You can set up a Security step with Aqua Trivy to detect vulnerabilities and misconfigurations in your container images.
- STO supports container scans only with Aqua Trivy.
STO supports the following
policy_type settings for Aqua-Trivy:
orchestratedScan— A Security step in the pipeline runs the scan and ingests the results. This is the easiest to set up and supports scans with default or predefined settings.
ingestionOnly— Run the scan in a Run step, or outside the pipeline, and then ingest the results. This is useful for advanced workflows that address specific security needs. See Ingest scan results into an STO pipeline.
product_config_name— Specify one of the following:
aqua-trivy— Run the Trivy image scanner with default settings.
aqua-trivy-debug— Run the Trivy image scanner in Debug mode.
container_domain— The image registry domain, for example
container_project— The image owner and project, for example
container_tag— The tag of the image to scan, for example
container_type— Set to
The following settings are also required, depending on the container type:
container_region: Image registry AWS region