Add Trivy diff #18

KristianGrafana · 2024-12-10T13:27:41Z

Trivy-diff can output a delta between two scans that has happened on different branches, ideally a target and branch.

Example output:

### New vulnerabilities introduced in branch test-patch compared to main

* CVE-2014-1829, Severity: MEDIUM, Package: requests, Installed: 0.22.0, Fixed: 2.3.0
* CVE-2014-1830, Severity: MEDIUM, Package: requests, Installed: 0.22.0, Fixed: 2.3.0

This action is able to create a Trivy diff between 2 branches (ideally base and target branch upon PR creation) and then comment the delta. This might help engineers from merging code that introduces vulnerabilities in dependencies.

KristianGrafana added 8 commits December 10, 2024 14:18

Action to create Trivy diff between branches

84566b8

This action is able to create a Trivy diff between 2 branches (ideally base and target branch upon PR creation) and then comment the delta. This might help engineers from merging code that introduces vulnerabilities in dependencies.

Add trivy-diff.js

bc8e3f8

Add README.md

25b8373

Rename trivy-diff.yml to action.yml

c9701bc

exit if no vulns are detected

2d639a8

Update README.md

4ef7929

skip install and update in second run

95b912d

Change to checkout action

9e8bbdd

SadFaceSmith approved these changes Mar 21, 2025

View reviewed changes

KristianGrafana merged commit ae33040 into main Mar 21, 2025
1 check passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Add Trivy diff #18

Add Trivy diff #18

Uh oh!

KristianGrafana commented Dec 10, 2024

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Add Trivy diff #18

Add Trivy diff #18

Uh oh!

Conversation

KristianGrafana commented Dec 10, 2024

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants