Trivy is a comprehensive, easy-to-use security scanner that identifies vulnerabilities (CVEs), secrets, and misconfigurations in container images, filesystems, and Git repositories.

Does it support CI/CD integration?

Absolutely. It includes patterns for generating SARIF and JSON outputs and using exit codes to fail builds based on security findings.

Can this skill help me fix vulnerabilities?

Yes, the skill provides guidance on identifying 'fixed' versions in scan outputs and helps prioritize remediation by filtering for high-severity issues with available patches.

How do I speed up Trivy scans using this skill?

The skill recommends performance options such as using '--skip-db-update' for cached databases and '--scanners vuln' to bypass secret scanning when only vulnerability checks are needed.

Does it work with Node.js projects?

Yes, it specifically supports scanning package.json, package-lock.json, yarn.lock, and pnpm-lock.yaml to detect vulnerabilities in your project dependencies.

Trivy Security Scanner

Name: Trivy Security Scanner
Author: plinde

byplinde

•

安全与测试

Scans container images, filesystems, and repositories for vulnerabilities and security misconfigurations using Trivy.

关于

The Trivy skill empowers Claude to perform deep security analysis by scanning container images, Node.js filesystems, and remote repositories for known vulnerabilities (CVEs). It provides a comprehensive framework for security auditing, allowing users to compare vulnerabilities across different image versions, interpret complex scan results, and automate batch scanning. With built-in support for filtering by severity, identifying fixed versions, and generating CI/CD-ready outputs like JSON and SARIF, this skill is essential for maintaining a robust security posture throughout the development lifecycle.

主要功能

1 GitHub stars
Automated version comparison to track security changes between releases
Optimized scanning patterns to reduce latency and database update times
Advanced CVE filtering by severity levels and remediation status
Multi-target scanning for container images, filesystems, and Git repositories
Support for multiple output formats including Table, JSON, and SARIF

使用场景

Tracking specific CVEs across different software versions to verify security patches
Integrating automated security checks into CI/CD pipelines to block insecure builds
Auditing container images for Critical and High vulnerabilities before production deployment

关于

主要功能

1 GitHub stars
Automated version comparison to track security changes between releases
Optimized scanning patterns to reduce latency and database update times
Advanced CVE filtering by severity levels and remediation status
Multi-target scanning for container images, filesystems, and Git repositories
Support for multiple output formats including Table, JSON, and SARIF

使用场景

Tracking specific CVEs across different software versions to verify security patches
Integrating automated security checks into CI/CD pipelines to block insecure builds
Auditing container images for Critical and High vulnerabilities before production deployment