Overview Q & A Rating & Review
Aqua Trivy Azure DevOps Extension
An Azure DevOps Pipelines Task for Trivy , providing vulnerability scanning with an integrated UI.
Overview
This extension allows you to scan various targets for:
Vulnerabilities in applications and dependencies
Misconfigurations in Infrastructure as Code (IaC) files
Secrets accidentally committed to repositories
License compliance issues
Quick Start
Install the Trivy task from the Azure DevOps Marketplace and press the Get it free
button.
Add the task to your azure-pipelines.yml
:
steps:
- task: trivy@2
inputs:
type: 'filesystem'
target: '.'
scanners: 'vuln,misconfig,secret'
[!Important]
Docker integration is only fully supported on Linux agents. Windows agents have limited Docker support.
Documentation
Check out the documentation for more details: