Skip to content

CI/CD Integrations

GitHub Actions

GitHub Actions is GitHub's native CI/CD and job orchestration service.

trivy-action (Official)

GitHub Action for integrating Trivy into your GitHub pipeline

👉 Get it at:

trivy-action (Community)

GitHub Action to scan vulnerability using Trivy. If vulnerabilities are found by Trivy, it creates a GitHub Issue.

👉 Get it at:

trivy-github-issues (Community)

In this action, Trivy scans the dependency files such as package-lock.json and go.sum in your repository, then create GitHub issues according to the result.

👉 Get it at:

Azure DevOps (Official)

Azure Devops is Microsoft Azure cloud native CI/CD service.

Trivy has a "Azure Devops Pipelines Task" for Trivy, that lets you easily introduce security scanning into your workflow, with an integrated Azure Devops UI.

👉 Get it at:

Semaphore (Community)

Semaphore is a CI/CD service.

You can use Trivy in Semaphore for scanning code, containers, infrastructure, and Kubernetes in Semaphore workflow.

👉 Get it at:

CircleCI (Community)

CircleCI is a CI/CD service.

You can use the Trivy Orb for Circle CI to introduce security scanning into your workflow.

👉 Get it at: Source:

Woodpecker CI (Community)

Example Trivy step in pipeline

    image: aquasec/trivy:latest
      # use any trivy command, if exit code is 0 woodpecker marks it as passed, else it assumes it failed
      - trivy fs --exit-code 1 --skip-dirs web/ --skip-dirs docs/ --severity MEDIUM,HIGH,CRITICAL .

Woodpecker does use Trivy itself so you can see it in use there.