Security audit module powered by Trivy. Scans dependencies,
configuration files, source code, and container images for
vulnerabilities and misconfigurations.
| Mode | What it scans | Trivy command |
|---|---|---|
deps |
Python dependencies (requirements.txt) for CVEs | trivy fs --scanners vuln . |
config |
Dockerfiles, Helm charts for misconfigurations | trivy config resource.docker/ |
secrets |
Source code for leaked credentials | trivy fs --scanners secret . |
image |
Built Docker image for CVEs | trivy image <tag> |
# Individual modes
python factory.deploy/ObjAudit.py deps
python factory.deploy/ObjAudit.py config
python factory.deploy/ObjAudit.py secrets
python factory.deploy/ObjAudit.py image registry.technocore.co.za/meridian-homechoice:latest
# All modes at once
python factory.deploy/ObjAudit.py all --image-tag registry.technocore.co.za/meridian-homechoice:latest
The audit step runs automatically in the build pipeline between
scan and push. Results are persisted to log_audit and shown
in the build report email under "Security Audit".
Results stored in log_audit table (defined in ObjAudit.yaml):
AuditMode, Target, Critical, High, Medium, LowTotalFindings, AuditPassed (Y/N), ElapsedSeconds