trivy-azure-pipelines-task
trivy-azure-pipelines-task copied to clipboard
Add docker.sock mount
Added docker.sock mount according to recommendations in trivy documentation
Due to the staleness of this repo and the corresponding extension, I decided to fork it. I don't plan to invest in really developing this further, but I will probably update it from time to time and accept PRs. For the time beeing, my forked extension is available here and includes the following improvements:
- Yours: Mount docker.sock to scan docker images from a containerized trivy instance.
- Update obsolete usage of --security-checks to --scanners.
- Mount a consistent cache dir so that multiple runs using docker only download the vulnerability db once.
- Use a recent version of trivy if not using the trivy docker image.
- Due to the other changes above it should be possible to just use the docker-based execution in most cases, which always automatically uses the latest trivy version and does not require updates to this extension.
- It can be installed in parallel to the official trivy extension.
- This is a drop-in replacement, just change
- task: trivy@1
to- task: trivy-contrib@1
after installing this extension.