Skip to content
/ trivy-maven-plugin Public

This is a Maven plugin developed to simplify the process of scanning Docker images for vulnerabilities using Trivy.

11 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

orladigital/trivy-maven-plugin

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

30 Commits

.github

.github

 
 

docs

docs

 
 

src

src

 
 

.gitignore

.gitignore

 
 

Dockerfile

Dockerfile

 
 

README.md

README.md

 
 

pom.xml

pom.xml

 
 

Repository files navigation

trivy-maven-plugin

This is a Maven plugin developed to simplify the process of scanning Docker images for vulnerabilities using Trivy.

This plugin utilizes Trivy as a security tool, operating in the background to enhance the protection and reliability of our software. Trivy is an open-source vulnerability analysis tool developed by AquaSecurity.

CI

maven-trivy-plugin

About the Plugin

The plugin has been created to streamline the task of performing Docker image scans for security vulnerabilities using the Trivy tool.

With this plugin, you can easily integrate security analysis into your Maven development workflow, enabling early detection of potential vulnerabilities in your Docker images.

Prerequisites

Before using this plugin, please ensure that Docker is installed on your system.

The plugin relies on Docker for scanning Docker images.

And Java 11 +

Usage

Add the Maven plugin to your project's pom.xml file, specifying the required configurations.

<plugin>
    <groupId>tech.orla</groupId>
    <artifactId>trivy-maven-plugin</artifactId>
    <version>${LATEST_VERSION}</version>
    <configuration>
        <vulnType>os,library</vulnType>
        <severity>HIGH,CRITICAL</severity>
        <ignoreUnfixed>true</ignoreUnfixed>
        <trivyVersion>v0.49.1</trivyVersion>
    </configuration>
    <executions>
        <execution>
            <goals>
                <goal>trivy-scan</goal>
            </goals>
        </execution>
    </executions>
</plugin>

Run the appropriate Maven command to perform Docker image scanning using the plugin. For example, mvn tech.orla:trivy-maven-plugin:trivy-scan

Configuration

The plugin provides the following basic configuration:

  • dockerFilePath: path to the Dockerfile. Default: current directory.
  • vulnType: vulnerability types to be analyzed. Default: all vulnerabilities.
  • severity: minimum severity of vulnerabilities to be displayed. Default: all severities.
  • ignoreUnfixed: ignore unfixed vulnerabilities. Default: false.
  • trivyVersion: choose trivy version. Default: v0.49.1.

Contributing

Contributions are welcome! Feel free to fork this repository, create a branch, make the desired changes, and submit a pull request.

License

This plugin is licensed under the Apache License 2.0

About

This is a Maven plugin developed to simplify the process of scanning Docker images for vulnerabilities using Trivy.

Topics

java docker containers maven-plugin dockerimage vulnerability-scanners security-tools trivy trivy-scan

Resources

Readme
Activity
Custom properties

Stars

11 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases 2

v1.0.1 Latest
Apr 13, 2024
+ 1 release

Packages

No packages published

Contributors 2

Languages