Back to Docs
Recipe
Trivy Container Scanner
Scan container images for vulnerabilities, misconfigurations, and secrets before they reach production. Integrate Trivy into CI/CD pipelines with Meridian's hardened runtime.
Prerequisites
- Meridian CLI v2.4+ installed and authenticated
- Docker or Podman runtime available on the build host
- Trivy binary in PATH or pulled via aquasecurity/trivy image
Quick Start
# Scan an image directly
trivy image nginx:1.25-alpine
# Scan with severity filter
trivy image --severity HIGH,CRITICAL my-app:latest
# Output as SARIF for CI
trivy image --format sarif -o report.sarif my-app:latest
CI Integration
Add Trivy as a pipeline step. Fail builds on critical CVEs. Export SARIF reports for GitHub Security tab ingestion.
SBOM Generation
Generate CycloneDX or SPDX bills of materials. Attest to supply chain integrity with Meridian signing keys.
Need help? Open a ticket or join the Meridian Discord.