sca-trivy

What problem does it solve?

This Skill helps teams continuously identify and remediate vulnerabilities, license risks, and misconfigurations across the software supply chain by combining SCA, SBOM generation, and CI/CD integration using Trivy.

Core Features & Use Cases

• Software Composition Analysis across containers, dependencies, and IaC
• SBOM generation in CycloneDX and SPDX formats
• CI/CD integration with SARIF output and remediation prioritization based on CVSS and licenses
• End-to-end scanning workflow including container, filesystem, and IaC assessments

Quick Start

Run a full scan to detect vulnerabilities, misconfigurations, and license risks across images, dependencies, and IaC, then generate an SBOM and remediation guidance.