Trivy Container Vulnerability Scanner
Automates Aqua Security Trivy scans against Docker images and OCI artifacts to detect CVEs, misconfigurations, and license violations. Integrates with Trivy's JSON/SARIF output for CI-gate decisions and generates remediation reports.
npx skills add agentskillexchange/skills --skill trivy-container-vulnerability-scanner
The Trivy Container Vulnerability Scanner skill provides deep integration with Aqua Security Trivy to perform comprehensive container image scanning. It supports scanning Docker images, OCI artifacts, and filesystem paths for known CVEs using the NVD and vendor-specific advisory databases.
What this skill actually does
Key capabilities include parsing Trivy’s structured JSON and SARIF output formats, filtering vulnerabilities by severity (CRITICAL, HIGH, MEDIUM, LOW), and generating actionable remediation reports. The skill can gate CI/CD pipelines based on configurable severity thresholds, automatically failing builds that contain unfixed critical vulnerabilities.
Advanced features include SBOM generation in CycloneDX and SPDX formats, license compliance checking against configurable allowlists, and Kubernetes cluster scanning via Trivy’s k8s mode. Results can be exported to DefectDojo, Dependency-Track, or custom dashboards via webhook integration.