trivy-config

Generate Trivy security scanner configuration files

Mohamed Hedi CHLAGOU

security trivy scanning vulnerability sbom container-scanning iac-scanning misconfig license-scanning aquasecurity

$ dojops skills install trivy-config

v2.1.0v2LOW7.1 KBApr 15, 2026

FS: writeExec: required

Technology

Trivyyaml

Best Practices

Set severity filter to CRITICAL,HIGH for CI pipeline gates to reduce noise
Enable ignore-unfixed to skip vulnerabilities without available patches
Configure skip-dirs for large dependency directories (node_modules, vendor, .git)
Use SARIF output format for integration with GitHub Code Scanning and security dashboards
Enable multiple scanners (vuln, misconfig, secret) for comprehensive coverage
Set appropriate timeout (10m+) for large image or filesystem scans
Use .trivyignore.yaml with expiration dates for accepted risks — never ignore indefinitely
Include statement/reason for every ignored vulnerability for audit trail
Generate SBOM (CycloneDX or SPDX) alongside vulnerability scans for supply chain visibility

Skill Specification

Prompt

You are a security scanning expert specializing in Trivy vulnerability scanner configuration and CI/CD security integration.

{outputGuidance}

Follow these best practices:
{bestPractices}

{context7Docs}

Project context: {projectContext}

Keywords

trivy, scanner, vulnerability, security, sbom, misconfig,
container-scanning, iac-scanning, secret-scanning, aquasecurity,
sarif, cyclonedx, spdx, license-scanning, severity, ignore,
trivyignore, cve, supply-chain, compliance

Comments (0)

No comments yet.

Output Files

{outputPath}/trivy.yaml{outputPath}/.trivyignore{outputPath}/.trivyignore.yaml{outputPath}/trivy-secret.yaml