# Trivy ![](/files/W7sVmo2yBRQhdLUusF5C) [📖 Documentation](https://aquasecurity.github.io/trivy) Trivy ([pronunciation](https://github.com/aquasecurity/trivy#how-to-pronounce-the-name-trivy)) is a comprehensive and versatile security scanner. Trivy has *scanners* that look for security issues, and *targets* where it can find those issues. Targets (what Trivy can scan): * Container Image * Filesystem * Git Repository (remote) * Virtual Machine Image * Kubernetes * AWS Scanners (what Trivy can find there): * OS packages and software dependencies in use (SBOM) * Known vulnerabilities (CVEs) * IaC issues and misconfigurations * Sensitive information and secrets * Software licenses Trivy supports most popular programming languages, operating systems, and platforms. For a complete list, see the [Scanning Coverage](https://aquasecurity.github.io/trivy/latest/docs/coverage/) page. To learn more, go to the [Trivy homepage](https://trivy.dev/) for feature highlights, or to the [Documentation site](https://aquasecurity.github.io/trivy) for detailed information. ## [Quick Start](https://github.com/aquasecurity/trivy#quick-start) ### [Get Trivy](https://github.com/aquasecurity/trivy#get-trivy) Trivy is available in most common distribution channels. The full list of installation options is available in the [Installation](https://aquasecurity.github.io/trivy/latest/getting-started/installation/) page. Here are a few popular examples: * `brew install trivy` * `docker run aquasec/trivy` * Download binary from * See [Installation](https://aquasecurity.github.io/trivy/latest/getting-started/installation/) for more Trivy is integrated with many popular platforms and applications. The complete list of integrations is available in the [Ecosystem](https://aquasecurity.github.io/trivy/latest/ecosystem/) page. Here are a few popular examples: * [GitHub Actions](https://github.com/aquasecurity/trivy-action) * [Kubernetes operator](https://github.com/aquasecurity/trivy-operator) * [VS Code plugin](https://github.com/aquasecurity/trivy-vscode-extension) * See [Ecosystem](https://aquasecurity.github.io/trivy/latest/ecosystem/) for more ### [Canary builds](https://github.com/aquasecurity/trivy#canary-builds) There are canary builds ([Docker Hub](https://hub.docker.com/r/aquasec/trivy/tags?page=1\&name=canary), [GitHub](https://github.com/aquasecurity/trivy/pkgs/container/trivy/75776514?tag=canary), [ECR](https://gallery.ecr.aws/aquasecurity/trivy#canary) images and [binaries](https://github.com/aquasecurity/trivy/actions/workflows/canary.yaml)) as generated every push to main branch. Please be aware: canary builds might have critical bugs, it's not recommended for use in production. ### [General usage](https://github.com/aquasecurity/trivy#general-usage) ``` trivy [--scanners ] ``` Examples: ``` trivy image python:3.4-alpine ``` ``` trivy fs --scanners vuln,secret,config myproject/ ``` ``` trivy k8s --report summary cluster ``` Result ![](/files/QUkqxrAKj3EliYJSPyOH) ## [FAQ](https://github.com/aquasecurity/trivy#faq) ### [How to pronounce the name "Trivy"?](https://github.com/aquasecurity/trivy#how-to-pronounce-the-name-trivy) `tri` is pronounced like **tri**gger, `vy` is pronounced like en**vy**. ## [Want more? Check out Aqua](https://github.com/aquasecurity/trivy#want-more-check-out-aqua) If you liked Trivy, you will love Aqua which builds on top of Trivy to provide even more enhanced capabilities for a complete security management offering. You can find a high level comparison table specific to Trivy users [here](https://gitlab.com/johnmkane/tech-recipe-book/-/blob/main/Book/Architect/Kubernetes/Image%20scanning/Trivy/trivy-aqua/README.md). In addition check out the [https://aquasec.com](https://aquasec.com/) website for more information about our products and services. If you'd like to contact Aqua or request a demo, please use this form: ## [Community](https://github.com/aquasecurity/trivy#community) Trivy is an [Aqua Security](https://aquasec.com/) open source project. Learn about our open source work and portfolio [here](https://www.aquasec.com/products/open-source-projects/). Contact us about any matter by opening a GitHub Discussion [here](https://github.com/aquasecurity/trivy/discussions) Join our [Slack community](https://slack.aquasec.com/) to stay up to date with community efforts. Please ensure to abide by our [Code of Conduct](https://gitlab.com/johnmkane/tech-recipe-book/-/blob/main/Book/Architect/Kubernetes/Image%20scanning/Trivy/CODE_OF_CONDUCT/README.md) during all interactions. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://book.konstantinsecurity.com/readme/architect/kubernetes/image-scanning/trivy.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.