darkwizard242.trivy
Ansible Role: trivy
This role installs (by default) the trivy package or uninstalls it (if specified) on Debian-based and EL-based systems. Trivy is an easy-to-use tool for scanning vulnerabilities in containers.
Requirements
None.
Role Variables
The following variables are available (found in defaults/main.yml):
Variables List:
trivy_app: trivy
trivy_app_desired_state: present
trivy_debian_pre_reqs:
- apt-transport-https
- gnupg
trivy_debian_pre_reqs_desired_state: present
trivy_repo_debian_gpg_key: https://aquasecurity.github.io/trivy-repo/deb/public.key
trivy_repo_debian: "deb https://aquasecurity.github.io/trivy-repo/deb {{ ansible_lsb['codename'] }} main"
trivy_repo_debian_filename: "{{ trivy_app }}"
trivy_repo_debian_desired_state: present
trivy_repo_el: https://aquasecurity.github.io/trivy-repo/rpm/releases/$releasever/$basearch/
trivy_repo_el_name: trivy
trivy_repo_el_description: Trivy repository
trivy_repo_el_gpgcheck: no
trivy_repo_el_enabled: yes
trivy_repo_el_filename: trivy
trivy_repo_el_desired_state: present
Variables Table:
| Variable | Description |
|---|---|
| trivy_app | Name of the trivy package to be installed, e.g., trivy. |
| trivy_app_desired_state | State of the trivy_app package: install, check if available, or uninstall (e.g., values: present, latest, absent). |
| trivy_debian_pre_reqs | Required packages for Debian systems (Trivy recommends these). |
| trivy_debian_pre_reqs_desired_state | Desired state for the required packages on Debian systems. |
| trivy_repo_debian_gpg_key | GPG key needed for Trivy on Debian systems. |
| trivy_repo_debian | Trivy repository URL for Debian systems. Uses facts like ansible_lsb['codename']. |
| trivy_repo_debian_filename | Name of the repository file stored in /etc/apt/sources.list.d/ on Debian systems. |
| trivy_repo_debian_desired_state | present means creating the repository file if it doesn't exist; absent is not recommended as it blocks installation. |
| trivy_repo_el | Base URL for the Trivy repository on EL-based systems. |
| trivy_repo_el_name | Name of the Trivy repository on EL-based systems. |
| trivy_repo_el_description | Description in the EL-based repository file for Trivy. |
| trivy_repo_el_gpgcheck | Whether to perform GPG checks for Trivy on EL systems (true/false). |
| trivy_repo_el_enabled | Whether the Trivy repository is enabled on EL systems (true/false). |
| trivy_repo_el_filename | Name of the repository file in /yum/sources.list.d/trivy.repo on EL systems. |
| trivy_repo_el_desired_state | present means creating the repository if it doesn't exist; absent is not recommended as it blocks installation. |
Dependencies
None.
Example Playbook
To install the trivy package with the default settings in Ansible playbooks:
- hosts: servers
roles:
- darkwizard242.trivy
To customize the role to install the latest version of trivy:
- hosts: servers
roles:
- darkwizard242.trivy
vars:
trivy_app_desired_state: latest
To customize the role to uninstall the trivy package:
- hosts: servers
roles:
- darkwizard242.trivy
vars:
trivy_app_desired_state: absent
License
Author Information
This role was created by Ali Muhammad.
Informazioni sul progetto
Installs/Uninstalls Trivy for vulnerability scanning of containers.
Installa
ansible-galaxy install darkwizard242.trivyLicenza
mit
Download
5.3k
Proprietario
Senior DevOps/CloudOps Engineer.
Dedicated to Automating everything I come across.
Love to work on and learn new technologies/tools everyday!