Trivy
Last updated
Was this helpful?
Last updated
Was this helpful?
Trivy () is a comprehensive and versatile security scanner. Trivy has scanners that look for security issues, and targets where it can find those issues.
Targets (what Trivy can scan):
Container Image
Filesystem
Git Repository (remote)
Virtual Machine Image
Kubernetes
AWS
Scanners (what Trivy can find there):
OS packages and software dependencies in use (SBOM)
Known vulnerabilities (CVEs)
IaC issues and misconfigurations
Sensitive information and secrets
Software licenses
brew install trivy
docker run aquasec/trivy
Please be aware: canary builds might have critical bugs, it's not recommended for use in production.
Examples:
Result
tri is pronounced like trigger, vy is pronounced like envy.
If you liked Trivy, you will love Aqua which builds on top of Trivy to provide even more enhanced capabilities for a complete security management offering.
Trivy supports most popular programming languages, operating systems, and platforms. For a complete list, see the page.
To learn more, go to the for feature highlights, or to the for detailed information.
Trivy is available in most common distribution channels. The full list of installation options is available in the page. Here are a few popular examples:
Download binary from
See for more
Trivy is integrated with many popular platforms and applications. The complete list of integrations is available in the page. Here are a few popular examples:
See for more
There are canary builds (, , images and ) as generated every push to main branch.
You can find a high level comparison table specific to Trivy users .
In addition check out the website for more information about our products and services. If you'd like to contact Aqua or request a demo, please use this form:
Trivy is an open source project.
Learn about our open source work and portfolio .
Contact us about any matter by opening a GitHub Discussion Join our to stay up to date with community efforts.
Please ensure to abide by our during all interactions.
