Skip to content

anantacloud-actions/trivy

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace
BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

32 Commits
.github
.github
Β 
Β 
dist
dist
Β 
Β 
docs
docs
Β 
Β 
src
src
Β 
Β 
.gitignore
.gitignore
Β 
Β 
CODE_OF_CONDUCT.md
CODE_OF_CONDUCT.md
Β 
Β 
README.md
README.md
Β 
Β 
SUPPORT.md
SUPPORT.md
Β 
Β 
action.yml
action.yml
Β 
Β 
package-lock.json
package-lock.json
Β 
Β 
package.json
package.json
Β 
Β 

Repository files navigation

πŸ›‘οΈ Ultimate Trivy Vulnerability Scanner

image

Build Status Marketplace GitHub stars License: MIT

Scan faster. Secure smarter.

This is a high-performance, Node.js-based GitHub Action for Trivy. Unlike standard container-based actions, this runs directly on the runner VM, offering lightning-fast startup times, intelligent database caching, and clean Job Summaries.

🎬 See It In Action (30 sec)

Trivy Scan Demo
Automated Vulnerbility Scanning πŸš€

πŸš€ Why choose this over the official action?

Feature Official Trivy Action This Ultimate Action
Startup Speed 🐒 Slow (Pulls Docker Image) ⚑ Instant (Node.js Native)
Database Caching ❌ Manual Setup βœ… Automatic (Daily Cache)
UX Console Logs only βœ… Rich Job Summaries
Architecture x64 Only βœ… x64 & ARM64 Support
Audit Ready ❌ Manual βœ… Auto-uploads Artifacts

✨ Key Features

  • ⚑ Lightning Fast: Built with Node 20, bypassing heavy container pulls.
  • πŸ“¦ Smart Caching: Automatically caches the Trivy Database (DB) to save minutes on every run.
  • πŸ“Š Rich Summaries: Generates a clean security overview directly on your GitHub Actions summary page.
  • πŸ›‘οΈ Security Tab Integration: Full SARIF support to show vulnerabilities in your PR "Files Changed" tab.
  • πŸ“œ SBOM Generation: Create CycloneDX or SPDX bill-of-materials with a single flag.
  • πŸ› οΈ Compliance Ready: Support for CIS Benchmarks, NSA, and more.

πŸ› οΈ Quick Start

Basic Filesystem Scan

Add this to your .github/workflows/security.yml:

- name: πŸ›‘οΈ Run Security Scan
  uses: anantacloud-actions/trivy@v1
  with:
    scan-type: 'fs'
    severity: 'HIGH,CRITICAL'

πŸ“Š Job Summaries

Don't dig through logs! This action generates a professional summary at the end of every run.

Example Output:

πŸ›‘οΈ Trivy Security Report

Target: . | Type: fs

Severity Count Fixed
πŸ”΄ CRITICAL 2 2
🟠 HIGH 5 3

βœ… No vulnerabilities found with current threshold. (or ⚠️ Action failed due to 7 vulnerabilities)

βš™οΈ Configuration

Inputs

Input Description Default
scan-type Type of scan: fs, image, config, sbom fs
scan-target Target to scan (path . or image name) .
severity Severities (LOW,MEDIUM,HIGH,CRITICAL) HIGH,CRITICAL
exit-code Exit code when vulnerabilities are found (1 to fail) 0
format Output format: table, json, sarif table
trivy-version Specific version or latest latest
upload-artifact Automatically upload the report as a workflow artifact true

⭐ Support & Adoption

If you find this action useful, please consider giving it a ⭐ Star on GitHub!

πŸ“œ License

Distributed under the MIT License.

About

πŸ›‘οΈ The fastest Trivy Action for GitHub. Scan Containers, Filesystems, and IaC for vulnerabilities. Supports SBOM, SARIF, and Daily DB Caching.

anantacloud.com

Topics

nodejs security static-analysis actions devsecops vulnerability-scanner docker-security container-security sbom github-actions cyclonedx kubernetes-security trivy supply-chain-security cve-scanner iac-security

Resources

Readme

Code of conduct

Code of conduct
Activity
Custom properties

Stars

3 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 1

Ultimate Trivy: Fast Vulnerability Scanner & SBOM Generator Latest
Apr 17, 2026

Packages

 
 
 

Contributors

Languages