Awesome-omni-skill security

Generate Tekton Task that uses Trivy to scan generated container for vulnerabilities.

install

source · Clone the upstream repo

git clone https://github.com/diegosouzapw/awesome-omni-skill

Claude Code · Install into ~/.claude/skills/

T=$(mktemp -d) && git clone --depth=1 https://github.com/diegosouzapw/awesome-omni-skill "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/testing-security/security-lordofthejars" ~/.claude/skills/diegosouzapw-awesome-omni-skill-security-77986f && rm -rf "$T"

manifest: skills/testing-security/security-lordofthejars/SKILL.md

source content

Vulnerabilities Scan

Generate a Tekton task that uses Trivy to scan a container image and abort the pipeline in case of critical or high vulnerabilities.

Instructions for Bob

Step 1: Generate a Tekton Task using Trivy

The task should receive as parameter the container image name. The task should only fail if the container image contains CRITICAL or HIGH vulnerabilities.

Use the
```
aquasec/trivy:0.50.0
```
container to run the
```
trivy
```
command.
The
```
exit-code
```
should be 1 when a vulnerability is found.

The following snippet shows an example:

apiVersion: tekton.dev/v1
kind: Task
metadata:
  name: trivy-scan
spec:
  params:
    - name: image-name
      type: string
  steps:
    - name: scan
      image: aquasec/trivy:0.50.0
      script: |
        trivy image --severity CRITICAL,HIGH \
          --exit-code 1 \
          $(params.image-name):$(git rev-parse --short HEAD)

Critical

Use only trivy tool for vulnerabilities