Trivy

Trivy is a simple and comprehensive vulnerability scanner for containers and other artifacts.

Object Representation (YAML)

id: String
name: String
type: String
depends: [String]
tags: [String]
condition: Boolean
each: Array
while: String
until: String
verbosity: String
ignore_errors: Boolean
tool_version: String
tool_options: Object
properties:
  command: String
  repo_url: String
  path: String
  image: String
  template: String
  format: String
  input: String
  severity: [String]
  output: String
  exit_code: Number
  ignore_unfixed: Boolean
  debug: Boolean
  removed_pkgs: Boolean
  light: Boolean
  vuln_type: String
  ignorefile: String
  ignore_policy: String
  list_all_pkgs: Boolean
  command_options: String
  global_options: String
  cwd: String
  env:
    - name: String
      value: String

Fields

Property	Details
`id` *	String A unique identifier for the step. Can contain hyphens and underscores, but not spaces.
`name` *	String A friendly name for the step. This name will appear in the pipeline designer and run output.
`type` *	String The type of the step. Can be `pipeline` or a step module type.
`depends[]`	[String] A list of dependencies of this step. This step will not be executed until all steps with `id`s in this list are finished executing.
`tags[]`	[String] Tags are used to group related steps. Steps with the same tag can be retrieved using the `findStepsByTag()` helper function. Can contain hyphens and underscores, but not spaces.
`condition`	Boolean An expression which is evaluated before the step executes. If it evaluates to false, the step will be skipped. The `step.result.status` field will be "Skipped".
`each`	Array An expression which evaluates to an array. It is evaluated once before the first iteration. There will be one iteration for each element of the array. An empty array (`[]`) will results in no iterations being executed.
`while`	String A boolean expression evaluated before each iteration. When the expression evaluates to `false`, iteration stops. If `false` before the first iteration, no iterations will be executed.
`until`	String A boolean expression evaluated after each iteration. When the expression evaluates to `true`, iteration stops. The first iteration will always be excuted with no regard for the value of the expression.
`verbosity`	String Step event verbosity. Determines how much information about step execution is sent back to the application.
`ignore_errors`	Boolean If `true`, errors in the step module will not halt pipeline execution, and subsequent steps will still be executed. The `step.result.status` field will be "Failed" if the step encounters an error.
`tool_version`	String The version to use for tool installation.
`tool_options`	Object -
`properties.command` *	String The trivy command to run. One of `image`, `filesystem`, `repository`.
`properties.repo_url`	String The URL of a remote repository to scan, if `command` is `repository`.
`properties.path`	String The path to local files to scan, if `command` is `filesystem`.
`properties.image`	String The name of a container image to scan, if `command` is `image`.
`properties.template`	String A template to use for the output format, when `format` is `template`.
`properties.format`	String The output format. One of `json`, `table`, `template`.
`properties.input`	String The path to a local container image file, if `command` is `image`.
`properties.severity[]`	[String] Filters results by these severity levels. Items should be one of `UNKNOWN`, `LOW`, `MEDIUM`, `HIGH`, `CRITICAL`.
`properties.output`	String Path to a local file where scan output will be written.
`properties.exit_code`	Number Exit code when vulnerabilities were found.
`properties.ignore_unfixed`	Boolean Display only fixed vulnerabilities.
`properties.debug`	Boolean Debug mode
`properties.removed_pkgs`	Boolean Detect vulnerabilities of removed packages (only for Alpine).
`properties.light`	Boolean Light mode. It's faster, but vulnerability descriptions and references are not displayed.
`properties.vuln_type`	String List of vulnerability types. Items should be `os`, `library`.
`properties.ignorefile`	String Path to a .trivyignore file.
`properties.ignore_policy`	String Path to a Rego file to evaluate each vulnerability.
`properties.list_all_pkgs`	Boolean Output all packages regardless of vulnerability.
`properties.command_options`	String Extra command options that will be provided to trivy command.
`properties.global_options`	String Extra global options that will be provided to trivy command.
`properties.cwd`	String If provided, the trivy will use this path as its working directory.
`properties.env[]`	[Object] A list of environment variables that will be set for script execution.
`properties.env[].name` *	String Environment variable name.
`properties.env[].value` *	String Environment variable value.

Result Fields

The following are the step execution result fields available at steps.<step id>.result after a step executes.

Key	Details
`result.status`	String A string indicating the step execution status. Can be Succeeded, Failed, or Skipped.
`result.exit_code`	Number Exit code of the trivy process.
`result.stdout`	String Exit code of the trivy process.
`result.stderr`	String Stderr of the trivy process.

Trivy

Object Representation (YAML)

Fields

Result Fields

Product

Legal