Plugin Idea: Local AI agent to summarize and prioritize Trivy scan results

[FernandezPabloGabriel]

Description

Hi everyone.

This is my first time participating in any Open Source project. I wanted to share an idea for a plugin to get some feedback and find out if something like this already exists (before investing time building it).

I used Trivy for the first time in a university project last year to scan dockerfiles and docker-compose mainly. I really liked the tool and helped me a lot to reduce my vulnerabilities score, but I often found the output quite verbose (specially when there were many vulnerabilities). Most of the time I used to copy-paste the results into Claude or Gemini to get a summary and figure out what to fix first and how. It worked but it felt like a step that could be automated and kept local.

So my idea is to build a Trivy plugin that redirects the scan output into a local AI model (was thinking of using Ollama) that filters and focuses on the most critical vulnerabilities, produces a short summary and suggest a brief action plan for what to fix first and why.

The key point is that everything runs locally, no data is sent to external servers which I think matters a lot given the nature of what Trivy scans.

To be honest, I have never built a Trivy plugin before and I am still figuring out how capable a local model could be for this kind of task. I'm not sure if the plugin feature supports the kind of integration I have in mind, and that is what brought me here.

Some of my questions are:

• Does something like this already exist?
• Is this the right place to discuss these kind of ideas, or are there better channels?
• Are there any limitations in the plugin system I should be aware of?

Any feedback is more than welcome! Including if you think this is not worth pursuing.

Thank you so much for reading!

Target

Container Image

Scanner

Vulnerability