Skip to content

add secret rules to trivy #254

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
JonathanSerafini merged 5 commits into from
Oct 29, 2025
Merged

add secret rules to trivy #254

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
738d950
add secret rules to trivy
JonathanSerafini Oct 29, 2025
ad43f47
derp
JonathanSerafini Oct 29, 2025
1180f1b
enable trivy scanners
JonathanSerafini Oct 29, 2025
cb56d03
update
JonathanSerafini Oct 29, 2025
da0466d
add scan types
JonathanSerafini Oct 29, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 4 additions & 2 deletions scanners/boostsecurityio/trivy-fs/module.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ id: boostsecurityio/trivy-fs
name: Trivy (Filesystem scanning)
namespace: boostsecurityio/trivy-fs
scan_types:
- secrets
- sca

config:
Expand Down Expand Up @@ -106,18 +107,19 @@ steps:
TRIVY_ADDITIONAL_ARGS: ${TRIVY_ADDITIONAL_ARGS---ignore-unfixed}
TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2,ghcr.io/aquasecurity/trivy-db:2
TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db:1,ghcr.io/aquasecurity/trivy-java-db:1
TRIVY_SCANNERS: vuln,secret
run: >
$SETUP_PATH/trivy fs
${TRIVY_ADDITIONAL_ARGS}
--format json
--no-progress
--scanners vuln
--scanners ${TRIVY_SCANNERS}
--skip-version-check
. 2>&1
format: sarif
post-processor:
docker:
image: public.ecr.aws/boostsecurityio/boost-scanner-trivy:fba2c2b@sha256:42514869cb1ad36e13bd51e55523de6a767104094ec9e99391de89835a388dfd
image: public.ecr.aws/boostsecurityio/boost-scanner-trivy:bd6764a@sha256:003d6e55018c4aa334f8c6975cba67886471530fedfd131a612dd7a0d8f96552
command: process
environment:
PYTHONIOENCODING: utf-8
1 change: 1 addition & 0 deletions scanners/boostsecurityio/trivy-fs/rules.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1,3 @@
import:
- boostsecurityio/sca-cve
- boostsecurityio/stored-secrets
6 changes: 4 additions & 2 deletions scanners/boostsecurityio/trivy-image/module.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ id: boostsecurityio/trivy-image
name: Trivy (Image scanning)
namespace: boostsecurityio/trivy-image
scan_types:
- secrets
- sca_container

config:
Expand Down Expand Up @@ -60,18 +61,19 @@ steps:
TRIVY_ADDITIONAL_ARGS: ${TRIVY_ADDITIONAL_ARGS---ignore-unfixed}
TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2,ghcr.io/aquasecurity/trivy-db:2
TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db:1,ghcr.io/aquasecurity/trivy-java-db:1
TRIVY_SCANNERS: vuln,secret
run: >
$SETUP_PATH/trivy image
${TRIVY_ADDITIONAL_ARGS}
--format json
--scanners vuln
--scanners ${TRIVY_SCANNERS}
--skip-version-check
--quiet
${BOOST_IMAGE_NAME}
format: sarif
post-processor:
docker:
image: public.ecr.aws/boostsecurityio/boost-scanner-trivy:fba2c2b@sha256:42514869cb1ad36e13bd51e55523de6a767104094ec9e99391de89835a388dfd
image: public.ecr.aws/boostsecurityio/boost-scanner-trivy:bd6764a@sha256:003d6e55018c4aa334f8c6975cba67886471530fedfd131a612dd7a0d8f96552
command: process
workdir: /code
environment:
Expand Down
2 changes: 2 additions & 0 deletions scanners/boostsecurityio/trivy-image/rules.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
import:
- boostsecurityio/stored-secrets
rules:
cve-unknown:
categories:
Expand Down
Loading