Trivy Vulnerability Scanner is a VS Code extension that helps you find vulnerabilities in your software projects without leaving the comfort of your VS Code window.
Trivy is required for the plugin - if it is available on the PATH then the extension will use that version. If it can't be found, you will be presented with the choice of specifying where it is or installing.
If you choose to install, the output window will open with the details of what is being installed and where, it will be installed to the extensions directory and be removed when the extension is uninstalled.
The Aqua Trivy extension comes with a walkthrough quick start to show you the key areas, we recommend you look at that the first time you use it.
When the extension is opened and Trivy is installed, you can run a scan of the current project or workspaces and it will generate a list of issues broken down by file.
The menu allows you to turn on workspace specific options as part of the scan.
If you are an Aqua customer, you can use your AQUA_KEY and AQUA_SECRET to get additional assurance policy results.
From the menu, select Trivy Aqua Platform Integration and provide your Aqua details.
Now run a scan as normal and you will have additional policy results.
If you find one, please file a GitHub Issue here.
Have a feature you desire? Please let us know by filing an issue here.
- Add codelens for transitive dependencies
- Remove the option to upload the results to the Aqua Platform
- Make order by severity the default view
- Make order by type and severity available to all users
### 1.1.0
- Configure Scanners to use for scan
- Update the Treeview when using Aqua Platform
- Fixes the Trivy installer for Windows and Linux
- Correctly handle spaces in directories
- Validate Aqua Platform settings before setting
- Remove hard coded links to dev env
- Fix issue with required resources and node_modules for webview
- Add support for installing and updating a built in version of Trivy
- Add support for the Aqua plugin
- Use Aqua Key and Secret to get Assurance results
- Rework the Tree view to be more informative
- Only allow single runs to happen at anyone time
- Rework the icons to be more consistent
- Switch to using webpack to package vsix and streamline significantly
- Add Trivy findings to the Problems view
- Add support for managing the config through the UI
- Add support for multiple workspaces in the explorer
- Add tests and process around the code
Handle findings inside tarballs
Add support for secrets - turn on in the extension settings
Fix json check
Add support for newer format of json results
Fix typo in the configuration settings
Add additional settings for offline and minimum severity
Add Findings viewer and help
Automatic detection of old Trivy versions.
Initial release with basic project scanning.