Trivy Security Scanner
trivy.dev
2
Leaving SiteNav
External Link Disclaimer
You are about to visit trivy.dev. This website is not operated by us. We are not responsible for its content or privacy practices.
About this website
Trivy is a comprehensive all-in-one open source security scanner that finds vulnerabilities (CVEs) and misconfigurations across code repositories, binary artifacts, container images, filesystems, Git repositories, and Kubernetes clusters. Developed by Aqua Security and written in Go, the tool has accumulated over 36,000 stars on GitHub under the Apache 2.0 license. Trivy performs multiple types of security analysis in a single scan: vulnerability scanning for OS packages (Alpine, RHEL, CentOS, Ubuntu, Debian, Amazon Linux, SUSE, Photon, and others) and language-specific dependencies (Bundler, Composer, Pip, Poetry, npm, yarn, Cargo, Maven, Go modules, and NuGet); infrastructure-as-code misconfiguration scanning for Terraform, AWS CloudFormation, Kubernetes manifests, Dockerfile, Helm charts, and ARM templates; secret scanning for API keys, passwords, tokens, and private keys; and license scanning for compliance. The scanner integrates with Docker as an official Docker extension, and can be run as a standalone CLI, in CI/CD pipelines including GitHub Actions, GitLab CI, CircleCI, and Jenkins, or as a Kubernetes operator through Trivy Operator. Trivy is used by organizations including Wise (formerly TransferWise), Vista, Antigen Security, and CloudNativePG, praised for its speed, accuracy, and ease of use compared to competing vulnerability scanners.
Tags & Categories
Categories
Tags
Statistics
2
Views
0
Clicks
0
Like
0
Dislike