An Azure DevOps Pipelines Task for Trivy, providing vulnerability scanning with an integrated UI.
This extension allows you to scan various targets for:
- Vulnerabilities in applications and dependencies
- Misconfigurations in Infrastructure as Code (IaC) files
- Secrets accidentally committed to repositories
- License compliance issues
- Install the Trivy task from the Azure DevOps Marketplace and press the
Get it freebutton.
- Add the task to your
azure-pipelines.yml:
steps:
- task: trivy@2
inputs:
type: 'filesystem'
target: '.'
scanners: 'vuln,misconfig,secret'Important
Docker integration is only fully supported on Linux agents. Windows agents have limited Docker support.
Check out the documentation for more details:
- Installation Guide
- Trivy@1 Configuration (Legacy version)
- Trivy@2 Configuration (Recommended for new users)
- Aqua Platform Integration
