Trivy
github.com
1
Leaving SiteNav
External Link Disclaimer
You are about to visit github.com. This website is not operated by us. We are not responsible for its content or privacy practices.
About this website
Trivy is a comprehensive, open-source security scanner developed by Aqua Security that detects vulnerabilities, misconfigurations, secrets, and license issues across a wide range of targets. Written in Go, Trivy operates as a single binary with no external dependencies, performing scanning in a single step without requiring a database server. Scanning capabilities include: container image vulnerability scanning (OS packages: Alpine, RHEL/CentOS, Ubuntu, Debian, SUSE, Amazon Linux, Oracle Linux, Distroless; language-specific dependencies: Bundler, Composer, npm, yarn, pnpm, pipenv, Poetry, Cargo, Go modules, Maven, Gradle, NuGet, Conda, Swift), filesystem and repository scanning for infrastructure-as-code misconfigurations (Terraform, AWS CloudFormation, Kubernetes manifests, Dockerfiles, Helm charts, Kustomize, Cloud-init), secret scanning (detecting API keys, passwords, tokens, private keys from 200+ providers including AWS, Google Cloud, Azure, GitHub, GitLab, Slack, Stripe, Twilio, Mailgun), SBOM (Software Bill of Materials) generation in CycloneDX and SPDX formats, and license scanning for compliance. Trivy integrates with: CI/CD pipelines (GitHub Actions, GitLab CI, CircleCI, Jenkins), Kubernetes operators (Trivy Operator for continuous cluster scanning), Docker Scout, and defectDojo for vulnerability management. Results include CVE details with CVSS scores, fixed versions, and severity ratings. As of 2026, version 0.57+ has over 24,800 stars.
Tags & Categories
Categories
Tags
Statistics
1
Views
0
Clicks
0
Like
0
Dislike