Use this action to scan container images with the Trivy scanner, to identify and fix security vulnerabilities. You can also use the action output as a quality gate for the next step or job in your workflow.
All CloudBees action repositories are listed at CloudBees, Inc. on GitHub. |
Inputs
Input name | Data type | Required? | Description | ||
---|---|---|---|---|---|
|
String |
Yes |
The path of the binary to be scanned.
|
||
|
Boolean |
No |
The option to perform license scanning.
Specify |
Outputs
Output name | Data type | Description |
---|---|---|
|
String |
The number of Critical security findings discovered during the scan. |
|
String |
The number of Very high security findings discovered during the scan. |
|
String |
The number of High security findings discovered during the scan. |
|
String |
The number of Medium security findings discovered during the scan. |
|
String |
The number of Low security findings discovered during the scan. |
Usage examples
Basic example
The following is a basic example of using the action:
- name: Scan with Trivy uses: cloudbees-io/trivy-plugin@v1 with: binary-tar-path: /path/to/binary.tar
Using the action output
Access the output values in downstream steps and jobs using the outputs
context.
Use the output in your workflow as follows, where <action_step_ID>
is the action step ID, and <severity>
is an output parameter name, such as critical-count
:
${{steps.<action_step_ID>.outputs.<severity>}}
The following example uses the action output in a downstream step of the same job:
The following example uses the action output in a downstream job: