Trivy supports the scanners listed in the table below.
It supports the following formats.
Trivy recursively searches directories and scans all found CloudFormation files. It evaluates properties, functions, and other elements within CloudFormation files to detect misconfigurations.
You can provide
cf-params with path to CloudFormation Parameters file to Trivy to scan your CloudFormation code with parameters.
trivy conf --cf-params params.json ./infrastructure/cf
You can check a CloudFormation Parameters Example
The secret scan is performed on plain text files, with no special treatment for CloudFormation.