Skip to content
Recued
Menu
← Back to packs

Trivy Pack

by recued-core v1 app_pack

V3 local filesystem security capability pack. By-value connector composition (service_kind=cli, no separate ingredient): one local trivy CLI ingredient exposes bounded project operations for readiness, dependency/IaC security scanning, and CycloneDX SBOM generation. Operations accept one trusted filesystem target, avoid caller-supplied Trivy flags, avoid shell wrappers, and keep findings or SBOM output as JSON. Security scans use filesystem target mode, vuln+misconfig scanners only, JSON output, and no output file; they expose no container image scan, Kubernetes scan, repo clone, server/client mode, secret scanning, license-policy scan, caller-supplied config/check/template/VEX/ignorefile paths, registry credentials, module/plugin actions, or arbitrary command execution. Approval is ask because Trivy may update vulnerability and check databases before scanning. Requires trivy on PATH. Network egress may occur for Trivy database/check updates.

What this pack installs

  • trivy Ingredient

Trust & control

What installing this whole pack would let it do. Recued grants these permissions at install — review them there before approving.

Where it runs

Server only Runs on your server.

What it's allowed to do

Read Local CLI trivy read-only
Read: trivy.version · No approvalRead: software.vulnerability_scan · Asks approvalRead: software.sbom_cyclonedx · Asks approval

Data it touches

SurfacesLocal CLI

About

Tags

pack:trivytrivyvulnerabilitymisconfigurationiacdependenciessupply-chainsecurityjsondeveloper-toolsdeterministicv3composition