Trivy Configuration Reference

This page provides a complete reference of all configuration properties available in the trivy { } block.

Global Configuration

The trivy block is located at kreate { project { trivy { ... } } }.

Property	Type	Default	Description
`enabled`	`Property<Boolean>`	`false`	Enables or disables the Trivy module for the project.
`license`	`Nested`	-	Configuration for license scanning.
`vulnerability`	`Nested`	-	Configuration for vulnerability scanning.
`secrets`	`Nested`	-	Configuration for secret scanning.

Property	Type	Default	Description
`failOnForbidden`	`Property<Boolean>`	`true`	Fails the build if forbidden licenses are detected.
`severity`	`ListProperty<LicenseSeverity>`	`[CRITICAL, HIGH, UNKNOWN]`	Severities to include in the scan.
`ignoredLicenses`	`ListProperty<String>`	`[]`	List of licenses to ignore (e.g., "MIT", "Apache-2.0").
`lockFiles`	`ConfigurableFileCollection`	`*.lockfile`	The collection of lockfiles to be scanned.

Property	Type	Default	Description
`failOnFindings`	`Property<Boolean>`	`true`	Fails the build if vulnerabilities are detected.
`score`	`ListProperty<Score>`	`[CRITICAL, HIGH, MEDIUM, LOW]`	Vulnerability scores to include in the scan.
`lockFiles`	`ConfigurableFileCollection`	`*.lockfile`	The collection of lockfiles to be scanned.

Property	Type	Default	Description
`failOnFindings`	`Property<Boolean>`	`true`	Fails the build if secrets are detected.
`severity`	`ListProperty<SecretSeverity>`	`[CRITICAL, HIGH, MEDIUM, LOW]`	Severities of secrets to include.
`secretConfig`	`RegularFileProperty`	`trivy-secret.yaml`	Path to the Trivy secret configuration file.
`sourceFiles`	`ConfigurableFileCollection`	(src/*/.kt, etc.)	The files to be scanned for secrets.

CRITICAL, HIGH, MEDIUM, LOW, UNKNOWN

CRITICAL, HIGH, MEDIUM, LOW

CRITICAL, HIGH, MEDIUM, LOW

06 May 2026