docs: add SecObserve in CI/CD and reporting (#6139)

aquasecurity · Feb 15, 2024 · 73dde32 · 73dde32
1 parent aadbad1
commit 73dde32
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 0 deletions.
diff --git a/docs/ecosystem/cicd.md b/docs/ecosystem/cicd.md
@@ -79,3 +79,11 @@ You can use Trivy Resource in Concourse for scanning containers and introducing
 It has capabilities to fail the pipeline, create issues, alert communication channels (using respective resources) based on Trivy scan output.
 
 👉 Get it at: <https://github.com/Comcast/trivy-resource/>
+
+
+## SecObserve GitHub actions and GitLab templates (Community)
+[SecObserve GitHub actions and GitLab templates](https://github.com/MaibornWolff/secobserve_actions_templates) run various vulnerability scanners, providing uniform methods and parameters for launching the tools.
+
+The Trivy integration supports scanning Docker images and local filesystems for vulnerabilities as well as scanning IaC files for misconfigurations.
+
+👉 Get it at: <https://github.com/MaibornWolff/secobserve_actions_templates>
diff --git a/docs/ecosystem/reporting.md b/docs/ecosystem/reporting.md
@@ -19,3 +19,8 @@ A Trivy plugin that scans and outputs the results to an interactive html file.
 Trivy-Streamlit is a Streamlit application that allows you to quickly parse the results from a Trivy JSON report.
 
 👉 Get it at: <https://github.com/mfreeman451/trivy-streamlit>
+
+## SecObserve (Community)
+SecObserve can parse Trivy results as CycloneDX reports and provides an unified overview of vulnerabilities from different sources. Vulnerabilities can be evaluated with manual and rule based assessments.
+
+👉 Get it at: <https://github.com/MaibornWolff/SecObserve>