Skip to main content

Overview

This plugin executes the trivy CLI - it lets you easily analyze your code so you could find misconfigurations and enforce built-in rules. This plugin will install the trivy binary and execute a config command on the given directory. For more information, check out the Trivy Plugin git repository. For an example repository that integrates the Trivy plugin, here.

Inputs

To use the Trivy plugin, you need to pass the following inputs:
  1. version (Required) - the specific version of Trivy you wish to use
  2. directory (Required) - the path to the directory with the IaC code to analyze (the root folder is your project’s root folder)
  3. global-flags (Optional) - a string containing global flags as one string, read more here
  4. flags (Optional) - a string containing additional flags as one string, read more here

Example

In this example, we will run trivy analysis on your root folder before the terraform plan step of the deployment. We will call that step “Execute Trivy”: 
version: 2  
deploy:  
  steps:  
    terraformPlan:  
      before:  
        - name: Execute Trivy # The name that will be presented in the UI for this step  
          use: https://github.com/env0/env0-trivy-plugin
          inputs:  
            version: v0.36.1  
            directory: .  
            global-flags: --format table  
            flags: --exit-code 1