# This is a combination of 2 commits.

# This is the 1st commit message: document using Trivy in all backends # The commit message pantsbuild#2 will be skipped: # fixup! docs
lilatomic · Mar 9, 2025 · 4403b77 · 4403b77
1 parent 282b1a8
commit 4403b77
Show file tree

Hide file tree

Showing 4 changed files with 42 additions and 6 deletions.
diff --git a/docs/docs/docker/index.mdx b/docs/docs/docker/index.mdx
@@ -396,17 +396,32 @@ It can help to simulate a hermetic environment by using `env -i`. With credentia
 
 :::
 
-## Linting Dockerfiles with Hadolint
+## Linting Dockerfiles
 
-Pants can run [Hadolint](https://github.com/hadolint/hadolint) on your Dockerfiles to check for errors and mistakes:
+Once Docker linting backends are enabled, lint Dockerfiles with
 
 ```
 ❯ pants lint src/docker/hw/Dockerfile
 ```
 
+
+### Linting Dockerfiles with Hadolint
+
+Pants can run [Hadolint](https://github.com/hadolint/hadolint) on your Dockerfiles to check for errors and mistakes.
 This must first be enabled by activating the Hadolint backend:
 
 ```toml title="pants.toml"
 [GLOBAL]
 backend_packages = ["pants.backend.docker.lint.hadolint"]
 ```
+
+### Linting Dockerfiles with Trivy
+
+Pants can run [Trivy](https://github.com/aquasecurity/trivy) on your Dockerfiles to check for security vulnerabilities.
+This must first be enabled by activating the Trivy backend:
+
+```toml title="pants.toml"
+[GLOBAL]
+backend_packages = ["pants.backend.docker.lint.trivy"]
+```
+
diff --git a/docs/docs/helm/index.mdx b/docs/docs/helm/index.mdx
@@ -100,7 +100,18 @@ Likewise, in a similar way you could enable strict linting globally and then cho
 
 You can set the field `skip_lint=True` on each `helm_chart` target to avoid linting it.
 
-#### Package
+#### Trivy
+
+Pants can run [Trivy](https://github.com/aquasecurity/trivy) on your Helm Charts and deployments. When run on a deployment, Pants run Trivy on the  rendered Helm Chart with the specified values.
+
+This must first be enabled by activating the Trivy backend:
+
+```toml title="pants.toml"
+[GLOBAL]
+backend_packages = ["pants.backend.experimental.helm.lint.trivy"]
+```
+
+### Package
 
 Packing helm charts is supported out of the box via the Pants' `package` goal. The final package will be saved as a `.tgz` file under the `dist` folder at your source root.
 

diff --git a/docs/docs/terraform/index.mdx b/docs/docs/terraform/index.mdx
@@ -192,3 +192,16 @@ To run `terraform plan`, use the `--dry-run` flag of the `experimental-deploy` g
 ```
 pants experimental-deploy --dry-run ::
 ```
+
+### Linters
+
+#### Trivy
+
+Pants can run [Trivy](https://github.com/aquasecurity/trivy) on your Terraform modules and deployments. When run against deployments, the relevant vars files will be used. When run against modules, no vars files will be passed.
+
+This must first be enabled by activating the Trivy backend:
+
+```toml title="pants.toml"
+[GLOBAL]
+backend_packages = ["pants.backend.experimental.terraform.lint.trivy"]
+```
diff --git a/src/python/pants/backend/helm/lint/trivy/BUILD b/src/python/pants/backend/helm/lint/trivy/BUILD
@@ -1,9 +1,6 @@
 # Copyright 2024 Pants project contributors (see CONTRIBUTORS.md).
 # Licensed under the Apache License, Version 2.0 (see LICENSE).
 
-# NOTE: Sources restricted from the default for python_sources due to conflict with
-#   - //:all-__init__.py-files
-#   - //src/python/pants/backend/helm/lint/trivy/__init__.py:../../../../../../../all-__init__.py-files
 python_sources(
     sources=[
         "register.py",