2) Analyzing dependencies for known CVEs across multiple languages (Go, Python, Node.js, Java, etc.), (3) Detecting IaC security issues in Terraform, Kubernetes, Dockerfile, (4) Integrating vulnerability scanning into CI/CD pipelines with SARIF output, (5) Generating Software Bill of Materials (SBOM) in CycloneDX or SPDX format, (6) Prioritizing remediation by CVSS score and exploitability.
aiskillstore/marketplace · ★ 329 · DevOps & Infrastructure · score 85
Install: claude install-skill aiskillstore/marketplace
# Software Composition Analysis with Trivy ## Overview Trivy is a comprehensive security scanner for containers, filesystems, and git repositories. It detects vulnerabilities (CVEs) in OS packages and application dependencies, IaC misconfigurations, exposed secrets, and software licenses. This skill provides workflows for vulnerability scanning, SBOM generation, CI/CD integration, and remediation prioritization aligned with CVSS and OWASP standards. ## Quick Start Scan a container image for vulnerabilities: ```bash # Install Trivy brew install trivy # macOS # or: apt-get install trivy # Debian/Ubuntu # or: docker pull aquasec/trivy:latest # Scan container image trivy image nginx:latest # Scan local filesystem for dependencies trivy fs . # Scan IaC files for misconfigurations trivy config . # Generate SBOM trivy image --format cyclonedx --output sbom.json nginx:latest ``` ## Core Workflows ### Workflow 1: Container Image Security Assessment Progress: [ ] 1. Identify target container image (repository:tag) [ ] 2. Run comprehensive Trivy scan with `trivy image <image-name>` [ ] 3. Analyze vulnerability findings by severity (CRITICAL, HIGH, MEDIUM, LOW) [ ] 4. Map CVE findings to CWE categories and OWASP references [ ] 5. Check for available patches and updated base images [ ] 6. Generate prioritized remediation report with upgrade recommendations Work through each step systematically. Check off completed items. ### Workflow 2: Dependency Vulnerability Scanning S