Ansible role to install trivy.

If latest is set for trivy_version, the role tries to install the latest release version.
Please use this with caution, as incompatibilities between releases may occur!

The binaries are installed below /usr/local/bin/trivy/${trivy_version} and later linked to /usr/bin. This should make it possible to downgrade relatively safely.

The downloaded archive is stored on the Ansible controller, unpacked and then the binaries are copied to the target system. The cache directory can be defined via the environment variable CUSTOM_LOCAL_TMP_DIRECTORY. By default it is ${HOME}/.cache/ansible/trivy. If this type of installation is not desired, the download can take place directly on the target system. However, this must be explicitly activated by setting trivy_direct_download to true.

Ansible Collections

• bodsch.core
• bodsch.scm

ansible-galaxy collection install bodsch.core
ansible-galaxy collection install bodsch.scm

or

ansible-galaxy collection install --requirements-file collections.yml

Tested on

• Arch Linux
• Debian based
  • Debian 10 / 11 / 12
  • Ubuntu 20.10 / 22.04

Please read Contribution

The master Branch is my Working Horse includes the "latest, hot shit" and can be complete broken!

If you want to use something stable, please use a Tagged Version!

trivy_version: 0.45.1

trivy_direct_download: false

trivy_release: {}

• Bodo Schulz

Apache

FREE SOFTWARE, HELL YEAH!