-
Currently there's no way to pass the --show-suppressed flag to the github action.
I am preparing a PR to add this functionality in.
-
Trivy has the --cache-dir flag to point to the location where DB and image layers are cached. If we combine that with the https://github.com/actions/cache we can speed up some build jobs.
-
**Is your feature request related to a problem? Please describe.**
OSV.dev is OpenSource vulnerability database integrated with various tools (like [Renovate Bot for example](https://osv.dev/blog/pos…
-
This is part of a bigger discussion as to if Trivy should support on a global scanner level or not as seen here: https://github.com/aquasecurity/trivy/discussions/4184
### Discussed in https://git…
-
#### What happened:
CVE in `registry.k8s.io/build-image/distroless-iptables:v0.6.2` image
```bash
➜ trivy image --exit-code 1 --ignore-unfixed --severity MEDIUM,HIGH,CRITICAL registry.k8s.io/…
-
I am using the action as follows:
```yaml
- name: scan the image
uses: aquasecurity/trivy-action@0.20.0
with:
image-ref: ${{ inputs.image }}
format: template
…
-
https://github.com/aquasecurity/tfsec
```[tasklist]
### Research
- [ ] Determine if Trivy can be used in place of TFSec or something else
```
```[tasklist]
### CircleCi Config
- [ ] Scan failing on a…
-
We are currently running Trivy with the latest version:
```yaml
name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 #0.19.0
with:
ima…
-
## 🐞 Bug report
### Describe the bug
We do the following scan by Trivy:
```
apiVersion: "execution.securecodebox.io/v1"
kind: Scan
metadata:
name: "trivy-k8s-1"
annotations:
def…
-
Yesterday the Azure DevOps Task trivy@1 had a change in code and stopped working. The check is still the same, we did not change anything. Before we had the following result in our pipeline:
>/tmp/…