Trivy is a comprehensive security scanner that detects vulnerabilities, misconfigurations, secrets, and generates SBOMs across containers, Kubernetes, code repositories, and cloud environments.
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
Trivy is primarily used by developers, DevOps, and security teams to identify security risks in container images, filesystems, Kubernetes clusters, and code repositories before deployment. It helps ensure software supply chain security by scanning for vulnerabilities, misconfigurations, and sensitive information across various environments.
Canary builds are available for early access to new features but may contain critical bugs and are not recommended for production use. Trivy supports a wide range of platforms and languages, making it versatile for various security scanning needs. For enhanced capabilities, users can explore Aqua Security's commercial offerings built on top of Trivy.
brew install trivy
docker run aquasec/trivy
Download binary from https://github.com/aquasecurity/trivy/releases/latest/trivy image python:3.4-alpine
Scan a container image for vulnerabilities and other security issues
trivy fs --scanners vuln,secret,misconfig myproject/
Scan a filesystem directory for vulnerabilities, secrets, and misconfigurations
trivy k8s --report summary cluster
Scan a Kubernetes cluster and generate a summary report