Skip to main content

Documentation Index

Fetch the complete documentation index at: https://trunk-4cab4936-sam-gutentag-flaky-tests-new-monitors.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

Trivy is a linter for Security. You can enable the Trivy linter with: 
trunk check enable trivy
trivy example output

Auto Enabling

Trivy will be auto-enabled if any of its config files are present: trivy.yaml, .trivyignore, .trivyignore.yaml.

Settings

Trivy supports the following config files:
  • trivy.yaml
  • .trivyignore
  • .trivyignore.yaml
  • trivy-secret.yaml
You can move these files to .trunk/configs and trunk check will still find them. See Moving Linters for more info.

Usage Notes

Trivy has the following subcommands:
  • config
  • Runs trivy config (docs) )to scan for misconfigurations in infrastructure-as-code files. Enabled by default
  • fx-vuln
  • Runs trivy fs --scanners vuln (docs) to scan for security vulnerabilities. Disabled by default.
  • fs-secret
  • Runs trivy fs --scanners secret (docs) to scan for secrets. Disabled by default.
To enable/disable these, add the subcommands you want enabled in your .trunk/trunk.yaml as such: 
lint:
  enabled:
    - trivy@0.45.1:
        commands: [config, fs-vuln]