File size: 795 Bytes
7c19d46 | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 | # =============================================================================
# Trivy Configuration — Container + IaC + Secret Scanning
# =============================================================================
# trivy.yaml — Project-level config
severity:
- CRITICAL
- HIGH
exit-code: 1
ignore-unfixed: true
# Ignore specific CVEs with justification
ignorefile: .trivyignore
# DB settings
db:
skip-update: false
# Secret scanning
secret:
enable: true
# Misconfiguration scanning
misconf:
enable: true
terraform:
validate: true
# IaC scanning
iac:
enable: true
# Scanners to run
scanners:
- vuln
- misconf
- secret
# Report formats
format:
- table
- json
# Registry credentials (use IRSA in EKS)
registries:
- name: ecr.aws
insecure: false
|