Skip to content
search

GitHub Action

Trivy Action

v3 Latest version

Trivy Action

search

Trivy Action

Scan docker image vulnerability using Trivy and create GitHub Issue

Installation

Copy and paste the following snippet into your .yml file.

              

- name: Trivy Action

uses: lazy-actions/gitrivy@v3

Learn more about this action in lazy-actions/gitrivy

Choose a version

Gitrivy (GitHub Issue + Trivy Action)

GitHub Workflow Status GitHub Workflow Status GitHub Workflow Status GitHub release (latest by date) LICENSE

This is a GitHub Actions to scan vulnerability using Trivy.
If vulnerabilities are found by Trivy, it creates the following GitHub Issue.

image

Feature

  • Scan vulnerability used by Trivy
  • Create or Update GitHub Issue if vulnerabilities found
    • Customize Issue title, label and assignee
    • Issue body is generated by template parameter

Inputs

Parameter Required Default Value Description
token True N/A GitHub Access Token.
${{ secrets.GITHUB_TOKEN }} is recommended.
image True N/A The target image name to scan the vulnerability
Specify this parameter or IMAGE_NAME environment variable
trivy_version False latest Trivy version
severity False HIGH,CRITICAL Severities of vulnerabilities (separated by commma)
vuln_type False os,library Scan target are os and / or library (separated by commma)
ignore_unfixed False false Ignore unfixed vulnerabilities
Please specify true or false
template False N/A Path to template file
This parameter equals trivy --template option
By default, it uses src/default.tpl which is based on contrib/html.tpl
reference: Report Formats - Trivy
issue_title False Security Alert Issue title
issue_label False trivy,vulnerability Issue label (separated by commma)
issue_assignee False N/A Issue assignee (separated by commma)
fail_on_vulnerabilities False false Whether the action should fail if any vulnerabilities were found.

Outputs

Parameter Description
html_url The URL to view the issue
issue_number The created issue number

Example

Detect your docker image vulnerability everyday at 9:00 (UTC).

name: Vulnerability Scan

on:
  schedule:
    - cron: '0 9 * * *'

jobs:
  scan:
    name: Daily Vulnerability Scan
    runs-on: ubuntu-latest
    steps:
      - name: Pull docker image
        run: docker pull sample

      - uses: lazy-actions/gitrivy@v3
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          image: sample