Skip to main content
Glama
batu-sonmez

InfraClaude

by batu-sonmez
OverviewSchemaRelated ServersScoreDiscussions
TypeScript
Hybrid

security_trivy_scan

Scan container images for security vulnerabilities using Trivy to identify and filter by severity levels like HIGH and CRITICAL.

Instructions

Scan a container image for vulnerabilities using Trivy

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
imageYesContainer image to scan (e.g., 'nginx:latest')
severityNoSeverity filter (default: 'HIGH,CRITICAL')

Implementation Reference

  • src/tools/security/trivy_scan.ts:7-60 (handler)
    The main handler function `trivyScanImage` which executes the Trivy scan command and formats the output.
    export async function trivyScanImage(args: Record<string, unknown>): Promise<string> {
  const image = args.image as string;
  if (!image) throw new Error("Image name is required");
  const severity = (args.severity as string) || "HIGH,CRITICAL";

  try {
    const { stdout } = await execFileAsync(
      "trivy",
      ["image", "--format", "json", "--severity", severity, image],
      { timeout: 120000 }
    );

    const report = JSON.parse(stdout);
    const results = report.Results || [];
    const lines: string[] = [`Trivy scan results for '${image}':`];

    let totalVulns = 0;
    for (const result of results) {
      const vulns = result.Vulnerabilities || [];
      totalVulns += vulns.length;

      if (vulns.length === 0) continue;

      lines.push(`\nTarget: ${result.Target} (${result.Type})`);
      const headers = ["ID", "SEVERITY", "PACKAGE", "VERSION", "FIXED IN", "TITLE"];
      const rows = vulns.slice(0, 20).map((v: any) => [
        v.VulnerabilityID || "",
        v.Severity || "",
        v.PkgName || "",
        v.InstalledVersion || "",
        v.FixedVersion || "N/A",
        (v.Title || "").substring(0, 40),
      ]);
      lines.push(formatTable(headers, rows));

      if (vulns.length > 20) {
        lines.push(`  ... and ${vulns.length - 20} more vulnerabilities`);
      }
    }

    if (totalVulns === 0) {
      lines.push(`\nNo ${severity} vulnerabilities found.`);
    } else {
      lines.push(`\nTotal: ${totalVulns} vulnerabilities found.`);
    }

    return lines.join("\n");
  } catch (error: any) {
    if (error.code === "ENOENT") {
      throw new Error("Trivy is not installed. Install it from https://aquasecurity.github.io/trivy/");
    }
    throw new Error(`Trivy scan failed: ${error.stderr || error.message}`);
  }
}
  • src/tools/security/index.ts:7-18 (registration)
    Tool registration definition for `security_trivy_scan` including name, description, and input schema.
    {
  name: "security_trivy_scan",
  description: "Scan a container image for vulnerabilities using Trivy",
  inputSchema: {
    type: "object" as const,
    properties: {
      image: { type: "string", description: "Container image to scan (e.g., 'nginx:latest')" },
      severity: { type: "string", description: "Severity filter (default: 'HIGH,CRITICAL')" },
    },
    required: ["image"],
  },
},
  • src/tools/security/index.ts:47-48 (handler)
    The switch-case entry point that delegates the `security_trivy_scan` tool call to the handler function.
    switch (name) {
  case "security_trivy_scan": return trivyScanImage(a);
Install Server

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/batu-sonmez/infraclaude'

If you have feedback or need assistance with the MCP directory API, please join our Discord server