Skip to content

Latest commit

 

History

History
38 lines (30 loc) · 1.16 KB

README.md

File metadata and controls

38 lines (30 loc) · 1.16 KB

pre-commit-trivy

Add this to your pre-commit .pre-commit-config.yaml config.

You can use trivy fs flags to configure Trivy filesytem scans. Insert the required flags in the args field.

You can also use the trivyconfig-docker` to scan for misconfigurations trivy config

trivyfs-docker

pre-commit will use the aquasec/trivy:0.57.1 docker image and run it inside a docker container.

repos:
-   repo: https://github.com/mxab/pre-commit-trivy.git
    rev: v0.14.0
    hooks:
    -   id: trivyfs-docker
        args:
          - --skip-dirs
          - ./tests
          - . # last arg indicates the path/file to scan
    -   id: trivyconfig-docker
        args:
          - --skip-dirs
          - ./tests
          - . # last arg indicates the path/file to scan

Cache

The hook will create a cache directory .pre-commit-trivy-cache in your repo. Add it to the .gitignore.

echo ".pre-commit-trivy-cache" >> .gitignore

Example

You can find a sample use case here https://github.com/mxab/trivy-pre-commit-demo