This tool can be used to receive all trivy results from a GitLab group. The tool scans all subgroups and prints out a result of the GitLab CI trivy scan job and checks if there is a .trivyignore defined in the default branch.

brew install steffakasid/trivyops/trivyops

Or brew tap steffakasid/trivyops and then brew install trivyops.

trivyops [flags] GITLAB_GROUP_ID

• GITLAB_TOKEN - the GitLab token to access the Gitlab instance

• GITLAB_HOST - the GitLab host which should be accessed [Default: https://gitlab.com]

• GITLAB_GROUP_ID - the GitLab group ID to scan (only be used if not given per argument)

• LOG_LEVEL - the log level to use [Default: info]

• METRICS_PORT - the metrics endpoint when running in daemon mode [Default: 2112]

• METRICS_CRON - the cron string used to define how often metrics results are gathered from GitLab [Default: @every 6h]

trivyops 1234 - get all trivy results from 1234

trivyops 1234 --filter ^blub.* - get all trivy results from 1234 where name starts with blub

trivyops 1234 -o table - output results as table (works well with less results)

trivyops 1234 -v - get more details

[-a], [--artifact-name] string The artifact filename of the trivy result (default "trivy-results.json")

[-f], [--filter] string A golang regular expression to filter project name with namespace (e.g. (^{./groupprefix.+$)|(}.*otherprefix.))

[--help] Print help message

[-j], [--job-name] string The gitlab ci jobname to check (default "scan_oci_image_trivy")

-o, [--output] string Define how to output results [text, table, json] (default "text")

[--v] Get details

[--vv] Get more details

[--vvv] Get even more details

[--version] Print version information

All flags can also be set via config file

1. Command line flags

2. Env variables

3. Config file

This means the config file has the lowest priority an will be overwritten by the other configuration methods.