trivy: Image scans in CI/CD
trivy: Image scans in CI/CD
- Covers OS (alpine, Ubuntu, Debian, CentOS, RedHat)
- Covers package managers (Ruby, Python, PHP, NPM, Rust)
Break build with high severity findings:
trivy \
--skip-update \
--ignore-unfixed \
--exit-code 1 \
--severity HIGH,CRITICAL \
python:3.4-alpine3.9
Cache management
- Databases are cached locally
- Persist cache across builds