---
name: trivy-fix
description: Run Trivy filesystem scans and remediate findings in this repo. Use when asked to run/fix Trivy checks
---
# Trivy Fix
Run Trivy scans, fix dependency vulnerabilities, and keep the scan configuration clean.
## Workflow
1. Run `trivy fs --config trivy.yaml .` and review results.
2. If vulnerabilities appear:
- Identify the affected packages and fixed versions from Trivy output.
- Update `package.json` to fixed versions.
- Run `pnpm install --no-frozen-lockfile` to refresh `pnpm-lock.yaml`.
3. Re-run `trivy fs --config trivy.yaml .` to verify.
## Success Criteria
- Trivy reports zero vulnerabilities.
- Lockfile matches `package.json`.