An Azure DevOps Pipelines Task for Trivy, with an integrated UI.
-
Install the Trivy task in your Azure DevOps organization (hit the
Get it freebutton above). -
Add the task to your
azure-pipelines.ymlin a project where you'd like to run trivy:
- task: trivy@1You can supply several inputs to customise the task.
| Input | Description |
|---|---|
version |
The version of Trivy to use. Currently defaults to latest. |
docker |
Run Trivy using the aquasec/trivy docker image. Alternatively the Trivy binary will be run natively. Defaults to true. |
debug |
Enable debug logging in the build output. |
path |
The path to scan relative to the root of the repository being scanned, if an fs scan is required. Cannot be set if image is set. |
image |
The image to scan if an image scan is required. Cannot be set if path is set. |
exitCode |
The exit-code to use when Trivy detects issues. Set to 0 to prevent the build failing when Trivy finds issues. Defaults to 1. |
aquaKey |
The Aqua API Key to use to link scan results to your Aqua Security account (not required). |
aquaSecret |
The Aqua API Secret to use to link scan results to your Aqua Security account (not required). |
trigger:
- main
pool:
vmImage: ubuntu-latest
jobs:
- job: Scan the local project
steps:
- task: trivy@1
inputs:
path: .
- job: Scan the ubuntu image
steps:
- task: trivy@1
inputs:
image: ubuntuYou can scan images in private registries by using the image input after completing a docker login. For example:
steps:
- task: Docker@2
displayName: Login to ACR
inputs:
command: login
containerRegistry: dockerRegistryServiceConnection1
- task: trivy@1
inputs:
image: my.registry/org/my-image:latest