trivy

SKILL.md

ABOUTME: Security vulnerability scanning skill using Trivy for pre-commit validation ABOUTME: Enforces blocking of CRITICAL and HIGH severity vulnerabilities across all scan targets

This skill enforces security vulnerability scanning using Trivy before code is committed. CRITICAL and HIGH severity vulnerabilities MUST be resolved before commit.

| New dependency added | Scan filesystem for vulnerabilities | | Dockerfile modified | Scan container image | | go.mod/go.sum changed | Scan Go dependencies | | requirements.txt/pyproject.toml changed | Scan Python dependencies | | package.json/package-lock.json changed | Scan Node.js dependencies | | Terraform files changed | Scan IaC misconfigurations |

使用 Trivy 进行容器映像、文件系统和 IaC 的安全漏洞扫描器。在提交之前阻止严重和高严重性漏洞。触发“trivy”、“漏洞扫描”、“安全扫描”、“容器扫描”、“映像扫描”、“sbom”、“cve”、“依赖关系扫描”、“供应链安全”、“docker 扫描”、“扫描映像”、“扫描容器”、“检查漏洞”、“安全检查”、“许可证扫描”、“秘密扫描”、“错误配置扫描”、“iac 扫描”、“terraform 扫描”、 “kubernetes 扫描”、“helm 扫描”、“dockerfile 扫描”、“包漏洞”、“npm 审核”、“pip 审核”、“go mod 漏洞”、“扫描依赖项”、“安全门”、“合规性扫描”、“aqua trivy”。主动：必须在提交具有新依赖项或容器映像的代码之前调用。 来源：mauromedda/agent-toolkit。

查看原文