The Trivy Vulnerability Scanner Pipeline skill automates comprehensive security scanning across your software supply chain using the Aqua Security Trivy scanner. It performs multi-target scanning including container images (Docker, OCI), filesystem directories, git repositories, and Infrastructure-as-Code templates (Terraform, CloudFormation, Kubernetes manifests). The skill generates Software Bill of Materials in both CycloneDX and SPDX formats for compliance requirements. CVE results are filtered by configurable severity thresholds (CRITICAL, HIGH, MEDIUM, LOW) and can block CI/CD pipelines when vulnerabilities exceed policy limits. Integration with GitHub Security Advisories and NVD databases ensures up-to-date vulnerability intelligence. The skill supports ignore files for accepted risks, secret scanning in code repositories, and license compliance checking. Results can be exported to Defect Dojo, Dependency-Track, or custom webhook endpoints for centralized vulnerability management.