yaml 10 lines · 1 tab

Trivy image scanning in pull request pipelines

Kai Nakamura Apr 2026
1 tab
- name: Build image
  run: docker build -t app:${{ github.sha }} .

- name: Scan image
  uses: aquasecurity/trivy-action@0.24.0
  with:
    image-ref: app:${{ github.sha }}
    severity: HIGH,CRITICAL
    exit-code: '1'
    ignore-unfixed: true
1 file · yaml Explain with highlit

I scan container images before they ever reach a registry promotion step. Trivy gives quick visibility into OS packages, language dependencies, and misconfiguration issues in IaC. The important part is failing only on risk that the team is prepared to fix, otherwise the scan turns into wallpaper.

Share this code

Here's the card — post it anywhere.

Trivy image scanning in pull request pipelines — share card
Link copied