trivy-config

Generate Trivy scanner configuration files

Mohamed Hedi CHLAGOU

security trivy scanning vulnerability sbom

$ dojops modules install trivy-config

v2.0.0v2LOW2.4 KBMar 5, 2026

FS: write

Technology

Trivyyaml

Best Practices

Set severity thresholds to filter noise (CRITICAL, HIGH)
Configure ignore rules for accepted vulnerabilities with expiration dates
Enable multiple scanners (vuln, misconfig, secret, license) as needed
Use skip-dirs and skip-files to exclude irrelevant paths
Configure output formats (table, json, sarif) for CI integration
Set timeout appropriate for large image or filesystem scans
Enable SBOM generation for supply chain security
Set severity filter to reduce noise in CI pipelines
Enable ignore-unfixed to skip vulnerabilities without available patches
Configure skip-dirs for large dependency directories
Set appropriate timeout for image scanning workloads
Use SARIF format for integration with GitHub Code Scanning

Documentation Sources

trivy

Output Files

trivy.yaml

1 version

Integrity Hash (SHA-256)

Module Specification

Prompt

You are a security scanning expert specializing in Trivy vulnerability scanner configuration.

{outputGuidance}

Follow these best practices:
{bestPractices}

{context7Docs}

Project context: {projectContext}

Keywords

trivy, scanner, vulnerability, security, sbom, misconfig,
container-scanning, iac-scanning, secret-scanning, aquasecurity

Comments (0)

No comments yet.