Tekton Task Trivy-Scanning

Last Update : 21 November, 2023 | Published : 16 November, 2023 | 1 Min Read

Trivy Scanner

This Tekton task uses Trivy, a comprehensive scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues. It scans for vulnerabilities in the source code in standalone mode.

Parameters

  • ARGS: The arguments to be passed to the Trivy command.
  • TRIVY_IMAGE: Trivy scanner image to be used.
    • Default: docker.io/aquasec/trivy@sha256:dea76d4b50c75125cada676a87ac23de2b7ba4374752c6f908253c3b839201d9
  • IMAGE_PATH: Image or path to be scanned by Trivy.
  • EXIT_CODE: Define the exit code if severity vulnerabilities are found.

Workspaces

  • manifest-dir

Steps

trivy-scan

This step runs the Trivy scanner on the specified image or path.

#!/usr/bin/env sh
ls -al
pwd
ls -al /workspaces
ls -al target/images
cmd="trivy image --input target/images/docker-image-local.tar --format json"
# cmd="trivy $* /tmp/trivy_scanner_image.tar"
echo "Running trivy task with command below"
echo "$cmd"
eval "$cmd"
echo "result of above command $?"
trivy image --severity CRITICAL --input target/images/docker-image-local.tar --exit-code $(params.EXIT_CODE)
if [[ $? == 1 ]]
then
  echo "find critical vulns"
  exit 1
else
  echo "no critical vulns"
fi

It then constructs and executes the Trivy command to scan the specified image. If critical vulnerabilities are found, the task exits with an error code.

Looking for Cloud-Native Implementation?

Finding the right talent is pain. More so, keeping up with concepts, culture, technology and tools. We all have been there. Our AI-based automated solutions helps eliminate these issues, making your teams lives easy.

Contact Us