CloudFormation
Trivy supports the scanners listed in the table below.
| Scanner | Supported |
|---|---|
| Misconfiguration | ✓ |
| Secret | ✓ |
It supports the following formats.
| Format | Supported |
|---|---|
| JSON | ✓ |
| YAML | ✓ |
Misconfiguration
Trivy recursively searches directories and scans all found CloudFormation files. It evaluates properties, functions, and other elements within CloudFormation files to detect misconfigurations.
Value Overrides
You can provide cf-params with path to CloudFormation Parameters file to Trivy to scan your CloudFormation code with parameters.
trivy conf --cf-params params.json ./infrastructure/cf
You can check a CloudFormation Parameters Example
Secret
The secret scan is performed on plain text files, with no special treatment for CloudFormation.