Trivy Security Scanner
aquasecurity.github.io
1
Leaving SiteNav
External Link Disclaimer
You are about to visit aquasecurity.github.io. This website is not operated by us. We are not responsible for its content or privacy practices.
About this website
Trivy is a comprehensive, easy-to-use, and fast vulnerability scanner for containers, Kubernetes, code repositories, and cloud assets. Created by Aqua Security in 2019 by Teppei Fukuda (knqyf263), Trivy has become the most popular open-source vulnerability scanner with over 25,000 stars. Key features: unified scanner covering container images, filesystems, Git repositories, Kubernetes clusters, virtual machine images, and AWS/Azure/GCP cloud environments in a single tool. Vulnerability detection for OS packages (Alpine, RHEL, CentOS, Ubuntu, Debian, Amazon Linux, Oracle Linux, SUSE, Photon OS, Windows) and language-specific dependencies (Python, Node.js, Java, Go, Rust, Ruby, PHP, .NET, C and C++). SBOM (Software Bill of Materials) generation and scanning in SPDX, CycloneDX, and Syft JSON formats for supply chain security. Misconfiguration detection (IaC scanning) for Terraform, AWS CloudFormation, Kubernetes manifests, Dockerfiles, Helm charts, and CloudFormation with custom policy support via Rego. Secret scanning for detecting API keys, passwords, tokens, and private keys in source code, configuration files, and container images with over 100 built-in detectors. License scanning for identifying and enforcing open-source license compliance. Kubernetes cluster scanning for detecting vulnerabilities, misconfigurations, and exposed secrets in running workloads. Fast scanning with a local vulnerability database (updated automatically) and optional DB mirroring for air-gapped environments. SARIF output for integration with GitHub Code Scanning. JSON, table, and CycloneDX output formats. CI/CD integration with GitHub Actions, GitLab CI, Jenkins, CircleCI, and Azure DevOps. Docker image and binary distribution. Plugin system for extending functionality. Open source under Apache 2.0.
Statistics
1
Views
0
Clicks
0
Like
0
Dislike