scanning-containers-with-trivy-in-cicd

Featured

This skill covers integrating Aqua Security's Trivy scanner into CI/CD pipelines for comprehensive container image vulnerability detection. It addresses scanning Docker images for OS package and application dependency CVEs, detecting misconfigurations in Dockerfiles, scanning filesystem and git repositories, and establishing severity-based quality gates that block deployment of vulnerable images.

DevOps & Infrastructure 12,642 stars 1468 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Scanning Containers with Trivy in CI/CD ## When to Use - When building Docker container images in CI/CD and needing automated vulnerability scanning before registry push - When establishing quality gates that prevent images with critical or high CVEs from reaching production - When compliance requirements mandate vulnerability scanning of all container images before deployment - When scanning IaC files (Dockerfiles, Kubernetes manifests) alongside container image scanning - When needing a single tool to scan OS packages, language-specific dependencies, and misconfigurations **Do not use** for runtime container security monitoring (use Falco), for scanning running containers in production (use runtime agents), or when only scanning application source code without containerization (use SAST tools). ## Prerequisites - Trivy CLI installed (v0.50+) or access to aquasecurity/trivy-action GitHub Action - Docker daemon available in CI/CD for building and scanning images - Container registry credentials for pulling base images and pushing scanned images - Trivy vulnerability database accessible (downloaded automatically or cached) ## Workflow ### Step 1: Configure Trivy Scanning in GitHub Actions Set up a GitHub Actions workflow that builds a Docker image and scans it with Trivy before pushing to a container registry. ```yaml # .github/workflows/container-security.yml name: Container Security Scan on: push: branches: [main] pull_request: branches: [main] pa...

Details

Author
mukul975
Repository
mukul975/Anthropic-Cybersecurity-Skills
Created
3 months ago
Last Updated
today
Language
Python
License
Apache-2.0

Integrates with

GitHub · DevTools Docker · Infrastructure Kubernetes · Infrastructure

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Featured

performing-container-security-scanning-with-trivy

Scan container images, filesystems, and Kubernetes manifests for vulnerabilities, misconfigurations, exposed secrets, and license compliance issues using Aqua Security Trivy with SBOM generation and CI/CD integration.

12,642 Updated today
mukul975
DevOps & Infrastructure Solid

sca-trivy

Software Composition Analysis (SCA) and container vulnerability scanning using Aqua Trivy for identifying CVE vulnerabilities in dependencies, container images, IaC misconfigurations, and license compliance risks. Use when: (1) Scanning container images and filesystems for vulnerabilities and misconfigurations, (2) Analyzing dependencies for known CVEs across multiple languages (Go, Python, Node.js, Java, etc.), (3) Detecting IaC security issues in Terraform, Kubernetes, Dockerfile, (4) Integrating vulnerability scanning into CI/CD pipelines with SARIF output, (5) Generating Software Bill of Materials (SBOM) in CycloneDX or SPDX format, (6) Prioritizing remediation by CVSS score and exploitability.

335 Updated today
aiskillstore
AI & Automation Featured

scanning-docker-images-with-trivy

Trivy is a comprehensive open-source vulnerability scanner by Aqua Security that detects vulnerabilities in OS packages, language-specific dependencies, misconfigurations, secrets, and license violati

12,642 Updated today
mukul975
AI & Automation Featured

implementing-aqua-security-for-container-scanning

Deploy Aqua Security's Trivy scanner to detect vulnerabilities, misconfigurations, secrets, and license issues in container images across CI/CD pipelines and registries.

12,642 Updated today
mukul975
AI & Automation Featured

securing-container-registry-images

Securing container registry images by implementing vulnerability scanning with Trivy and Grype, enforcing image signing with Cosign and Sigstore, configuring registry access controls, and building CI/CD pipelines that prevent deploying unscanned or unsigned images.

12,642 Updated today
mukul975