Aqua Trivy Azure DevOps Extension

An Azure DevOps Pipelines Task for Trivy, providing vulnerability scanning with an integrated UI.

Overview

This extension allows you to scan various targets for:

• Vulnerabilities in applications and dependencies
• Misconfigurations in Infrastructure as Code (IaC) files
• Secrets accidentally committed to repositories
• License compliance issues

Quick Start

1. Install the Trivy task from the Azure DevOps Marketplace and press the Get it free button.

2. Add the task to your azure-pipelines.yml:

steps:
  - task: trivy@2
    inputs:
      type: 'filesystem'
      target: '.'
      scanners: 'vuln,misconfig,secret'

[!Important] Docker integration is only fully supported on Linux agents. Windows agents have limited Docker support.

Documentation

Check out the documentation for more details:

• Installation Guide
• Trivy@1 Configuration (Legacy version)
• Trivy@2 Configuration (Recommended for new users)
• Aqua Platform Integration