image-scanner-with-trivy 0.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1 @@
1
+ # ~~ Generated by projen. To modify, edit .projenrc.ts and run "npx projen".
@@ -0,0 +1,8 @@
1
+ {
2
+ "singleQuote": true,
3
+ "jsxSingleQuote": true,
4
+ "trailingComma": "all",
5
+ "semi": true,
6
+ "printWidth": 100,
7
+ "overrides": []
8
+ }
package/.projenrc.ts ADDED
@@ -0,0 +1,80 @@
1
+ import { awscdk } from 'projen';
2
+ import { TrailingComma, Transform } from 'projen/lib/javascript';
3
+ const project = new awscdk.AwsCdkConstructLibrary({
4
+ author: 'go-to-k',
5
+ authorAddress: '24818752+go-to-k@users.noreply.github.com',
6
+ // TODO: major version
7
+ // majorVersion: 1,
8
+ minNodeVersion: '18.0.0',
9
+ cdkVersion: '2.95.1',
10
+ defaultReleaseBranch: 'main',
11
+ jsiiVersion: '~5.0.0',
12
+ name: 'image-scanner-with-trivy',
13
+ projenrcTs: true,
14
+ repositoryUrl: 'https://github.com/go-to-k/image-scanner-with-trivy',
15
+ prettier: true,
16
+ prettierOptions: {
17
+ settings: {
18
+ singleQuote: true,
19
+ jsxSingleQuote: true,
20
+ trailingComma: TrailingComma.ALL,
21
+ semi: true,
22
+ printWidth: 100,
23
+ },
24
+ },
25
+ eslintOptions: {
26
+ dirs: ['src'],
27
+ prettier: true,
28
+ ignorePatterns: [
29
+ 'example/**/*',
30
+ 'lambda/**/*',
31
+ 'test/assets/**/*',
32
+ 'test/*.snapshot/**/*',
33
+ '*.d.ts',
34
+ ],
35
+ },
36
+ jestOptions: {
37
+ configFilePath: 'jest.config.json',
38
+ jestConfig: {
39
+ testEnvironment: 'node',
40
+ roots: ['<rootDir>/test'],
41
+ testMatch: ['**/*.test.ts'],
42
+ transform: {
43
+ '^.+\\.tsx?$': new Transform('ts-jest'),
44
+ },
45
+ snapshotSerializers: ['<rootDir>/test/snapshot-plugin.ts'],
46
+ },
47
+ },
48
+ license: 'Apache-2.0',
49
+ keywords: [
50
+ 'aws',
51
+ 'cdk',
52
+ 'aws-cdk',
53
+ 'docker',
54
+ 'trivy',
55
+ 'ecs',
56
+ 'ecr',
57
+ 'fargate',
58
+ 'container',
59
+ 'security',
60
+ ],
61
+ gitignore: ['*.js', '*.d.ts', 'cdk.out/'],
62
+ bin: {
63
+ 0: './assets',
64
+ },
65
+ // deps: [], /* Runtime dependencies of this module. */
66
+ // description: undefined, /* The description is just a string that helps people understand the purpose of the package. */
67
+ // devDeps: [], /* Build dependencies for this module. */
68
+ // packageName: undefined, /* The "name" in package.json. */
69
+ });
70
+ project.tsconfigDev.addInclude('assets/lambda/**/*.ts');
71
+ project.setScript('cdk', 'cdk');
72
+ project.setScript('integ:deploy', "cdk deploy --app='./lib/integ.js'");
73
+ project.setScript('integ:destroy', "cdk destroy --app='./lib/integ.js'");
74
+ project.projectBuild.compileTask.prependExec(
75
+ 'yarn install --non-interactive --frozen-lockfile && yarn build',
76
+ {
77
+ cwd: 'assets/lambda',
78
+ },
79
+ );
80
+ project.synth();
package/API.md ADDED
@@ -0,0 +1,521 @@
1
+ # image-scanner-with-trivy
2
+
3
+ ## What is
4
+
5
+ This is an AWS CDK Construct that allows you to **scan a container image in CDK deployment layer with trivy**.
6
+
7
+ If it detects vulnerabilities, it can **prevent the image from being pushed to the ECR for the application**.
8
+
9
+ Since it takes an `imageUri` for ECR as an argument, it can also be used to **simply scan an existing image in the repository**.
10
+
11
+ ## Trivy
12
+
13
+ [Trivy](https://github.com/aquasecurity/trivy) is a comprehensive and versatile security scanner.
14
+
15
+ ## Usage
16
+
17
+ - Install
18
+
19
+ ```sh
20
+ npm install image-scanner-with-trivy
21
+ ```
22
+
23
+ - CDK Code
24
+
25
+ ```ts
26
+ import { ImageScannerWithTrivy } from 'image-scanner-with-trivy';
27
+
28
+ const repository = new Repository(this, 'ImageRepository', {
29
+ removalPolicy: RemovalPolicy.DESTROY,
30
+ autoDeleteImages: true,
31
+ });
32
+
33
+ const image = new DockerImageAsset(this, 'DockerImage', {
34
+ directory: resolve(__dirname, './'),
35
+ });
36
+
37
+ // Please grant the necessary options on a case-by-case basis.
38
+ const imageScanner = new ImageScannerWithTrivy(this, 'ImageScannerWithTrivy', {
39
+ imageUri: image.imageUri,
40
+ repository: image.repository,
41
+ });
42
+
43
+ // By adding `addDependency`, if the vulnerabilities are detected by `ImageScannerWithTrivy`, the following `ECRDeployment` will not be executed, deployment will fail.
44
+ const ecrDeployment = new ECRDeployment(this, 'DeployImage', {
45
+ src: new DockerImageName(image.imageUri),
46
+ dest: new DockerImageName(`${repository.repositoryUri}:latest`),
47
+ });
48
+ ecrDeployment.node.addDependency(imageScanner);
49
+ ```
50
+
51
+ # API Reference <a name="API Reference" id="api-reference"></a>
52
+
53
+ ## Constructs <a name="Constructs" id="Constructs"></a>
54
+
55
+ ### ImageScannerWithTrivy <a name="ImageScannerWithTrivy" id="image-scanner-with-trivy.ImageScannerWithTrivy"></a>
56
+
57
+ #### Initializers <a name="Initializers" id="image-scanner-with-trivy.ImageScannerWithTrivy.Initializer"></a>
58
+
59
+ ```typescript
60
+ import { ImageScannerWithTrivy } from 'image-scanner-with-trivy'
61
+
62
+ new ImageScannerWithTrivy(scope: Construct, id: string, props: ImageScannerWithTrivyProps)
63
+ ```
64
+
65
+ | **Name** | **Type** | **Description** |
66
+ | --- | --- | --- |
67
+ | <code><a href="#image-scanner-with-trivy.ImageScannerWithTrivy.Initializer.parameter.scope">scope</a></code> | <code>constructs.Construct</code> | *No description.* |
68
+ | <code><a href="#image-scanner-with-trivy.ImageScannerWithTrivy.Initializer.parameter.id">id</a></code> | <code>string</code> | *No description.* |
69
+ | <code><a href="#image-scanner-with-trivy.ImageScannerWithTrivy.Initializer.parameter.props">props</a></code> | <code><a href="#image-scanner-with-trivy.ImageScannerWithTrivyProps">ImageScannerWithTrivyProps</a></code> | *No description.* |
70
+
71
+ ---
72
+
73
+ ##### `scope`<sup>Required</sup> <a name="scope" id="image-scanner-with-trivy.ImageScannerWithTrivy.Initializer.parameter.scope"></a>
74
+
75
+ - *Type:* constructs.Construct
76
+
77
+ ---
78
+
79
+ ##### `id`<sup>Required</sup> <a name="id" id="image-scanner-with-trivy.ImageScannerWithTrivy.Initializer.parameter.id"></a>
80
+
81
+ - *Type:* string
82
+
83
+ ---
84
+
85
+ ##### `props`<sup>Required</sup> <a name="props" id="image-scanner-with-trivy.ImageScannerWithTrivy.Initializer.parameter.props"></a>
86
+
87
+ - *Type:* <a href="#image-scanner-with-trivy.ImageScannerWithTrivyProps">ImageScannerWithTrivyProps</a>
88
+
89
+ ---
90
+
91
+ #### Methods <a name="Methods" id="Methods"></a>
92
+
93
+ | **Name** | **Description** |
94
+ | --- | --- |
95
+ | <code><a href="#image-scanner-with-trivy.ImageScannerWithTrivy.toString">toString</a></code> | Returns a string representation of this construct. |
96
+
97
+ ---
98
+
99
+ ##### `toString` <a name="toString" id="image-scanner-with-trivy.ImageScannerWithTrivy.toString"></a>
100
+
101
+ ```typescript
102
+ public toString(): string
103
+ ```
104
+
105
+ Returns a string representation of this construct.
106
+
107
+ #### Static Functions <a name="Static Functions" id="Static Functions"></a>
108
+
109
+ | **Name** | **Description** |
110
+ | --- | --- |
111
+ | <code><a href="#image-scanner-with-trivy.ImageScannerWithTrivy.isConstruct">isConstruct</a></code> | Checks if `x` is a construct. |
112
+
113
+ ---
114
+
115
+ ##### ~~`isConstruct`~~ <a name="isConstruct" id="image-scanner-with-trivy.ImageScannerWithTrivy.isConstruct"></a>
116
+
117
+ ```typescript
118
+ import { ImageScannerWithTrivy } from 'image-scanner-with-trivy'
119
+
120
+ ImageScannerWithTrivy.isConstruct(x: any)
121
+ ```
122
+
123
+ Checks if `x` is a construct.
124
+
125
+ ###### `x`<sup>Required</sup> <a name="x" id="image-scanner-with-trivy.ImageScannerWithTrivy.isConstruct.parameter.x"></a>
126
+
127
+ - *Type:* any
128
+
129
+ Any object.
130
+
131
+ ---
132
+
133
+ #### Properties <a name="Properties" id="Properties"></a>
134
+
135
+ | **Name** | **Type** | **Description** |
136
+ | --- | --- | --- |
137
+ | <code><a href="#image-scanner-with-trivy.ImageScannerWithTrivy.property.node">node</a></code> | <code>constructs.Node</code> | The tree node. |
138
+
139
+ ---
140
+
141
+ ##### `node`<sup>Required</sup> <a name="node" id="image-scanner-with-trivy.ImageScannerWithTrivy.property.node"></a>
142
+
143
+ ```typescript
144
+ public readonly node: Node;
145
+ ```
146
+
147
+ - *Type:* constructs.Node
148
+
149
+ The tree node.
150
+
151
+ ---
152
+
153
+
154
+ ## Structs <a name="Structs" id="Structs"></a>
155
+
156
+ ### ImageScannerWithTrivyProps <a name="ImageScannerWithTrivyProps" id="image-scanner-with-trivy.ImageScannerWithTrivyProps"></a>
157
+
158
+ #### Initializer <a name="Initializer" id="image-scanner-with-trivy.ImageScannerWithTrivyProps.Initializer"></a>
159
+
160
+ ```typescript
161
+ import { ImageScannerWithTrivyProps } from 'image-scanner-with-trivy'
162
+
163
+ const imageScannerWithTrivyProps: ImageScannerWithTrivyProps = { ... }
164
+ ```
165
+
166
+ #### Properties <a name="Properties" id="Properties"></a>
167
+
168
+ | **Name** | **Type** | **Description** |
169
+ | --- | --- | --- |
170
+ | <code><a href="#image-scanner-with-trivy.ImageScannerWithTrivyProps.property.imageUri">imageUri</a></code> | <code>string</code> | Image URI for scan target. |
171
+ | <code><a href="#image-scanner-with-trivy.ImageScannerWithTrivyProps.property.repository">repository</a></code> | <code>aws-cdk-lib.aws_ecr.IRepository</code> | Repository including the image URI for scan target. |
172
+ | <code><a href="#image-scanner-with-trivy.ImageScannerWithTrivyProps.property.exitCode">exitCode</a></code> | <code>number</code> | Exit Code. |
173
+ | <code><a href="#image-scanner-with-trivy.ImageScannerWithTrivyProps.property.exitOnEol">exitOnEol</a></code> | <code>number</code> | Exit on EOL. |
174
+ | <code><a href="#image-scanner-with-trivy.ImageScannerWithTrivyProps.property.ignoreUnfixed">ignoreUnfixed</a></code> | <code>boolean</code> | The unfixed/unfixable vulnerabilities mean that the patch has not yet been provided on their distribution. |
175
+ | <code><a href="#image-scanner-with-trivy.ImageScannerWithTrivyProps.property.imageConfigScanners">imageConfigScanners</a></code> | <code><a href="#image-scanner-with-trivy.ImageConfigScanners">ImageConfigScanners</a>[]</code> | Enum for ImageConfigScanners. |
176
+ | <code><a href="#image-scanner-with-trivy.ImageScannerWithTrivyProps.property.memorySize">memorySize</a></code> | <code>number</code> | Custom Resource Memory Size (MB). |
177
+ | <code><a href="#image-scanner-with-trivy.ImageScannerWithTrivyProps.property.platform">platform</a></code> | <code>string</code> | Scan Image on a specific Architecture and OS. |
178
+ | <code><a href="#image-scanner-with-trivy.ImageScannerWithTrivyProps.property.scanners">scanners</a></code> | <code><a href="#image-scanner-with-trivy.Scanners">Scanners</a>[]</code> | Enable/Disable Scanners. |
179
+ | <code><a href="#image-scanner-with-trivy.ImageScannerWithTrivyProps.property.severity">severity</a></code> | <code><a href="#image-scanner-with-trivy.Severity">Severity</a>[]</code> | Severity Selection. |
180
+ | <code><a href="#image-scanner-with-trivy.ImageScannerWithTrivyProps.property.trivyIgnore">trivyIgnore</a></code> | <code>string[]</code> | By Finding IDs. |
181
+
182
+ ---
183
+
184
+ ##### `imageUri`<sup>Required</sup> <a name="imageUri" id="image-scanner-with-trivy.ImageScannerWithTrivyProps.property.imageUri"></a>
185
+
186
+ ```typescript
187
+ public readonly imageUri: string;
188
+ ```
189
+
190
+ - *Type:* string
191
+
192
+ Image URI for scan target.
193
+
194
+ ---
195
+
196
+ ##### `repository`<sup>Required</sup> <a name="repository" id="image-scanner-with-trivy.ImageScannerWithTrivyProps.property.repository"></a>
197
+
198
+ ```typescript
199
+ public readonly repository: IRepository;
200
+ ```
201
+
202
+ - *Type:* aws-cdk-lib.aws_ecr.IRepository
203
+
204
+ Repository including the image URI for scan target.
205
+
206
+ Because of grantPull to CustomResourceLambda.
207
+
208
+ ---
209
+
210
+ ##### `exitCode`<sup>Optional</sup> <a name="exitCode" id="image-scanner-with-trivy.ImageScannerWithTrivyProps.property.exitCode"></a>
211
+
212
+ ```typescript
213
+ public readonly exitCode: number;
214
+ ```
215
+
216
+ - *Type:* number
217
+ - *Default:* 1
218
+
219
+ Exit Code.
220
+
221
+ Use the `exitCode` option if you want to exit with a non-zero exit code.
222
+
223
+ You can specify 0 if you do not want to exit even when vulnerabilities are detected.
224
+
225
+ It defaults to 1 IN THIS CONSTRUCT for safety in CI/CD. In the original trivy, it is 0.
226
+
227
+ > [https://aquasecurity.github.io/trivy/latest/docs/configuration/others/#exit-code](https://aquasecurity.github.io/trivy/latest/docs/configuration/others/#exit-code)
228
+
229
+ ---
230
+
231
+ ##### `exitOnEol`<sup>Optional</sup> <a name="exitOnEol" id="image-scanner-with-trivy.ImageScannerWithTrivyProps.property.exitOnEol"></a>
232
+
233
+ ```typescript
234
+ public readonly exitOnEol: number;
235
+ ```
236
+
237
+ - *Type:* number
238
+ - *Default:* 1
239
+
240
+ Exit on EOL.
241
+
242
+ Sometimes you may surprisingly get 0 vulnerabilities in an old image:
243
+ - Enabling --ignore-unfixed option while all packages have no fixed versions.
244
+ - Scanning a rather outdated OS (e.g. Ubuntu 10.04).
245
+
246
+ An OS at the end of service/life (EOL) usually gets into this situation, which is definitely full of vulnerabilities.
247
+ `exitOnEol` can fail scanning on EOL OS with a non-zero code.
248
+
249
+ It defaults to 1 IN THIS CONSTRUCT for safety in CI/CD. In the original trivy, it is 0.
250
+
251
+ > [https://aquasecurity.github.io/trivy/latest/docs/configuration/others/#exit-on-eol](https://aquasecurity.github.io/trivy/latest/docs/configuration/others/#exit-on-eol)
252
+
253
+ ---
254
+
255
+ ##### `ignoreUnfixed`<sup>Optional</sup> <a name="ignoreUnfixed" id="image-scanner-with-trivy.ImageScannerWithTrivyProps.property.ignoreUnfixed"></a>
256
+
257
+ ```typescript
258
+ public readonly ignoreUnfixed: boolean;
259
+ ```
260
+
261
+ - *Type:* boolean
262
+ - *Default:* false
263
+
264
+ The unfixed/unfixable vulnerabilities mean that the patch has not yet been provided on their distribution.
265
+
266
+ To hide unfixed/unfixable vulnerabilities, you can use the `--ignore-unfixed` flag.
267
+
268
+ > [https://aquasecurity.github.io/trivy/latest/docs/scanner/vulnerability/#unfixed-vulnerabilities](https://aquasecurity.github.io/trivy/latest/docs/scanner/vulnerability/#unfixed-vulnerabilities)
269
+
270
+ ---
271
+
272
+ ##### `imageConfigScanners`<sup>Optional</sup> <a name="imageConfigScanners" id="image-scanner-with-trivy.ImageScannerWithTrivyProps.property.imageConfigScanners"></a>
273
+
274
+ ```typescript
275
+ public readonly imageConfigScanners: ImageConfigScanners[];
276
+ ```
277
+
278
+ - *Type:* <a href="#image-scanner-with-trivy.ImageConfigScanners">ImageConfigScanners</a>[]
279
+ - *Default:* []
280
+
281
+ Enum for ImageConfigScanners.
282
+
283
+ Container images have configuration. docker inspect and `docker history` show the information according to the configuration.
284
+ Trivy scans the configuration of container images for
285
+
286
+ - Misconfigurations
287
+ - Secrets
288
+
289
+ They are disabled by default. You can enable them with `imageConfigScanners`.
290
+
291
+ > [https://aquasecurity.github.io/trivy/latest/docs/target/container_image/#container-image-metadata](https://aquasecurity.github.io/trivy/latest/docs/target/container_image/#container-image-metadata)
292
+
293
+ ---
294
+
295
+ ##### `memorySize`<sup>Optional</sup> <a name="memorySize" id="image-scanner-with-trivy.ImageScannerWithTrivyProps.property.memorySize"></a>
296
+
297
+ ```typescript
298
+ public readonly memorySize: number;
299
+ ```
300
+
301
+ - *Type:* number
302
+ - *Default:* 3008
303
+
304
+ Custom Resource Memory Size (MB).
305
+
306
+ You can specify between `3008` and `10240`.
307
+
308
+ If this Construct execution terminates abnormally due to SIGKILL, try a larger size.
309
+
310
+ Default value (`3008` MB) is Maximum memory size for default AWS account without quota limit increase.
311
+
312
+ ---
313
+
314
+ ##### `platform`<sup>Optional</sup> <a name="platform" id="image-scanner-with-trivy.ImageScannerWithTrivyProps.property.platform"></a>
315
+
316
+ ```typescript
317
+ public readonly platform: string;
318
+ ```
319
+
320
+ - *Type:* string
321
+ - *Default:*
322
+
323
+ Scan Image on a specific Architecture and OS.
324
+
325
+ By default, Trivy loads an image on a `linux/amd64` machine.
326
+
327
+ To customize this, pass a `platform` argument in the format OS/Architecture for the image, such as `linux/arm64`
328
+
329
+ ---
330
+
331
+ ##### `scanners`<sup>Optional</sup> <a name="scanners" id="image-scanner-with-trivy.ImageScannerWithTrivyProps.property.scanners"></a>
332
+
333
+ ```typescript
334
+ public readonly scanners: Scanners[];
335
+ ```
336
+
337
+ - *Type:* <a href="#image-scanner-with-trivy.Scanners">Scanners</a>[]
338
+ - *Default:* [Security.VULN,Scanners.SECRET]
339
+
340
+ Enable/Disable Scanners.
341
+
342
+ You can enable/disable scanners with the `scanners`.
343
+
344
+ For example, container image scanning enables vulnerability (VULN) and secret scanners (SECRET) by default.
345
+ If you don't need secret scanning, it can be disabled by specifying Scanners.VULN only.
346
+
347
+ > [https://aquasecurity.github.io/trivy/latest/docs/configuration/others/#enabledisable-scanners](https://aquasecurity.github.io/trivy/latest/docs/configuration/others/#enabledisable-scanners)
348
+
349
+ ---
350
+
351
+ ##### `severity`<sup>Optional</sup> <a name="severity" id="image-scanner-with-trivy.ImageScannerWithTrivyProps.property.severity"></a>
352
+
353
+ ```typescript
354
+ public readonly severity: Severity[];
355
+ ```
356
+
357
+ - *Type:* <a href="#image-scanner-with-trivy.Severity">Severity</a>[]
358
+ - *Default:* [Severity.CRITICAL]
359
+
360
+ Severity Selection.
361
+
362
+ The severity is taken from the selected data source since the severity from vendors is more accurate.
363
+ Using CVE-2023-0464 as an example, while it is rated as "HIGH" in NVD, Red Hat has marked its 'Impact' as "Low". As a result, Trivy will display it as "Low".
364
+
365
+ The severity depends on the compile option, the default configuration, etc. NVD doesn't know how the vendor distributes the software.
366
+ Red Hat evaluates the severity more accurately. That's why Trivy prefers vendor scores over NVD.
367
+
368
+ It defaults to `CRITICAL` IN THIS CONSTRUCT for safety in CI/CD, but the default configuration of Trivy is "CRITICAL,HIGH,MEDIUM,LOW,UNKNOWN".
369
+
370
+ > [https://aquasecurity.github.io/trivy/latest/docs/scanner/vulnerability/#severity-selection](https://aquasecurity.github.io/trivy/latest/docs/scanner/vulnerability/#severity-selection)
371
+
372
+ ---
373
+
374
+ ##### `trivyIgnore`<sup>Optional</sup> <a name="trivyIgnore" id="image-scanner-with-trivy.ImageScannerWithTrivyProps.property.trivyIgnore"></a>
375
+
376
+ ```typescript
377
+ public readonly trivyIgnore: string[];
378
+ ```
379
+
380
+ - *Type:* string[]
381
+ - *Default:* []
382
+
383
+ By Finding IDs.
384
+
385
+ The ignore rules written to the .trivyignore in trivy.
386
+ Put each line you write in the file into one element of the array.
387
+
388
+ > [https://aquasecurity.github.io/trivy/latest/docs/configuration/filtering/#trivyignore](https://aquasecurity.github.io/trivy/latest/docs/configuration/filtering/#trivyignore)
389
+
390
+ ---
391
+
392
+ *Example*
393
+
394
+ ```typescript
395
+ $ cat .trivyignore
396
+ # Accept the risk
397
+ CVE-2018-14618
398
+
399
+ # Accept the risk until 2023-01-01
400
+ CVE-2019-14697 exp:2023-01-01
401
+
402
+ # No impact in our settings
403
+ CVE-2019-1543
404
+
405
+ # Ignore misconfigurations
406
+ AVD-DS-0002
407
+
408
+ # Ignore secrets
409
+ generic-unwanted-rule
410
+ aws-account-id
411
+ ```
412
+
413
+
414
+
415
+
416
+ ## Enums <a name="Enums" id="Enums"></a>
417
+
418
+ ### ImageConfigScanners <a name="ImageConfigScanners" id="image-scanner-with-trivy.ImageConfigScanners"></a>
419
+
420
+ Enum for ImageConfigScanners.
421
+
422
+ > [https://aquasecurity.github.io/trivy/latest/docs/target/container_image/#container-image-metadata](https://aquasecurity.github.io/trivy/latest/docs/target/container_image/#container-image-metadata)
423
+
424
+ #### Members <a name="Members" id="Members"></a>
425
+
426
+ | **Name** | **Description** |
427
+ | --- | --- |
428
+ | <code><a href="#image-scanner-with-trivy.ImageConfigScanners.CONFIG">CONFIG</a></code> | *No description.* |
429
+ | <code><a href="#image-scanner-with-trivy.ImageConfigScanners.SECRET">SECRET</a></code> | *No description.* |
430
+
431
+ ---
432
+
433
+ ##### `CONFIG` <a name="CONFIG" id="image-scanner-with-trivy.ImageConfigScanners.CONFIG"></a>
434
+
435
+ ---
436
+
437
+
438
+ ##### `SECRET` <a name="SECRET" id="image-scanner-with-trivy.ImageConfigScanners.SECRET"></a>
439
+
440
+ ---
441
+
442
+
443
+ ### Scanners <a name="Scanners" id="image-scanner-with-trivy.Scanners"></a>
444
+
445
+ Enum for Scanners.
446
+
447
+ > [https://aquasecurity.github.io/trivy/latest/docs/configuration/others/#enabledisable-scanners](https://aquasecurity.github.io/trivy/latest/docs/configuration/others/#enabledisable-scanners)
448
+
449
+ #### Members <a name="Members" id="Members"></a>
450
+
451
+ | **Name** | **Description** |
452
+ | --- | --- |
453
+ | <code><a href="#image-scanner-with-trivy.Scanners.VULN">VULN</a></code> | *No description.* |
454
+ | <code><a href="#image-scanner-with-trivy.Scanners.CONFIG">CONFIG</a></code> | *No description.* |
455
+ | <code><a href="#image-scanner-with-trivy.Scanners.SECRET">SECRET</a></code> | *No description.* |
456
+ | <code><a href="#image-scanner-with-trivy.Scanners.LICENSE">LICENSE</a></code> | *No description.* |
457
+
458
+ ---
459
+
460
+ ##### `VULN` <a name="VULN" id="image-scanner-with-trivy.Scanners.VULN"></a>
461
+
462
+ ---
463
+
464
+
465
+ ##### `CONFIG` <a name="CONFIG" id="image-scanner-with-trivy.Scanners.CONFIG"></a>
466
+
467
+ ---
468
+
469
+
470
+ ##### `SECRET` <a name="SECRET" id="image-scanner-with-trivy.Scanners.SECRET"></a>
471
+
472
+ ---
473
+
474
+
475
+ ##### `LICENSE` <a name="LICENSE" id="image-scanner-with-trivy.Scanners.LICENSE"></a>
476
+
477
+ ---
478
+
479
+
480
+ ### Severity <a name="Severity" id="image-scanner-with-trivy.Severity"></a>
481
+
482
+ Enum for Severity Selection.
483
+
484
+ > [https://aquasecurity.github.io/trivy/latest/docs/scanner/vulnerability/#severity-selection](https://aquasecurity.github.io/trivy/latest/docs/scanner/vulnerability/#severity-selection)
485
+
486
+ #### Members <a name="Members" id="Members"></a>
487
+
488
+ | **Name** | **Description** |
489
+ | --- | --- |
490
+ | <code><a href="#image-scanner-with-trivy.Severity.UNKNOWN">UNKNOWN</a></code> | *No description.* |
491
+ | <code><a href="#image-scanner-with-trivy.Severity.LOW">LOW</a></code> | *No description.* |
492
+ | <code><a href="#image-scanner-with-trivy.Severity.MEDIUM">MEDIUM</a></code> | *No description.* |
493
+ | <code><a href="#image-scanner-with-trivy.Severity.HIGH">HIGH</a></code> | *No description.* |
494
+ | <code><a href="#image-scanner-with-trivy.Severity.CRITICAL">CRITICAL</a></code> | *No description.* |
495
+
496
+ ---
497
+
498
+ ##### `UNKNOWN` <a name="UNKNOWN" id="image-scanner-with-trivy.Severity.UNKNOWN"></a>
499
+
500
+ ---
501
+
502
+
503
+ ##### `LOW` <a name="LOW" id="image-scanner-with-trivy.Severity.LOW"></a>
504
+
505
+ ---
506
+
507
+
508
+ ##### `MEDIUM` <a name="MEDIUM" id="image-scanner-with-trivy.Severity.MEDIUM"></a>
509
+
510
+ ---
511
+
512
+
513
+ ##### `HIGH` <a name="HIGH" id="image-scanner-with-trivy.Severity.HIGH"></a>
514
+
515
+ ---
516
+
517
+
518
+ ##### `CRITICAL` <a name="CRITICAL" id="image-scanner-with-trivy.Severity.CRITICAL"></a>
519
+
520
+ ---
521
+