Get Started on Cloud
BasicsPipelinesActions & ServicesEnvironmentsIntegrationsTargetsTestsDomainsSandboxesAgents & TunnelsYAML

YAML for Trivy CLI

View as Markdown

Execute Trivy CLI commands for security scanning of vulnerabilities, secrets, and misconfigurations.

YAML parameters for Trivy CLI

PARAMETERS
execute_commandsrequiredstring[]
List of shell commands to execute.
typerequiredstring

Value: TRIVY_CLI

actionrequiredstring
Unique identifier for the action within the pipeline.
shellstring enum
Shell to use for executing commands: BASH (default), SH, or ZSH.
Allowed enum:
SH,
BASH,
POWERSHELL
setup_commandsstring[]
Commands to run before the main commands (e.g., for installing dependencies).
versionstring
Version of the CLI tool.
trigger_timestring enum
Specifies when the action should be executed.
Allowed enum:
ON_EVERY_EXECUTION,
ON_SUCCESS,
ON_FAILURE,
ON_BACK_TO_SUCCESS,
ON_WARNING,
ON_WAIT_FOR_APPROVE,
ON_TERMINATE
loopstring[]
The list of variables for dynamic action execution. The action runs once for each value.
run_only_on_first_failureboolean
Defines whether the action should be executed on each failure. Restricted to and required if the trigger_time is ON_FAILURE.
disabledboolean
When set to true the action is disabled. By default it is set to false.
timeoutinteger
The timeout in seconds.
ignore_errorsboolean
If set to true the execution will proceed, mark action as a warning and jump to the next action. Doesn't apply to deployment actions.
retry_intervalinteger
Delay time between auto retries in seconds.
retry_countinteger
Number of retries if the action fails.
run_nextstring enum
Defines whether the action should run in parallel with the next one.
Allowed enum:
WAIT_ON_SUCCESS,
IN_SOFT_PARALLEL,
IN_HARD_PARALLEL
trigger_conditionsTriggerConditionYaml[]
The list of trigger conditions to meet so that the action can be triggered.
variablesVariableYaml[]
The list of variables you can use in the action.

Last modified on May 11, 2026

Previous pageTrigger pipelineNext pageVisual tests

YAML examples for Trivy CLI

Run Trivy security scan

yaml
  - action: "Trivy security scan"
    type: "TRIVY_CLI"
    version: "0.58.0"
    shell: "SH"
    execute_commands:
      - "trivy fs --severity HIGH,CRITICAL ."
      - "trivy image --severity CRITICAL myapp:latest"