gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-23 07:29:00 -08:00
Code Issues Packages Projects Releases Wiki Activity
Files
780618ebae92ae3af6c272b8a1f9db089f5d56ba
trivy/v0.68/tutorials/integrations/gitlab-ci/index.html

8429 lines
138 KiB
HTML
Raw Blame History

<!doctype html>
<html lang="en" class="no-js">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<meta name="description" content="Trivy - All-in-one open source security scanner">
<link rel="canonical" href="https://trivy.dev/v0.68/tutorials/integrations/gitlab-ci/">
<link rel="prev" href="../travis-ci/">
<link rel="next" href="../bitbucket/">
<link rel="icon" href="../../../assets/images/favicon.png">
<meta name="generator" content="mkdocs-1.6.1, mkdocs-material-9.5.44+insiders-4.53.14">
<title>GitLab CI - Trivy</title>
<link rel="stylesheet" href="../../../assets/stylesheets/main.12320a83.min.css">
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Inter:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback">
<style>:root{--md-text-font:"Inter";--md-code-font:"Roboto Mono"}</style>
<script>__md_scope=new URL("../../..",location),__md_hash=e=>[...e].reduce(((e,_)=>(e<<5)-e+_.charCodeAt(0)),0),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script>
<script id="__analytics">function __md_analytics(){function e(){dataLayer.push(arguments)}window.dataLayer=window.dataLayer||[],e("js",new Date),e("config","G-V9LJGFH7GX"),document.addEventListener("DOMContentLoaded",(function(){document.forms.search&&document.forms.search.query.addEventListener("blur",(function(){this.value&&e("event","search",{search_term:this.value})}));document$.subscribe((function(){var t=document.forms.feedback;if(void 0!==t)for(var a of t.querySelectorAll("[type=submit]"))a.addEventListener("click",(function(a){a.preventDefault();var n=document.location.pathname,d=this.getAttribute("data-md-value");e("event","feedback",{page:n,data:d}),t.firstElementChild.disabled=!0;var r=t.querySelector(".md-feedback__note [data-md-value='"+d+"']");r&&(r.hidden=!1)})),t.hidden=!1})),location$.subscribe((function(t){e("config","G-V9LJGFH7GX",{page_path:t.pathname})}))}));var t=document.createElement("script");t.async=!0,t.src="https://www.googletagmanager.com/gtag/js?id=G-V9LJGFH7GX",document.getElementById("__analytics").insertAdjacentElement("afterEnd",t)}</script>
<script>"undefined"!=typeof __md_analytics&&__md_analytics()</script>
<meta property="og:type" content="website" />
<meta property="og:title" content="Trivy - GitLab CI" />
<meta property="og:description" content="Trivy - All-in-one open source security scanner" />
<meta property="og:url" content="https://trivy.dev/v0.68/tutorials/integrations/gitlab-ci/" />
<meta property="og:image" content="https://trivy.dev/v0.68assets/images/illustrations/banner.png" />
<meta property="og:image:type" content="image/png" />
<meta property="og:image:width" content="1080" />
<meta property="og:image:height" content="568" />
<style>
:root{
--md-primary-fg-color:#0a0b23;
}
.md-typeset a{
color:#10147e;
}
</style>
</head>
<body dir="ltr">
<input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
<label class="md-overlay" for="__drawer"></label>
<div data-md-component="skip">
<a href="#gitlab-ci" class="md-skip">
Skip to content
</a>
</div>
<div data-md-component="announce">
</div>
<div data-md-color-scheme="default" data-md-component="outdated" hidden>
<aside class="md-banner md-banner--warning">
<div class="md-banner__inner md-grid md-typeset">
You're not viewing the latest version of the documentation.
<a href="../../../..">
<strong>Click here to go to latest.</strong>
</a>
</div>
<script>var el=document.querySelector("[data-md-component=outdated]"),outdated=__md_get("__outdated",sessionStorage);!0===outdated&&el&&(el.hidden=!1)</script>
</aside>
</div>
<header class="md-header md-header--shadow md-header--lifted" data-md-component="header">
<nav class="md-header__inner md-grid" aria-label="Header">
<a href="../../.." title="Trivy" class="md-header__button md-logo" aria-label="Trivy" data-md-component="logo">
<img src="../../../imgs/logo-white.svg" alt="logo">
</a>
<label class="md-header__button md-icon" for="__drawer">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 6h18v2H3zm0 5h18v2H3zm0 5h18v2H3z"/></svg>
</label>
<div class="md-header__title" data-md-component="header-title">
<div class="md-header__ellipsis">
<div class="md-header__topic">
<span class="md-ellipsis">
Trivy
</span>
</div>
<div class="md-header__topic" data-md-component="header-topic">
<span class="md-ellipsis">
GitLab CI
</span>
</div>
</div>
</div>
<script>var palette=__md_get("__palette");if(palette&&palette.color){if("(prefers-color-scheme)"===palette.color.media){var media=matchMedia("(prefers-color-scheme: light)"),input=document.querySelector(media.matches?"[data-md-color-media='(prefers-color-scheme: light)']":"[data-md-color-media='(prefers-color-scheme: dark)']");palette.color.media=input.getAttribute("data-md-color-media"),palette.color.scheme=input.getAttribute("data-md-color-scheme"),palette.color.primary=input.getAttribute("data-md-color-primary"),palette.color.accent=input.getAttribute("data-md-color-accent")}for(var[key,value]of Object.entries(palette.color))document.body.setAttribute("data-md-color-"+key,value)}</script>
<label class="md-header__button md-icon" for="__search">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg>
</label>
<div class="md-search" data-md-component="search" role="dialog">
<label class="md-search__overlay" for="__search"></label>
<div class="md-search__inner" role="search">
<form class="md-search__form" name="search">
<input type="text" class="md-search__input" name="query" aria-label="Search" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="search-query" required>
<label class="md-search__icon md-icon" for="__search">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11z"/></svg>
</label>
<nav class="md-search__options" aria-label="Search">
<button type="reset" class="md-search__icon md-icon" title="Clear" aria-label="Clear" tabindex="-1">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12z"/></svg>
</button>
</nav>
</form>
<div class="md-search__output">
<div class="md-search__scrollwrap" tabindex="0" data-md-scrollfix>
<div class="md-search-result" data-md-component="search-result">
<div class="md-search-result__meta">
Initializing search
</div>
<ol class="md-search-result__list" role="presentation"></ol>
</div>
</div>
</div>
</div>
</div>
<div class="md-header__source">
<a href="https://github.com/aquasecurity/trivy" title="Go to repository" class="md-source" data-md-component="source">
<div class="md-source__icon md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 6.6.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc.--><path d="M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81"/></svg>
</div>
<div class="md-source__repository">
GitHub
</div>
</a>
</div>
</nav>
<nav class="md-tabs" aria-label="Tabs" data-md-component="tabs">
<div class="md-grid">
<ul class="md-tabs__list">
<li class="md-tabs__item">
<a href="../../.." class="md-tabs__link">
Home
</a>
</li>
<li class="md-tabs__item">
<a href="../../../getting-started/" class="md-tabs__link">
Getting Started
</a>
</li>
<li class="md-tabs__item md-tabs__item--active">
<a href="../../overview/" class="md-tabs__link">
Tutorials
</a>
</li>
<li class="md-tabs__item">
<a href="../../../guide/" class="md-tabs__link">
User Guide
</a>
</li>
<li class="md-tabs__item">
<a href="../../../ecosystem/" class="md-tabs__link">
Ecosystem
</a>
</li>
<li class="md-tabs__item">
<a href="../../../community/principles/" class="md-tabs__link">
Contributing
</a>
</li>
<li class="md-tabs__item">
<a href="../../../commercial/compare/" class="md-tabs__link">
Enterprise
</a>
</li>
</ul>
</div>
</nav>
</header>
<div class="md-container" data-md-component="container">
<main class="md-main" data-md-component="main">
<div class="md-main__inner md-grid">
<div class="md-sidebar md-sidebar--primary" data-md-component="sidebar" data-md-type="navigation" >
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--primary md-nav--lifted" aria-label="Navigation" data-md-level="0">
<label class="md-nav__title" for="__drawer">
<a href="../../.." title="Trivy" class="md-nav__button md-logo" aria-label="Trivy" data-md-component="logo">
<img src="../../../imgs/logo-white.svg" alt="logo">
</a>
Trivy
</label>
<div class="md-nav__source">
<a href="https://github.com/aquasecurity/trivy" title="Go to repository" class="md-source" data-md-component="source">
<div class="md-source__icon md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 6.6.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc.--><path d="M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81"/></svg>
</div>
<div class="md-source__repository">
GitHub
</div>
</a>
</div>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../.." class="md-nav__link">
<span class="md-ellipsis">
Home
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_2" >
<label class="md-nav__link" for="__nav_2" id="__nav_2_label" tabindex="0">
<span class="md-ellipsis">
Getting Started
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_2_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_2">
<span class="md-nav__icon md-icon"></span>
Getting Started
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../getting-started/" class="md-nav__link">
<span class="md-ellipsis">
First steps
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../getting-started/installation/" class="md-nav__link">
<span class="md-ellipsis">
Installation
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../getting-started/signature-verification/" class="md-nav__link">
<span class="md-ellipsis">
Signature Verification
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../getting-started/faq/" class="md-nav__link">
<span class="md-ellipsis">
FAQ
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--active md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3" checked>
<label class="md-nav__link" for="__nav_3" id="__nav_3_label" tabindex="">
<span class="md-ellipsis">
Tutorials
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_3_label" aria-expanded="true">
<label class="md-nav__title" for="__nav_3">
<span class="md-nav__icon md-icon"></span>
Tutorials
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../overview/" class="md-nav__link">
<span class="md-ellipsis">
Overview
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--active md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3_2" checked>
<label class="md-nav__link" for="__nav_3_2" id="__nav_3_2_label" tabindex="">
<span class="md-ellipsis">
CI/CD
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_3_2_label" aria-expanded="true">
<label class="md-nav__title" for="__nav_3_2">
<span class="md-nav__icon md-icon"></span>
CI/CD
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../" class="md-nav__link">
<span class="md-ellipsis">
Overview
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../github-actions/" class="md-nav__link">
<span class="md-ellipsis">
GitHub Actions
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../circleci/" class="md-nav__link">
<span class="md-ellipsis">
CircleCI
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../travis-ci/" class="md-nav__link">
<span class="md-ellipsis">
Travis CI
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--active">
<input class="md-nav__toggle md-toggle" type="checkbox" id="__toc">
<label class="md-nav__link md-nav__link--active" for="__toc">
<span class="md-ellipsis">
GitLab CI
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<a href="./" class="md-nav__link md-nav__link--active">
<span class="md-ellipsis">
GitLab CI
</span>
</a>
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
<label class="md-nav__title" for="__toc">
<span class="md-nav__icon md-icon"></span>
Table of contents
</label>
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
<li class="md-nav__item">
<a href="#gitlab-ci-using-trivy-container" class="md-nav__link">
<span class="md-ellipsis">
GitLab CI using Trivy container
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#gitlab-ci-alternative-template" class="md-nav__link">
<span class="md-ellipsis">
GitLab CI alternative template
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#gitlab-ci-alternative-template-example-report" class="md-nav__link">
<span class="md-ellipsis">
GitLab CI alternative template example report
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../bitbucket/" class="md-nav__link">
<span class="md-ellipsis">
Bitbucket Pipelines
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../aws-codepipeline/" class="md-nav__link">
<span class="md-ellipsis">
AWS CodePipeline
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../aws-security-hub/" class="md-nav__link">
<span class="md-ellipsis">
AWS Security Hub
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../azure-devops/" class="md-nav__link">
<span class="md-ellipsis">
Azure
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3_3" >
<label class="md-nav__link" for="__nav_3_3" id="__nav_3_3_label" tabindex="">
<span class="md-ellipsis">
Kubernetes
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_3_3_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_3_3">
<span class="md-nav__icon md-icon"></span>
Kubernetes
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../kubernetes/cluster-scanning/" class="md-nav__link">
<span class="md-ellipsis">
Cluster Scanning
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../kubernetes/kyverno/" class="md-nav__link">
<span class="md-ellipsis">
Kyverno
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../kubernetes/gitops/" class="md-nav__link">
<span class="md-ellipsis">
GitOps
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3_4" >
<label class="md-nav__link" for="__nav_3_4" id="__nav_3_4_label" tabindex="">
<span class="md-ellipsis">
Misconfiguration
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_3_4_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_3_4">
<span class="md-nav__icon md-icon"></span>
Misconfiguration
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../misconfiguration/terraform/" class="md-nav__link">
<span class="md-ellipsis">
Terraform scanning
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../misconfiguration/custom-checks/" class="md-nav__link">
<span class="md-ellipsis">
Custom Checks with Rego
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3_5" >
<label class="md-nav__link" for="__nav_3_5" id="__nav_3_5_label" tabindex="">
<span class="md-ellipsis">
Signing
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_3_5_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_3_5">
<span class="md-nav__icon md-icon"></span>
Signing
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../signing/vuln-attestation/" class="md-nav__link">
<span class="md-ellipsis">
Vulnerability Scan Record Attestation
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3_6" >
<label class="md-nav__link" for="__nav_3_6" id="__nav_3_6_label" tabindex="">
<span class="md-ellipsis">
Shell
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_3_6_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_3_6">
<span class="md-nav__icon md-icon"></span>
Shell
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../shell/shell-completion/" class="md-nav__link">
<span class="md-ellipsis">
Completion
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3_7" >
<label class="md-nav__link" for="__nav_3_7" id="__nav_3_7_label" tabindex="">
<span class="md-ellipsis">
Additional Resources
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_3_7_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_3_7">
<span class="md-nav__icon md-icon"></span>
Additional Resources
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../additional-resources/references/" class="md-nav__link">
<span class="md-ellipsis">
Additional Resources
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../additional-resources/community/" class="md-nav__link">
<span class="md-ellipsis">
Community References
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../additional-resources/cks/" class="md-nav__link">
<span class="md-ellipsis">
CKS Reference
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4" >
<label class="md-nav__link" for="__nav_4" id="__nav_4_label" tabindex="0">
<span class="md-ellipsis">
User Guide
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_4_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4">
<span class="md-nav__icon md-icon"></span>
User Guide
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../guide/" class="md-nav__link">
<span class="md-ellipsis">
Overview
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_2" >
<label class="md-nav__link" for="__nav_4_2" id="__nav_4_2_label" tabindex="0">
<span class="md-ellipsis">
Target
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_4_2_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_2">
<span class="md-nav__icon md-icon"></span>
Target
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../guide/target/container_image/" class="md-nav__link">
<span class="md-ellipsis">
Container Image
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/target/filesystem/" class="md-nav__link">
<span class="md-ellipsis">
Filesystem
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/target/rootfs/" class="md-nav__link">
<span class="md-ellipsis">
Rootfs
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/target/repository/" class="md-nav__link">
<span class="md-ellipsis">
Code Repository
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/target/vm/" class="md-nav__link">
<span class="md-ellipsis">
Virtual Machine Image
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/target/kubernetes/" class="md-nav__link">
<span class="md-ellipsis">
Kubernetes
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/target/sbom/" class="md-nav__link">
<span class="md-ellipsis">
SBOM
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_3" >
<label class="md-nav__link" for="__nav_4_3" id="__nav_4_3_label" tabindex="0">
<span class="md-ellipsis">
Scanner
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_4_3_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_3">
<span class="md-nav__icon md-icon"></span>
Scanner
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../guide/scanner/vulnerability/" class="md-nav__link">
<span class="md-ellipsis">
Vulnerability
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_3_2" >
<label class="md-nav__link" for="__nav_4_3_2" id="__nav_4_3_2_label" tabindex="0">
<span class="md-ellipsis">
Misconfiguration
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="3" aria-labelledby="__nav_4_3_2_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_3_2">
<span class="md-nav__icon md-icon"></span>
Misconfiguration
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../guide/scanner/misconfiguration/" class="md-nav__link">
<span class="md-ellipsis">
Overview
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/scanner/misconfiguration/config/config/" class="md-nav__link">
<span class="md-ellipsis">
Configuration
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_3_2_3" >
<label class="md-nav__link" for="__nav_4_3_2_3" id="__nav_4_3_2_3_label" tabindex="0">
<span class="md-ellipsis">
Policy
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="4" aria-labelledby="__nav_4_3_2_3_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_3_2_3">
<span class="md-nav__icon md-icon"></span>
Policy
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../guide/scanner/misconfiguration/check/builtin/" class="md-nav__link">
<span class="md-ellipsis">
Built-in Checks
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_3_2_4" >
<label class="md-nav__link" for="__nav_4_3_2_4" id="__nav_4_3_2_4_label" tabindex="0">
<span class="md-ellipsis">
Custom Checks
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="4" aria-labelledby="__nav_4_3_2_4_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_3_2_4">
<span class="md-nav__icon md-icon"></span>
Custom Checks
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../guide/scanner/misconfiguration/custom/" class="md-nav__link">
<span class="md-ellipsis">
Overview
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/scanner/misconfiguration/custom/data/" class="md-nav__link">
<span class="md-ellipsis">
Data
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/scanner/misconfiguration/custom/combine/" class="md-nav__link">
<span class="md-ellipsis">
Combine
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/scanner/misconfiguration/custom/selectors/" class="md-nav__link">
<span class="md-ellipsis">
Selectors
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/scanner/misconfiguration/custom/schema/" class="md-nav__link">
<span class="md-ellipsis">
Schemas
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/scanner/misconfiguration/custom/testing/" class="md-nav__link">
<span class="md-ellipsis">
Testing
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/scanner/misconfiguration/custom/debug/" class="md-nav__link">
<span class="md-ellipsis">
Debugging Policies
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/scanner/misconfiguration/custom/contribute-checks/" class="md-nav__link">
<span class="md-ellipsis">
Contribute Checks
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../../../guide/scanner/secret/" class="md-nav__link">
<span class="md-ellipsis">
Secret
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/scanner/license/" class="md-nav__link">
<span class="md-ellipsis">
License
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_4" >
<label class="md-nav__link" for="__nav_4_4" id="__nav_4_4_label" tabindex="0">
<span class="md-ellipsis">
Coverage
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_4_4_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_4">
<span class="md-nav__icon md-icon"></span>
Coverage
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../guide/coverage/" class="md-nav__link">
<span class="md-ellipsis">
Overview
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_4_2" >
<label class="md-nav__link" for="__nav_4_4_2" id="__nav_4_4_2_label" tabindex="0">
<span class="md-ellipsis">
OS
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="3" aria-labelledby="__nav_4_4_2_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_4_2">
<span class="md-nav__icon md-icon"></span>
OS
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../guide/coverage/os/" class="md-nav__link">
<span class="md-ellipsis">
Overview
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/coverage/os/alma/" class="md-nav__link">
<span class="md-ellipsis">
AlmaLinux
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/coverage/os/alpine/" class="md-nav__link">
<span class="md-ellipsis">
Alpine Linux
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/coverage/os/amazon/" class="md-nav__link">
<span class="md-ellipsis">
Amazon Linux
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/coverage/os/azure/" class="md-nav__link">
<span class="md-ellipsis">
Azure Linux (CBL-Mariner)
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/coverage/os/bottlerocket/" class="md-nav__link">
<span class="md-ellipsis">
Bottlerocket
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/coverage/os/centos/" class="md-nav__link">
<span class="md-ellipsis">
CentOS
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/coverage/os/chainguard/" class="md-nav__link">
<span class="md-ellipsis">
Chainguard
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/coverage/os/coreos/" class="md-nav__link">
<span class="md-ellipsis">
CoreOS
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/coverage/os/debian/" class="md-nav__link">
<span class="md-ellipsis">
Debian
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/coverage/os/echo/" class="md-nav__link">
<span class="md-ellipsis">
Echo
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/coverage/os/minimos/" class="md-nav__link">
<span class="md-ellipsis">
MinimOS
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/coverage/os/oracle/" class="md-nav__link">
<span class="md-ellipsis">
Oracle Linux
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/coverage/os/photon/" class="md-nav__link">
<span class="md-ellipsis">
Photon OS
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/coverage/os/rhel/" class="md-nav__link">
<span class="md-ellipsis">
Red Hat
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/coverage/os/rocky/" class="md-nav__link">
<span class="md-ellipsis">
Rocky Linux
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/coverage/os/suse/" class="md-nav__link">
<span class="md-ellipsis">
SUSE
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/coverage/os/ubuntu/" class="md-nav__link">
<span class="md-ellipsis">
Ubuntu
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/coverage/os/wolfi/" class="md-nav__link">
<span class="md-ellipsis">
Wolfi
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/coverage/os/google-distroless/" class="md-nav__link">
<span class="md-ellipsis">
Google Distroless (Images)
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_4_3" >
<label class="md-nav__link" for="__nav_4_4_3" id="__nav_4_4_3_label" tabindex="0">
<span class="md-ellipsis">
Language
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="3" aria-labelledby="__nav_4_4_3_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_4_3">
<span class="md-nav__icon md-icon"></span>
Language
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../guide/coverage/language/" class="md-nav__link">
<span class="md-ellipsis">
Overview
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/coverage/language/c/" class="md-nav__link">
<span class="md-ellipsis">
C/C++
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/coverage/language/dart/" class="md-nav__link">
<span class="md-ellipsis">
Dart
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/coverage/language/dotnet/" class="md-nav__link">
<span class="md-ellipsis">
.NET
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/coverage/language/elixir/" class="md-nav__link">
<span class="md-ellipsis">
Elixir
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/coverage/language/golang/" class="md-nav__link">
<span class="md-ellipsis">
Go
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/coverage/language/java/" class="md-nav__link">
<span class="md-ellipsis">
Java
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/coverage/language/nodejs/" class="md-nav__link">
<span class="md-ellipsis">
Node.js
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/coverage/language/php/" class="md-nav__link">
<span class="md-ellipsis">
PHP
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/coverage/language/python/" class="md-nav__link">
<span class="md-ellipsis">
Python
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/coverage/language/ruby/" class="md-nav__link">
<span class="md-ellipsis">
Ruby
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/coverage/language/rust/" class="md-nav__link">
<span class="md-ellipsis">
Rust
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/coverage/language/swift/" class="md-nav__link">
<span class="md-ellipsis">
Swift
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/coverage/language/julia/" class="md-nav__link">
<span class="md-ellipsis">
Julia
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_4_4" >
<label class="md-nav__link" for="__nav_4_4_4" id="__nav_4_4_4_label" tabindex="0">
<span class="md-ellipsis">
IaC
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="3" aria-labelledby="__nav_4_4_4_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_4_4">
<span class="md-nav__icon md-icon"></span>
IaC
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../guide/coverage/iac/" class="md-nav__link">
<span class="md-ellipsis">
Overview
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/coverage/iac/azure-arm/" class="md-nav__link">
<span class="md-ellipsis">
Azure ARM Template
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/coverage/iac/cloudformation/" class="md-nav__link">
<span class="md-ellipsis">
CloudFormation
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/coverage/iac/docker/" class="md-nav__link">
<span class="md-ellipsis">
Docker
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/coverage/iac/helm/" class="md-nav__link">
<span class="md-ellipsis">
Helm
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/coverage/iac/kubernetes/" class="md-nav__link">
<span class="md-ellipsis">
Kubernetes
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/coverage/iac/terraform/" class="md-nav__link">
<span class="md-ellipsis">
Terraform
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_4_5" >
<label class="md-nav__link" for="__nav_4_4_5" id="__nav_4_4_5_label" tabindex="0">
<span class="md-ellipsis">
Others
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="3" aria-labelledby="__nav_4_4_5_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_4_5">
<span class="md-nav__icon md-icon"></span>
Others
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../guide/coverage/others/" class="md-nav__link">
<span class="md-ellipsis">
Overview
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/coverage/others/bitnami/" class="md-nav__link">
<span class="md-ellipsis">
Bitnami Images
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/coverage/others/conda/" class="md-nav__link">
<span class="md-ellipsis">
Conda
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/coverage/others/rootio/" class="md-nav__link">
<span class="md-ellipsis">
Root.io Images
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/coverage/others/seal/" class="md-nav__link">
<span class="md-ellipsis">
Seal Security
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/coverage/others/rpm/" class="md-nav__link">
<span class="md-ellipsis">
RPM Archives
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../../../guide/coverage/kubernetes/" class="md-nav__link">
<span class="md-ellipsis">
Kubernetes
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_5" >
<label class="md-nav__link" for="__nav_4_5" id="__nav_4_5_label" tabindex="0">
<span class="md-ellipsis">
Configuration
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_4_5_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_5">
<span class="md-nav__icon md-icon"></span>
Configuration
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../guide/configuration/" class="md-nav__link">
<span class="md-ellipsis">
Overview
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/configuration/filtering/" class="md-nav__link">
<span class="md-ellipsis">
Filtering
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/configuration/skipping/" class="md-nav__link">
<span class="md-ellipsis">
Selecting Files
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/configuration/reporting/" class="md-nav__link">
<span class="md-ellipsis">
Reporting
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/configuration/cache/" class="md-nav__link">
<span class="md-ellipsis">
Cache
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/configuration/db/" class="md-nav__link">
<span class="md-ellipsis">
Databases
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/configuration/others/" class="md-nav__link">
<span class="md-ellipsis">
Others
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_6" >
<label class="md-nav__link" for="__nav_4_6" id="__nav_4_6_label" tabindex="0">
<span class="md-ellipsis">
Supply Chain
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_4_6_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_6">
<span class="md-nav__icon md-icon"></span>
Supply Chain
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../guide/supply-chain/sbom/" class="md-nav__link">
<span class="md-ellipsis">
SBOM
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_6_2" >
<label class="md-nav__link" for="__nav_4_6_2" id="__nav_4_6_2_label" tabindex="0">
<span class="md-ellipsis">
Attestation
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="3" aria-labelledby="__nav_4_6_2_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_6_2">
<span class="md-nav__icon md-icon"></span>
Attestation
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../guide/supply-chain/attestation/sbom/" class="md-nav__link">
<span class="md-ellipsis">
SBOM
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/supply-chain/attestation/vuln/" class="md-nav__link">
<span class="md-ellipsis">
Cosign Vulnerability Scan Record
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/supply-chain/attestation/rekor/" class="md-nav__link">
<span class="md-ellipsis">
SBOM Attestation in Rekor
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_6_3" >
<label class="md-nav__link" for="__nav_4_6_3" id="__nav_4_6_3_label" tabindex="0">
<span class="md-ellipsis">
VEX
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="3" aria-labelledby="__nav_4_6_3_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_6_3">
<span class="md-nav__icon md-icon"></span>
VEX
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../guide/supply-chain/vex/" class="md-nav__link">
<span class="md-ellipsis">
Overview
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/supply-chain/vex/repo/" class="md-nav__link">
<span class="md-ellipsis">
VEX Repository
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/supply-chain/vex/file/" class="md-nav__link">
<span class="md-ellipsis">
Local VEX Files
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/supply-chain/vex/sbom-ref/" class="md-nav__link">
<span class="md-ellipsis">
VEX SBOM Reference
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/supply-chain/vex/oci/" class="md-nav__link">
<span class="md-ellipsis">
VEX Attestation
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_7" >
<label class="md-nav__link" for="__nav_4_7" id="__nav_4_7_label" tabindex="0">
<span class="md-ellipsis">
Compliance
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_4_7_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_7">
<span class="md-nav__icon md-icon"></span>
Compliance
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../guide/compliance/compliance/" class="md-nav__link">
<span class="md-ellipsis">
Built-in Compliance
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/compliance/contrib-compliance/" class="md-nav__link">
<span class="md-ellipsis">
Custom Compliance
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_8" >
<label class="md-nav__link" for="__nav_4_8" id="__nav_4_8_label" tabindex="0">
<span class="md-ellipsis">
Plugins
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_4_8_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_8">
<span class="md-nav__icon md-icon"></span>
Plugins
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../guide/plugin/" class="md-nav__link">
<span class="md-ellipsis">
Overview
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/plugin/user-guide/" class="md-nav__link">
<span class="md-ellipsis">
User guide
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/plugin/developer-guide/" class="md-nav__link">
<span class="md-ellipsis">
Developer guide
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_9" >
<label class="md-nav__link" for="__nav_4_9" id="__nav_4_9_label" tabindex="0">
<span class="md-ellipsis">
Advanced
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_4_9_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_9">
<span class="md-nav__icon md-icon"></span>
Advanced
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../guide/advanced/modules/" class="md-nav__link">
<span class="md-ellipsis">
Modules
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/advanced/air-gap/" class="md-nav__link">
<span class="md-ellipsis">
Connectivity and Network considerations
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/advanced/self-hosting/" class="md-nav__link">
<span class="md-ellipsis">
Self-Hosting Trivy's Databases
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_9_4" >
<label class="md-nav__link" for="__nav_4_9_4" id="__nav_4_9_4_label" tabindex="0">
<span class="md-ellipsis">
Container Image
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="3" aria-labelledby="__nav_4_9_4_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_9_4">
<span class="md-nav__icon md-icon"></span>
Container Image
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../guide/advanced/container/embed-in-dockerfile/" class="md-nav__link">
<span class="md-ellipsis">
Embed in Dockerfile
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/advanced/container/unpacked-filesystem/" class="md-nav__link">
<span class="md-ellipsis">
Unpacked container image filesystem
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_9_4_3" >
<label class="md-nav__link" for="__nav_4_9_4_3" id="__nav_4_9_4_3_label" tabindex="0">
<span class="md-ellipsis">
Private Docker Registries
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="4" aria-labelledby="__nav_4_9_4_3_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_9_4_3">
<span class="md-nav__icon md-icon"></span>
Private Docker Registries
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../guide/advanced/private-registries/" class="md-nav__link">
<span class="md-ellipsis">
Overview
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/advanced/private-registries/docker-hub/" class="md-nav__link">
<span class="md-ellipsis">
Docker Hub
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/advanced/private-registries/ecr/" class="md-nav__link">
<span class="md-ellipsis">
AWS ECR (Elastic Container Registry)
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/advanced/private-registries/gcr/" class="md-nav__link">
<span class="md-ellipsis">
GCR (Google Container Registry)
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/advanced/private-registries/acr/" class="md-nav__link">
<span class="md-ellipsis">
ACR (Azure Container Registry)
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/advanced/private-registries/self/" class="md-nav__link">
<span class="md-ellipsis">
Self-Hosted
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../../../guide/advanced/telemetry/" class="md-nav__link">
<span class="md-ellipsis">
Usage Telemetry
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_10" >
<label class="md-nav__link" for="__nav_4_10" id="__nav_4_10_label" tabindex="0">
<span class="md-ellipsis">
References
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_4_10_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_10">
<span class="md-nav__icon md-icon"></span>
References
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_10_1" >
<label class="md-nav__link" for="__nav_4_10_1" id="__nav_4_10_1_label" tabindex="0">
<span class="md-ellipsis">
Configuration
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="3" aria-labelledby="__nav_4_10_1_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_10_1">
<span class="md-nav__icon md-icon"></span>
Configuration
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_10_1_1" >
<label class="md-nav__link" for="__nav_4_10_1_1" id="__nav_4_10_1_1_label" tabindex="0">
<span class="md-ellipsis">
CLI
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="4" aria-labelledby="__nav_4_10_1_1_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_10_1_1">
<span class="md-nav__icon md-icon"></span>
CLI
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../guide/references/configuration/cli/trivy/" class="md-nav__link">
<span class="md-ellipsis">
Overview
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/references/configuration/cli/trivy_clean/" class="md-nav__link">
<span class="md-ellipsis">
Clean
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/references/configuration/cli/trivy_config/" class="md-nav__link">
<span class="md-ellipsis">
Config
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/references/configuration/cli/trivy_convert/" class="md-nav__link">
<span class="md-ellipsis">
Convert
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/references/configuration/cli/trivy_filesystem/" class="md-nav__link">
<span class="md-ellipsis">
Filesystem
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/references/configuration/cli/trivy_image/" class="md-nav__link">
<span class="md-ellipsis">
Image
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/references/configuration/cli/trivy_kubernetes/" class="md-nav__link">
<span class="md-ellipsis">
Kubernetes
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_10_1_1_8" >
<label class="md-nav__link" for="__nav_4_10_1_1_8" id="__nav_4_10_1_1_8_label" tabindex="0">
<span class="md-ellipsis">
Module
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="5" aria-labelledby="__nav_4_10_1_1_8_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_10_1_1_8">
<span class="md-nav__icon md-icon"></span>
Module
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../guide/references/configuration/cli/trivy_module/" class="md-nav__link">
<span class="md-ellipsis">
Module
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/references/configuration/cli/trivy_module_install/" class="md-nav__link">
<span class="md-ellipsis">
Module Install
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/references/configuration/cli/trivy_module_uninstall/" class="md-nav__link">
<span class="md-ellipsis">
Module Uninstall
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_10_1_1_9" >
<label class="md-nav__link" for="__nav_4_10_1_1_9" id="__nav_4_10_1_1_9_label" tabindex="0">
<span class="md-ellipsis">
Plugin
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="5" aria-labelledby="__nav_4_10_1_1_9_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_10_1_1_9">
<span class="md-nav__icon md-icon"></span>
Plugin
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../guide/references/configuration/cli/trivy_plugin/" class="md-nav__link">
<span class="md-ellipsis">
Plugin
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/references/configuration/cli/trivy_plugin_info/" class="md-nav__link">
<span class="md-ellipsis">
Plugin Info
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/references/configuration/cli/trivy_plugin_install/" class="md-nav__link">
<span class="md-ellipsis">
Plugin Install
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/references/configuration/cli/trivy_plugin_list/" class="md-nav__link">
<span class="md-ellipsis">
Plugin List
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/references/configuration/cli/trivy_plugin_run/" class="md-nav__link">
<span class="md-ellipsis">
Plugin Run
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/references/configuration/cli/trivy_plugin_uninstall/" class="md-nav__link">
<span class="md-ellipsis">
Plugin Uninstall
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/references/configuration/cli/trivy_plugin_update/" class="md-nav__link">
<span class="md-ellipsis">
Plugin Update
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/references/configuration/cli/trivy_plugin_upgrade/" class="md-nav__link">
<span class="md-ellipsis">
Plugin Upgrade
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/references/configuration/cli/trivy_plugin_search/" class="md-nav__link">
<span class="md-ellipsis">
Plugin Search
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_10_1_1_10" >
<label class="md-nav__link" for="__nav_4_10_1_1_10" id="__nav_4_10_1_1_10_label" tabindex="0">
<span class="md-ellipsis">
Registry
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="5" aria-labelledby="__nav_4_10_1_1_10_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_10_1_1_10">
<span class="md-nav__icon md-icon"></span>
Registry
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../guide/references/configuration/cli/trivy_registry/" class="md-nav__link">
<span class="md-ellipsis">
Registry
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/references/configuration/cli/trivy_registry_login/" class="md-nav__link">
<span class="md-ellipsis">
Registry Login
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/references/configuration/cli/trivy_registry_logout/" class="md-nav__link">
<span class="md-ellipsis">
Registry Logout
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../../../guide/references/configuration/cli/trivy_repository/" class="md-nav__link">
<span class="md-ellipsis">
Repository
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/references/configuration/cli/trivy_rootfs/" class="md-nav__link">
<span class="md-ellipsis">
Rootfs
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/references/configuration/cli/trivy_sbom/" class="md-nav__link">
<span class="md-ellipsis">
SBOM
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/references/configuration/cli/trivy_server/" class="md-nav__link">
<span class="md-ellipsis">
Server
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/references/configuration/cli/trivy_version/" class="md-nav__link">
<span class="md-ellipsis">
Version
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_10_1_1_16" >
<label class="md-nav__link" for="__nav_4_10_1_1_16" id="__nav_4_10_1_1_16_label" tabindex="0">
<span class="md-ellipsis">
VEX
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="5" aria-labelledby="__nav_4_10_1_1_16_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_10_1_1_16">
<span class="md-nav__icon md-icon"></span>
VEX
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../guide/references/configuration/cli/trivy_vex/" class="md-nav__link">
<span class="md-ellipsis">
VEX
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/references/configuration/cli/trivy_vex_repo_download/" class="md-nav__link">
<span class="md-ellipsis">
VEX Download
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/references/configuration/cli/trivy_vex_repo_init/" class="md-nav__link">
<span class="md-ellipsis">
VEX Init
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/references/configuration/cli/trivy_vex_repo_list/" class="md-nav__link">
<span class="md-ellipsis">
VEX List
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/references/configuration/cli/trivy_vex_repo/" class="md-nav__link">
<span class="md-ellipsis">
VEX Repo
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../../../guide/references/configuration/cli/trivy_vm/" class="md-nav__link">
<span class="md-ellipsis">
VM
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../../../guide/references/configuration/config-file/" class="md-nav__link">
<span class="md-ellipsis">
Config file
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_10_2" >
<label class="md-nav__link" for="__nav_4_10_2" id="__nav_4_10_2_label" tabindex="0">
<span class="md-ellipsis">
Modes
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="3" aria-labelledby="__nav_4_10_2_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_10_2">
<span class="md-nav__icon md-icon"></span>
Modes
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../guide/references/modes/standalone/" class="md-nav__link">
<span class="md-ellipsis">
Standalone
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/references/modes/client-server/" class="md-nav__link">
<span class="md-ellipsis">
Client/Server
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../../../guide/references/troubleshooting/" class="md-nav__link">
<span class="md-ellipsis">
Troubleshooting
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/references/terminology/" class="md-nav__link">
<span class="md-ellipsis">
Terminology
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../guide/references/abbreviations/" class="md-nav__link">
<span class="md-ellipsis">
Abbreviations
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_5" >
<label class="md-nav__link" for="__nav_5" id="__nav_5_label" tabindex="0">
<span class="md-ellipsis">
Ecosystem
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_5_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_5">
<span class="md-nav__icon md-icon"></span>
Ecosystem
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../ecosystem/" class="md-nav__link">
<span class="md-ellipsis">
Overview
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../ecosystem/cicd/" class="md-nav__link">
<span class="md-ellipsis">
CI/CD
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../ecosystem/ide/" class="md-nav__link">
<span class="md-ellipsis">
IDE and Dev tools
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../ecosystem/prod/" class="md-nav__link">
<span class="md-ellipsis">
Production and Clouds
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../ecosystem/reporting/" class="md-nav__link">
<span class="md-ellipsis">
Reporting
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_6" >
<label class="md-nav__link" for="__nav_6" id="__nav_6_label" tabindex="0">
<span class="md-ellipsis">
Contributing
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_6_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_6">
<span class="md-nav__icon md-icon"></span>
Contributing
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../community/principles/" class="md-nav__link">
<span class="md-ellipsis">
Principles
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_6_2" >
<label class="md-nav__link" for="__nav_6_2" id="__nav_6_2_label" tabindex="0">
<span class="md-ellipsis">
How to contribute
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_6_2_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_6_2">
<span class="md-nav__icon md-icon"></span>
How to contribute
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../community/contribute/issue/" class="md-nav__link">
<span class="md-ellipsis">
Issues
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../community/contribute/discussion/" class="md-nav__link">
<span class="md-ellipsis">
Discussions
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../community/contribute/pr/" class="md-nav__link">
<span class="md-ellipsis">
Pull Requests
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_6_3" >
<label class="md-nav__link" for="__nav_6_3" id="__nav_6_3_label" tabindex="0">
<span class="md-ellipsis">
Contribute Rego Checks
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_6_3_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_6_3">
<span class="md-nav__icon md-icon"></span>
Contribute Rego Checks
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../community/contribute/checks/overview/" class="md-nav__link">
<span class="md-ellipsis">
Overview
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../community/contribute/checks/service-support/" class="md-nav__link">
<span class="md-ellipsis">
Add Service Support
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_6_4" >
<label class="md-nav__link" for="__nav_6_4" id="__nav_6_4_label" tabindex="0">
<span class="md-ellipsis">
Contribute Vulnerability Data Sources
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_6_4_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_6_4">
<span class="md-nav__icon md-icon"></span>
Contribute Vulnerability Data Sources
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../community/contribute/vulnerability-database/overview/" class="md-nav__link">
<span class="md-ellipsis">
Overview
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../community/contribute/vulnerability-database/add-vulnerability-source/" class="md-nav__link">
<span class="md-ellipsis">
Add Vulnerability Advisory Source
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_6_5" >
<label class="md-nav__link" for="__nav_6_5" id="__nav_6_5_label" tabindex="0">
<span class="md-ellipsis">
Maintainer
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_6_5_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_6_5">
<span class="md-nav__icon md-icon"></span>
Maintainer
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../community/maintainer/pr-review/" class="md-nav__link">
<span class="md-ellipsis">
PR Review
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../community/maintainer/release-flow/" class="md-nav__link">
<span class="md-ellipsis">
Release Flow
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../community/maintainer/backporting/" class="md-nav__link">
<span class="md-ellipsis">
Backporting
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../community/maintainer/help-wanted/" class="md-nav__link">
<span class="md-ellipsis">
Help Wanted
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../community/maintainer/triage/" class="md-nav__link">
<span class="md-ellipsis">
Triage
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_7" >
<label class="md-nav__link" for="__nav_7" id="__nav_7_label" tabindex="0">
<span class="md-ellipsis">
Enterprise
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_7_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_7">
<span class="md-nav__icon md-icon"></span>
Enterprise
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../commercial/compare/" class="md-nav__link">
<span class="md-ellipsis">
Comparison
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../commercial/contact/" class="md-nav__link">
<span class="md-ellipsis">
Contact Us
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-sidebar md-sidebar--secondary" data-md-component="sidebar" data-md-type="toc" >
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
<label class="md-nav__title" for="__toc">
<span class="md-nav__icon md-icon"></span>
Table of contents
</label>
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
<li class="md-nav__item">
<a href="#gitlab-ci-using-trivy-container" class="md-nav__link">
<span class="md-ellipsis">
GitLab CI using Trivy container
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#gitlab-ci-alternative-template" class="md-nav__link">
<span class="md-ellipsis">
GitLab CI alternative template
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#gitlab-ci-alternative-template-example-report" class="md-nav__link">
<span class="md-ellipsis">
GitLab CI alternative template example report
</span>
</a>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-content" data-md-component="content">
<article class="md-content__inner md-typeset">
<a href="https://github.com/aquasecurity/trivy/blob/main/docs/tutorials/integrations/gitlab-ci.md" title="Edit this page" class="md-content__button md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M10 20H6V4h7v5h5v3.1l2-2V8l-6-6H6c-1.1 0-2 .9-2 2v16c0 1.1.9 2 2 2h4zm10.2-7c.1 0 .3.1.4.2l1.3 1.3c.2.2.2.6 0 .8l-1 1-2.1-2.1 1-1c.1-.1.2-.2.4-.2m0 3.9L14.1 23H12v-2.1l6.1-6.1z"/></svg>
</a>
<h1 id="gitlab-ci">GitLab CI<a class="headerlink" href="#gitlab-ci" title="Permanent link">&para;</a></h1>
<p>GitLab 15.0 includes <a href="https://gitlab.com/groups/gitlab-org/-/epics/2233">free</a> integration with Trivy.</p>
<p>To <a href="https://docs.gitlab.com/ee/user/application_security/container_scanning/#configuration">configure container scanning with Trivy in GitLab</a>, simply include the CI template in your <code>.gitlab-ci.yml</code> file:</p>
<div class="highlight"><pre><span></span><code><span class="nt">include</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">template</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Security/Container-Scanning.gitlab-ci.yml</span>
</code></pre></div>
<p>If you're a GitLab 14.x Ultimate customer, you can use the same configuration above.</p>
<p>Alternatively, you can always use the example configurations below.</p>
<div class="highlight"><pre><span></span><code><span class="nt">stages</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">test</span>
<span class="nt">trivy</span><span class="p">:</span>
<span class="w"> </span><span class="nt">stage</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">test</span>
<span class="w"> </span><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">docker:stable</span>
<span class="w"> </span><span class="nt">services</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">docker:dind</span>
<span class="w"> </span><span class="nt">entrypoint</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">[</span><span class="s">&quot;env&quot;</span><span class="p p-Indicator">,</span><span class="w"> </span><span class="s">&quot;-u&quot;</span><span class="p p-Indicator">,</span><span class="w"> </span><span class="s">&quot;DOCKER_HOST&quot;</span><span class="p p-Indicator">]</span>
<span class="w"> </span><span class="nt">command</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">[</span><span class="s">&quot;dockerd-entrypoint.sh&quot;</span><span class="p p-Indicator">]</span>
<span class="w"> </span><span class="nt">variables</span><span class="p">:</span>
<span class="w"> </span><span class="nt">DOCKER_HOST</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">tcp://docker:2375/</span>
<span class="w"> </span><span class="nt">DOCKER_DRIVER</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">overlay2</span>
<span class="w"> </span><span class="c1"># See https://github.com/docker-library/docker/pull/166</span>
<span class="w"> </span><span class="nt">DOCKER_TLS_CERTDIR</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;&quot;</span>
<span class="w"> </span><span class="nt">IMAGE</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">trivy-ci-test:$CI_COMMIT_SHA</span>
<span class="w"> </span><span class="nt">TRIVY_NO_PROGRESS</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;true&quot;</span>
<span class="w"> </span><span class="nt">TRIVY_CACHE_DIR</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;.trivycache/&quot;</span>
<span class="w"> </span><span class="nt">before_script</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">export TRIVY_VERSION=$(wget -qO - &quot;https://api.github.com/repos/aquasecurity/trivy/releases/latest&quot; | grep &#39;&quot;tag_name&quot;:&#39; | sed -E &#39;s/.*&quot;v([^&quot;]+)&quot;.*/\1/&#39;)</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">echo $TRIVY_VERSION</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">wget --no-verbose https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz -O - | tar -zxvf -</span>
<span class="w"> </span><span class="nt">allow_failure</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<span class="w"> </span><span class="nt">script</span><span class="p">:</span>
<span class="w"> </span><span class="c1"># Build image</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">docker build -t $IMAGE .</span>
<span class="w"> </span><span class="c1"># Build report</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">./trivy image --exit-code 0 --format template --template &quot;@/contrib/gitlab.tpl&quot; -o gl-container-scanning-report.json $IMAGE</span>
<span class="w"> </span><span class="c1"># Print report</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">./trivy image --exit-code 0 --severity HIGH $IMAGE</span>
<span class="w"> </span><span class="c1"># Fail on severe vulnerabilities</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">./trivy image --exit-code 1 --severity CRITICAL $IMAGE</span>
<span class="w"> </span><span class="nt">cache</span><span class="p">:</span>
<span class="w"> </span><span class="nt">paths</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">.trivycache/</span>
<span class="w"> </span><span class="c1"># Enables https://docs.gitlab.com/ee/user/application_security/container_scanning/ (Container Scanning report is available on GitLab Ultimate)</span>
<span class="w"> </span><span class="nt">artifacts</span><span class="p">:</span>
<span class="w"> </span><span class="nt">reports</span><span class="p">:</span>
<span class="w"> </span><span class="nt">container_scanning</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">gl-container-scanning-report.json</span>
</code></pre></div>
<p><a href="https://gitlab.com/aquasecurity/trivy-ci-test/pipelines">Example</a>
<a href="https://github.com/aquasecurity/trivy-ci-test">Repository</a></p>
<h3 id="gitlab-ci-using-trivy-container">GitLab CI using Trivy container<a class="headerlink" href="#gitlab-ci-using-trivy-container" title="Permanent link">&para;</a></h3>
<p>To scan a previously built image that has already been pushed into the
GitLab container registry the following CI job manifest can be used.
Note that <code>entrypoint</code> needs to be unset for the <code>script</code> section to work.
In case of a non-public GitLab project Trivy additionally needs to
authenticate to the registry to be able to pull your application image.
Finally, it is not necessary to clone the project repo as we only work
with the container image.</p>
<div class="highlight"><pre><span></span><code><span class="nt">container_scanning</span><span class="p">:</span>
<span class="w"> </span><span class="nt">image</span><span class="p">:</span>
<span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">docker.io/aquasec/trivy:latest</span>
<span class="w"> </span><span class="nt">entrypoint</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">[</span><span class="s">&quot;&quot;</span><span class="p p-Indicator">]</span>
<span class="w"> </span><span class="nt">variables</span><span class="p">:</span>
<span class="w"> </span><span class="c1"># No need to clone the repo, we exclusively work on artifacts. See</span>
<span class="w"> </span><span class="c1"># https://docs.gitlab.com/ee/ci/runners/configure_runners.html#git-strategy</span>
<span class="w"> </span><span class="nt">GIT_STRATEGY</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">none</span>
<span class="w"> </span><span class="nt">TRIVY_USERNAME</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;$CI_REGISTRY_USER&quot;</span>
<span class="w"> </span><span class="nt">TRIVY_PASSWORD</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;$CI_REGISTRY_PASSWORD&quot;</span>
<span class="w"> </span><span class="nt">TRIVY_AUTH_URL</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;$CI_REGISTRY&quot;</span>
<span class="w"> </span><span class="nt">TRIVY_NO_PROGRESS</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;true&quot;</span>
<span class="w"> </span><span class="nt">TRIVY_CACHE_DIR</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;.trivycache/&quot;</span>
<span class="w"> </span><span class="nt">FULL_IMAGE_NAME</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG</span>
<span class="w"> </span><span class="nt">script</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">trivy --version</span>
<span class="w"> </span><span class="c1"># update vulnerabilities db</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">time trivy image --download-db-only</span>
<span class="w"> </span><span class="c1"># Builds report and puts it in the default workdir $CI_PROJECT_DIR, so `artifacts:` can take it from there</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">time trivy image --exit-code 0 --format template --template &quot;@/contrib/gitlab.tpl&quot;</span>
<span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">--output &quot;$CI_PROJECT_DIR/gl-container-scanning-report.json&quot; &quot;$FULL_IMAGE_NAME&quot;</span>
<span class="w"> </span><span class="c1"># Prints full report</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">time trivy image --exit-code 0 &quot;$FULL_IMAGE_NAME&quot;</span>
<span class="w"> </span><span class="c1"># Fail on critical vulnerabilities</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">time trivy image --exit-code 1 --severity CRITICAL &quot;$FULL_IMAGE_NAME&quot;</span>
<span class="w"> </span><span class="nt">cache</span><span class="p">:</span>
<span class="w"> </span><span class="nt">paths</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">.trivycache/</span>
<span class="w"> </span><span class="c1"># Enables https://docs.gitlab.com/ee/user/application_security/container_scanning/ (Container Scanning report is available on GitLab EE Ultimate or GitLab.com Gold)</span>
<span class="w"> </span><span class="nt">artifacts</span><span class="p">:</span>
<span class="w"> </span><span class="nt">when</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">always</span>
<span class="w"> </span><span class="nt">reports</span><span class="p">:</span>
<span class="w"> </span><span class="nt">container_scanning</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">gl-container-scanning-report.json</span>
<span class="w"> </span><span class="nt">tags</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">docker-runner</span>
</code></pre></div>
<h3 id="gitlab-ci-alternative-template">GitLab CI alternative template<a class="headerlink" href="#gitlab-ci-alternative-template" title="Permanent link">&para;</a></h3>
<p>Depending on the edition of gitlab you have or your desired workflow, the
container scanning template may not meet your needs. As an addition to the
above container scanning template, a template for
<a href="https://docs.gitlab.com/ee/ci/testing/code_quality.html">code climate</a>
has been included. The key things to update from the above examples are
the <code>template</code> and <code>report</code> type. An updated example is below.</p>
<div class="highlight"><pre><span></span><code><span class="nt">stages</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">test</span>
<span class="nt">trivy</span><span class="p">:</span>
<span class="w"> </span><span class="nt">stage</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">test</span>
<span class="w"> </span><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">docker:stable</span>
<span class="w"> </span><span class="nt">services</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">docker:dind</span>
<span class="w"> </span><span class="nt">entrypoint</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">[</span><span class="s">&quot;env&quot;</span><span class="p p-Indicator">,</span><span class="w"> </span><span class="s">&quot;-u&quot;</span><span class="p p-Indicator">,</span><span class="w"> </span><span class="s">&quot;DOCKER_HOST&quot;</span><span class="p p-Indicator">]</span>
<span class="w"> </span><span class="nt">command</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">[</span><span class="s">&quot;dockerd-entrypoint.sh&quot;</span><span class="p p-Indicator">]</span>
<span class="w"> </span><span class="nt">variables</span><span class="p">:</span>
<span class="w"> </span><span class="nt">DOCKER_HOST</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">tcp://docker:2375/</span>
<span class="w"> </span><span class="nt">DOCKER_DRIVER</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">overlay2</span>
<span class="w"> </span><span class="c1"># See https://github.com/docker-library/docker/pull/166</span>
<span class="w"> </span><span class="nt">DOCKER_TLS_CERTDIR</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;&quot;</span>
<span class="w"> </span><span class="nt">IMAGE</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">trivy-ci-test:$CI_COMMIT_SHA</span>
<span class="w"> </span><span class="nt">TRIVY_NO_PROGRESS</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;true&quot;</span>
<span class="w"> </span><span class="nt">TRIVY_CACHE_DIR</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;.trivycache/&quot;</span>
<span class="w"> </span><span class="nt">before_script</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">export TRIVY_VERSION=$(wget -qO - &quot;https://api.github.com/repos/aquasecurity/trivy/releases/latest&quot; | grep &#39;&quot;tag_name&quot;:&#39; | sed -E &#39;s/.*&quot;v([^&quot;]+)&quot;.*/\1/&#39;)</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">echo $TRIVY_VERSION</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">wget --no-verbose https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz -O - | tar -zxvf -</span>
<span class="w"> </span><span class="nt">allow_failure</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<span class="w"> </span><span class="nt">script</span><span class="p">:</span>
<span class="w"> </span><span class="c1"># Build image</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">docker build -t $IMAGE .</span>
<span class="w"> </span><span class="c1"># Image report</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">./trivy image --exit-code 0 --format template --template &quot;@/contrib/gitlab-codequality.tpl&quot; -o gl-codeclimate-image.json $IMAGE</span>
<span class="w"> </span><span class="c1"># Filesystem report</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">./trivy filesystem --scanners misconfig,vuln --exit-code 0 --format template --template &quot;@/contrib/gitlab-codequality.tpl&quot; -o gl-codeclimate-fs.json .</span>
<span class="w"> </span><span class="c1"># Combine report</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">apk update &amp;&amp; apk add jq</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">jq -s &#39;add&#39; gl-codeclimate-image.json gl-codeclimate-fs.json &gt; gl-codeclimate.json</span>
<span class="w"> </span><span class="nt">cache</span><span class="p">:</span>
<span class="w"> </span><span class="nt">paths</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">.trivycache/</span>
<span class="w"> </span><span class="c1"># Enables https://docs.gitlab.com/ee/user/application_security/container_scanning/ (Container Scanning report is available on GitLab EE Ultimate or GitLab.com Gold)</span>
<span class="w"> </span><span class="nt">artifacts</span><span class="p">:</span>
<span class="w"> </span><span class="nt">paths</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">gl-codeclimate.json</span>
<span class="w"> </span><span class="nt">reports</span><span class="p">:</span>
<span class="w"> </span><span class="nt">codequality</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">gl-codeclimate.json</span>
</code></pre></div>
<p>Currently gitlab only supports a single code quality report. There is an
open <a href="https://gitlab.com/gitlab-org/gitlab/-/issues/9014">feature request</a>
to support multiple reports. Until this has been implemented, if you
already have a code quality report in your pipeline, you can use
<code>jq</code> to combine reports. Depending on how you name your artifacts, it may
be necessary to rename the artifact if you want to reuse the name. To then
combine the previous artifact with the output of trivy, the following <code>jq</code>
command can be used, <code>jq -s 'add' prev-codeclimate.json trivy-codeclimate.json &gt; gl-codeclimate.json</code>.</p>
<h3 id="gitlab-ci-alternative-template-example-report">GitLab CI alternative template example report<a class="headerlink" href="#gitlab-ci-alternative-template-example-report" title="Permanent link">&para;</a></h3>
<p>You'll be able to see a full report in the GitLab pipeline code quality UI, where filesystem vulnerabilities and misconfigurations include links to the flagged files and image vulnerabilities report the image/os or runtime/library that the vulnerability originates from instead.</p>
<p><img alt="codequality" src="../../../imgs/gitlab-codequality.png" /></p>
</article>
</div>
<script>var tabs=__md_get("__tabs");if(Array.isArray(tabs))e:for(var set of document.querySelectorAll(".tabbed-set")){var labels=set.querySelector(".tabbed-labels");for(var tab of tabs)for(var label of labels.getElementsByTagName("label"))if(label.innerText.trim()===tab){var input=document.getElementById(label.htmlFor);input.checked=!0;continue e}}</script>
<script>var target=document.getElementById(location.hash.slice(1));target&&target.name&&(target.checked=target.name.startsWith("__tabbed_"))</script>
</div>
</main>
<footer class="md-footer">
<nav class="md-footer__inner md-grid" aria-label="Footer" >
<a href="../travis-ci/" class="md-footer__link md-footer__link--prev" aria-label="Previous: Travis CI">
<div class="md-footer__button md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11z"/></svg>
</div>
<div class="md-footer__title">
<span class="md-footer__direction">
Previous
</span>
<div class="md-ellipsis">
Travis CI
</div>
</div>
</a>
<a href="../bitbucket/" class="md-footer__link md-footer__link--next" aria-label="Next: Bitbucket Pipelines">
<div class="md-footer__title">
<span class="md-footer__direction">
Next
</span>
<div class="md-ellipsis">
Bitbucket Pipelines
</div>
</div>
<div class="md-footer__button md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M4 11v2h12l-5.5 5.5 1.42 1.42L19.84 12l-7.92-7.92L10.5 5.5 16 11z"/></svg>
</div>
</a>
</nav>
<div class="md-footer-meta md-typeset">
<div class="md-footer-meta__inner md-grid">
<div class="md-copyright">
</div>
<div class="md-social">
<a href="https://twitter.com/AquaTrivy" target="_blank" rel="noopener" title="twitter.com" class="md-social__link">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><!--! Font Awesome Free 6.6.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc.--><path d="M389.2 48h70.6L305.6 224.2 487 464H345L233.7 318.6 106.5 464H35.8l164.9-188.5L26.8 48h145.6l100.5 132.9zm-24.8 373.8h39.1L151.1 88h-42z"/></svg>
</a>
<a href="https://github.com/aquasecurity/trivy" target="_blank" rel="noopener" title="github.com" class="md-social__link">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 496 512"><!--! Font Awesome Free 6.6.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc.--><path d="M165.9 397.4c0 2-2.3 3.6-5.2 3.6-3.3.3-5.6-1.3-5.6-3.6 0-2 2.3-3.6 5.2-3.6 3-.3 5.6 1.3 5.6 3.6m-31.1-4.5c-.7 2 1.3 4.3 4.3 4.9 2.6 1 5.6 0 6.2-2s-1.3-4.3-4.3-5.2c-2.6-.7-5.5.3-6.2 2.3m44.2-1.7c-2.9.7-4.9 2.6-4.6 4.9.3 2 2.9 3.3 5.9 2.6 2.9-.7 4.9-2.6 4.6-4.6-.3-1.9-3-3.2-5.9-2.9M244.8 8C106.1 8 0 113.3 0 252c0 110.9 69.8 205.8 169.5 239.2 12.8 2.3 17.3-5.6 17.3-12.1 0-6.2-.3-40.4-.3-61.4 0 0-70 15-84.7-29.8 0 0-11.4-29.1-27.8-36.6 0 0-22.9-15.7 1.6-15.4 0 0 24.9 2 38.6 25.8 21.9 38.6 58.6 27.5 72.9 20.9 2.3-16 8.8-27.1 16-33.7-55.9-6.2-112.3-14.3-112.3-110.5 0-27.5 7.6-41.3 23.6-58.9-2.6-6.5-11.1-33.3 2.6-67.9 20.9-6.5 69 27 69 27 20-5.6 41.5-8.5 62.8-8.5s42.8 2.9 62.8 8.5c0 0 48.1-33.6 69-27 13.7 34.7 5.2 61.4 2.6 67.9 16 17.7 25.8 31.5 25.8 58.9 0 96.5-58.9 104.2-114.8 110.5 9.2 7.9 17 22.9 17 46.4 0 33.7-.3 75.4-.3 83.6 0 6.5 4.6 14.4 17.3 12.1C428.2 457.8 496 362.9 496 252 496 113.3 383.5 8 244.8 8M97.2 352.9c-1.3 1-1 3.3.7 5.2 1.6 1.6 3.9 2.3 5.2 1 1.3-1 1-3.3-.7-5.2-1.6-1.6-3.9-2.3-5.2-1m-10.8-8.1c-.7 1.3.3 2.9 2.3 3.9 1.6 1 3.6.7 4.3-.7.7-1.3-.3-2.9-2.3-3.9-2-.6-3.6-.3-4.3.7m32.4 35.6c-1.6 1.3-1 4.3 1.3 6.2 2.3 2.3 5.2 2.6 6.5 1 1.3-1.3.7-4.3-1.3-6.2-2.2-2.3-5.2-2.6-6.5-1m-11.4-14.7c-1.6 1-1.6 3.6 0 5.9s4.3 3.3 5.6 2.3c1.6-1.3 1.6-3.9 0-6.2-1.4-2.3-4-3.3-5.6-2"/></svg>
</a>
</div>
</div>
</div>
</footer>
</div>
<div class="md-dialog" data-md-component="dialog">
<div class="md-dialog__inner md-typeset"></div>
</div>
<script id="__config" type="application/json">{"base": "../../..", "features": ["navigation.tabs", "navigation.tabs.sticky", "navigation.sections", "navigation.footer", "content.action.edit", "content.tabs.link", "content.code.annotate", "content.code.copy"], "search": "../../../assets/javascripts/workers/search.c7c1ca2c.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}, "version": {"default": "latest", "method": "mike", "provider": "mike"}}</script>
<script src="../../../assets/javascripts/bundle.203fd0bc.min.js"></script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink