-
We have a terraform repository with hundreds or thousands of resources which have already been built prior to using tfsec / trivy. We've been using tfsec successfully for a long time, but eventually w…
-
Hi team, thanks for the awesome project. we follow you from tf-sec to here and would love to contribute and make this codebase as awesome as possible.
We really want to use the sarif and codeql fu…
-
I'm using the gh action to scan my container, and I have the severity field set to critical, but the scan seems to be returning ALL vulnerabilities. My code looks like:
```
- name: Run Trivy vu…
-
### First check
- [X] I am a contributor to the Prefect codebase
### Description
To help the security team monitor risks in the images we publish, we should add a step to our build pipeline that sc…
-
i try sending trivy scan to slack webhook and i have questionwhat is trivy args ?
trivy webhook -- -url=https://hooks.slack.com/services/xxxx/xxxx/xxxx -- "trivy args"
-
Edit: updated image+text for TerriaMap 0.2.1 release (+yarn upgrade)
I'm not sure which project to file this issue on, so my apologies if it's in the wrong place.
Trivy reports a reasonable amou…
-
Hi there,
we are using codeql already, and have Code scanning results / CodeQL in our repos.
additionally with the following rule: Settings -> Code security and analysis -> Code Scanning -> Check …
-
I've reviewed #120. I'm still getting the same error after following the documentation.
```
2023-01-11T21:32:49.912Z FATAL image scan error: scan error: unable to initialize a scanner: unable to …
-
### Current Behavior
I collected the sbom of all rpm packages in the CentOS system through the syft(https://github.com/anchore/syft) tool, the format of the sbom file is cyclonedx-json, then I upload…
-
### Proposal
We run prometheus in our FedRAMP environment and use various container scanning tools like ECR, trivy/clair, and snyk to scan containers for vulnerabilities. These tools have trouble or …