sca-trivy
关于
The `sca-trivy` skill performs comprehensive security scanning using Aqua Trivy, identifying vulnerabilities in container images, dependencies across multiple languages, and Infrastructure-as-Code configurations. It integrates into CI/CD pipelines, outputs results in SARIF format, and can generate SBOMs. Use it to automate vulnerability detection and prioritize fixes by CVSS score within your development workflow.
快速安装
Claude Code
推荐npx skills add aiskillstore/marketplace -a claude-code/plugin add https://github.com/aiskillstore/marketplacegit clone https://github.com/aiskillstore/marketplace.git ~/.claude/skills/sca-trivy在 Claude Code 中复制并粘贴此命令以安装该技能
GitHub 仓库
Frequently asked questions
What is the sca-trivy skill?
sca-trivy is a Claude Skill by aiskillstore. Skills package instructions and resources that Claude loads on demand, so Claude can perform sca-trivy-related tasks without extra prompting.
How do I install sca-trivy?
Use the install commands on this page: add sca-trivy to Claude Code as a plugin, or clone its repository into your skills directory, then restart Claude so it picks up the skill.
What category does sca-trivy belong to?
sca-trivy is in the devsecops category, tagged sca, trivy, container-security, vulnerability-scanning, sbom and iac-security.
Is sca-trivy free to use?
Yes. sca-trivy is listed on AIMCP and free to install. It runs inside Claude, so no separate service account is required to use the skill itself.
相关推荐技能
这是一个用于Dockerfile安全扫描的Claude Skill,基于Hadolint工具实现。它能检测安全配置错误、硬编码凭据等100多种问题,并符合CIS Docker基准要求。开发者可在CI/CD流程或本地开发中使用它来实施左移安全策略,获取修复建议。
这是一个用于容器漏洞扫描的Claude Skill,它利用Grype工具扫描容器镜像和文件系统中的已知漏洞。该Skill支持集成到CI/CD流水线中,可根据CVSS严重程度、EPSS利用概率和CISA KEV指标设置阈值并优先修复。它能分析多种SBOM格式,并生成JSON、SARIF、CycloneDX等多种格式的报告以便与安全工具链集成。
这是一个用于基础设施即代码(IaC)安全扫描的Claude Skill,它利用Checkov对Terraform、Kubernetes等多种格式的配置文件进行安全检测。它能扫描安全错误配置、合规性违规,并检测硬编码的密钥,帮助您在部署前发现风险。该Skill支持集成到CI/CD管道中,并针对CIS、PCI-DSS等标准生成合规报告,是实施策略即代码和云安全态势管理的实用工具。
Container-grype 是一个用于容器漏洞扫描和依赖风险评估的 Claude Skill,它利用 Grype 对容器镜像和文件系统进行安全扫描。该工具特别适用于集成到 CI/CD 流水线中,通过 CVSS 严重性评级、EPSS 利用概率和 CISA KEV 指标来设定阈值并优先处理修复。它能分析多种 SBOM 格式,并生成 JSON、SARIF 和 CycloneDX 等多种格式的报告,以便与现有安全工具链集成。
