Skip to main content

Documentation Index

Fetch the complete documentation index at: https://notes.kodekloud.com/llms.txt

Use this file to discover all available pages before exploring further.

In this guide, you’ll learn how to import a custom TrivyScanScript shared library into your Jenkins pipeline and run vulnerability scans at various severity levels. By centralizing your Trivy logic, you can maintain consistency across projects and simplify pipeline definitions.

Prerequisites

  • A Jenkins instance with Pipeline Shared Libraries enabled
  • A Git repository for your shared library
  • An application repository containing a Jenkinsfile
  • Docker image registry credentials (if needed)

1. Define the vulnerability Step in the Shared Library

In your shared library repo, open or create vars/TrivyScanScript.groovy and add the vulnerability function: 
// vars/TrivyScanScript.groovy

def vulnerability(Map config = [:]) {
    loadScript(name: 'trivy.sh')
    sh "./trivy.sh ${config.imageName} ${config.severity} ${config.exitCode}"
}
Commit and push these changes:
CommandDescription
git checkout -b featureTrivyScanCreate a feature branch
git add vars/TrivyScanScript.groovyStage the new step definition
git commit -m "Add TrivyScanScript.vulnerability step"Commit with a clear message
git push -u origin featureTrivyScanPush branch to remote

2. Invoke the Shared Library from Your Jenkinsfile

In your application repository, update the Jenkinsfile to load and call trivyScanScript.vulnerability: 
pipeline {
    agent any
    libraries {
        // Reference your shared library and feature branch
        library identifier: 'your-shared-lib@featureTrivyScan'
    }
    stages {
        stage('Build Docker Image') {
            steps {
                sh 'docker build -t myorg/app:$GIT_COMMIT .'
            }
        }
        stage('Trivy Vulnerability Scanner') {
            steps {
                script {
                    // Run scans for each severity level
                    ['LOW','MEDIUM','HIGH','CRITICAL'].each { sev ->
                        def exitCode = sev == 'CRITICAL' ? '1' : '0'
                        trivyScanScript.vulnerability(
                            imageName: "myorg/app:$GIT_COMMIT",
                            severity:  sev,
                            exitCode:  exitCode
                        )
                    }
                }
            }
            post {
                always {
                    script {
                        // Convert results to HTML
                        trivyScanScript.reportsConverter()
                    }
                    publishHTML(
                        allowMissing:        true,
                        alwaysLinkToLastBuild: true,
                        keepAll:             true,
                        reportDir:           './'
                    )
                }
            }
        }
    }
}
Commit and push: 
git add Jenkinsfile
git commit -m "Invoke TrivyScanScript.vulnerability in pipeline"
git push

3. Troubleshooting: MissingPropertyException

If Jenkins logs show: 
java.lang.MissingPropertyException: No such property: trivy for class: TrivyScanScript
that usually means the loadScript invocation wasn’t using a string literal for the script name.
Ensure you wrap the script name in quotes. Otherwise, Groovy tries to resolve an undefined property.

4. Fixing the loadScript Invocation

Update vars/TrivyScanScript.groovy to use a quoted name: 
def vulnerability(Map config = [:]) {
    loadScript(name: 'trivy.sh')
    sh "./trivy.sh ${config.imageName} ${config.severity} ${config.exitCode}"
}
Then: 
git add vars/TrivyScanScript.groovy
git commit -m "Fix loadScript name quoting"
git push
Rerun or trigger the Jenkins build.

5. Verifying a Successful Run

After Jenkins picks up the fix, you should see output similar to: 
Loading library your-shared-lib@featureTrivyScan
...
chmod +x ./trivy.sh
./trivy.sh myorg/app:abcd1234 LOW 0
./trivy.sh myorg/app:abcd1234 MEDIUM 0
./trivy.sh myorg/app:abcd1234 HIGH 0
./trivy.sh myorg/app:abcd1234 CRITICAL 1
...
trivy convert --format template \
  --template "@/usr/local/share/trivy/templates/html.tpl" \
  --output trivy-image-LOW-results.html trivy-image-LOW-results.json
You will also find the generated HTML reports under your build’s artifacts.

Conclusion

By extracting the Trivy vulnerability scan into a shared library step, you:
  • Promote reuse and consistency across pipelines
  • Reduce duplication in Jenkinsfiles
  • Simplify maintenance when updating scan logic
For more details on Trivy and Jenkins integration, see:

Watch Video