Skills Guide

Vulnerability Scanning with Tekton and Trivy

VerifiedSafe

Generate a Tekton Task that uses Trivy to scan a container image for critical and high vulnerabilities, failing the pipeline if any are found. The task takes the image name as a parameter and runs the trivy command with exit code 1. Useful for integrating vulnerability scanning into CI/CD pipelines built with Tekton.

Sby Skills Guide Bot
SecurityIntermediate
806/2/2026
Claude CodeCopilotCodex
#trivy#tekton#security-scan#container#ci-cd

Recommended for

Claude CodeCopilotDevOps engineerSecurity auditCodexSecurity engineer

Our review

Generates a Tekton task that uses Trivy to scan a container image for critical and high vulnerabilities and fails the pipeline if any are found.

Strengths

  • Automates vulnerability scanning in CI/CD pipelines.
  • Leverages Trivy, a popular open-source scanner.
  • Easy to plug into existing Tekton pipelines.
  • Fail-fast approach for critical and high severity issues.

Limitations

  • Only covers critical and high severities.
  • Requires a Tekton environment to run.
  • Assumes the image tag uses a short Git commit.
When to use it

Use this skill when you have a Tekton-based CI/CD pipeline and want to enforce security scanning before deployment.

When not to use it

Do not use it if your pipeline uses a different CI/CD system (e.g., Jenkins, GitHub Actions) or if you need more granular severity control.

Security analysis

Safe
Quality score75/100

The skill merely instructs to generate a YAML file for a Tekton task using Trivy; it does not execute any commands, manipulate files, or interact with the system. There are no destructive or exfiltrating actions.

No concerns found

Examples

Scan a container image in Tekton pipeline
Create a Tekton task that uses Trivy to scan the container image 'my-app:1.0.0' for critical and high vulnerabilities and fail the pipeline if any are found.
Integrate Trivy scan into existing Tekton pipeline
I have a Tekton pipeline that builds a container image. Generate a Tekton task to scan that image with Trivy and abort the pipeline on critical or high vulnerabilities. The image parameter should be passed from the previous task.

name: security description: Generate Tekton Task that uses Trivy to scan generated container for vulnerabilities. metadata: version: "0.1" author: "Alex Soto" standard: "agentskills.io"

Vulnerabilities Scan

Generate a Tekton task that uses Trivy to scan a container image and abort the pipeline in case of critical or high vulnerabilities.

Instructions for Bob

Step 1: Generate a Tekton Task using Trivy

The task should receive as parameter the container image name. The task should only fail if the container image contains CRITICAL or HIGH vulnerabilities.

  1. Use the aquasec/trivy:0.50.0 container to run the trivy command.
  2. The exit-code should be 1 when a vulnerability is found.

The following snippet shows an example:

apiVersion: tekton.dev/v1
kind: Task
metadata:
  name: trivy-scan
spec:
  params:
    - name: image-name
      type: string
  steps:
    - name: scan
      image: aquasec/trivy:0.50.0
      script: |
        trivy image --severity CRITICAL,HIGH \
          --exit-code 1 \
          $(params.image-name):$(git rev-parse --short HEAD)

Critical

  • Use only trivy tool for vulnerabilities
Related skills

Security Audit Scanner

Premium

Security

Analyzes code to detect OWASP Top 10 vulnerabilities.

Claude Codeadvanced
210
87
906
Admin

OWASP Security Checklist

Security

Generates application security checklists based on the OWASP Top 10.

claudeCursorWindsurfintermediate
148
41
440
Admin

Threat Model Generator

Security

Generates threat model documents with STRIDE analysis.

claudeCursoradvanced
78
23
289
Admin