Integrate Trivy IaC scanning with Vulnetix. Use trivy config to detect misconfigurations across Terraform, CloudFormation, Kubernetes manifests, Helm charts, ARM, and Dockerfiles.
CLI toolSARIFJSONCycloneDX
Install & scan
$ # Homebrew (macOS/Linux) brew install trivy # Install script (Linux) curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sudo sh -s -- -b /usr/local/bin # Debian/Ubuntu sudo apt-get install wget gnupg wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | gpg --dearmor | sudo tee /usr/share/keyrings/trivy.gpg > /dev/null echo "deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb generic main" | sudo tee /etc/apt/sources.list.d/trivy.list sudo apt-get update && sudo apt-get install trivy $ trivy config . --format sarif --output trivy-iac.sarif
Run Trivy IaC in CI
Scan on every push and upload the results to Vulnetix:
- name: Trivy IaC scan
uses: aquasecurity/trivy-action@master
with:
scan-type: 'config'
scan-ref: '.'
format: 'sarif'
output: 'trivy-iac.sarif'
severity: 'CRITICAL,HIGH,MEDIUM'
- name: Upload to Vulnetix
run: vulnetix upload --file trivy-iac.sarif
Centralise Trivy IaC results in Vulnetix
Upload Trivy IaC SARIF, JSON, CycloneDX output to the Vulnetix platform to deduplicate findings, prioritise them with EPSS, CISA KEV and Coalition ESS exploit intelligence, and track remediation across every scanner in a single queue.