Trunk
What is Trunk ?
Trunk is a tool that runs a suite of security and best practice checks against your code. It is designed to be used in CI/CD pipelines, but can also be used as a standalone tool.
Support for the following languages is currently available:
Installing Trunk
Trunk checks
Trunk checks cli
Trunk detects checks to enable in function of the files in the current directory, but you can also enable and disable checks manually.
- trunck check list: list all available checks
- trunck check enable checkname: enable a check
- trunck check disable checkname: disable a check
- trunck check: run all enabled checks
For example, to enable the Terraform check:
Info
You can also enable checks by modifing .trunk.yml file in your repository. See the configuration page for more information.
Examples:
trunk check
Checking 68% [====================================================================================================================================================================> ] 38/56 9.4s
↳ checkov
↳ modules/webapps/linux_function_app/private_endpoint.tf [lint] ⠧
↳ modules/webapps/linux_function_app/variables.tf [lint] ⠧
↳ terrascan
↳ modules/webapps/linux_function_app/locals.tf [lint] ⠧
↳ modules/webapps/linux_function_app/main.tf [lint] ⠧
Trunk checks vscode
In the case of the VSCode extension, you can review your checks in your IDE:
And you can disable checks from quick fix menu:
Trunk updates
Trunk updates cli
Trunk is updated regularly with new checks and improvements. You can update Trunk by running the following command:
Trunk updates vscode
In the case of the VSCode extension, it will be updated automatically:
