1 files changed, 28 insertions, 0 deletions

diff --git a/tasks/trivy-image/task.yml b/tasks/trivy-image/task.yml
new file mode 100644
index 0000000..59940a9
--- /dev/null
+++ b/tasks/trivy-image/task.yml
@@ -0,0 +1,28 @@
+---
+platform: linux
+image_resource:
+  type: registry-image
+  source: {repository: docker.io/aquasec/trivy}
+
+inputs:
+  - name: docker-repo
+  - name: image
+
+run:
+  path: ash
+  args:
+    - -euo
+    - pipefail
+    - -c
+    - |
+      trivy image \
+        --ignore-unfixed \
+        --severity HIGH,CRITICAL \
+        --exit-code ${EXIT_CODE} \
+        --ignorefile "${TRIVY_IGNORE}" \
+        --input "${INPUT_TAR}"
+
+params:
+  TRIVY_IGNORE: docker-repo/.trivyignore
+  INPUT_TAR: image/image.tar
+  EXIT_CODE: 1