# Trivy ![](https://296194292-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FLoAqAoOfr7XVUQw7Gff8%2Fuploads%2Fgit-blob-3048e8ce67f2a77e0e4534d110885b106cf67152%2Flogo.png?alt=media) [📖 Documentation](https://aquasecurity.github.io/trivy) Trivy ([pronunciation](https://github.com/aquasecurity/trivy#how-to-pronounce-the-name-trivy)) is a comprehensive and versatile security scanner. Trivy has *scanners* that look for security issues, and *targets* where it can find those issues. Targets (what Trivy can scan): * Container Image * Filesystem * Git Repository (remote) * Virtual Machine Image * Kubernetes * AWS Scanners (what Trivy can find there): * OS packages and software dependencies in use (SBOM) * Known vulnerabilities (CVEs) * IaC issues and misconfigurations * Sensitive information and secrets * Software licenses Trivy supports most popular programming languages, operating systems, and platforms. For a complete list, see the [Scanning Coverage](https://aquasecurity.github.io/trivy/latest/docs/coverage/) page. To learn more, go to the [Trivy homepage](https://trivy.dev/) for feature highlights, or to the [Documentation site](https://aquasecurity.github.io/trivy) for detailed information. ## [Quick Start](https://github.com/aquasecurity/trivy#quick-start) ### [Get Trivy](https://github.com/aquasecurity/trivy#get-trivy) Trivy is available in most common distribution channels. The full list of installation options is available in the [Installation](https://aquasecurity.github.io/trivy/latest/getting-started/installation/) page. Here are a few popular examples: * `brew install trivy` * `docker run aquasec/trivy` * Download binary from * See [Installation](https://aquasecurity.github.io/trivy/latest/getting-started/installation/) for more Trivy is integrated with many popular platforms and applications. The complete list of integrations is available in the [Ecosystem](https://aquasecurity.github.io/trivy/latest/ecosystem/) page. Here are a few popular examples: * [GitHub Actions](https://github.com/aquasecurity/trivy-action) * [Kubernetes operator](https://github.com/aquasecurity/trivy-operator) * [VS Code plugin](https://github.com/aquasecurity/trivy-vscode-extension) * See [Ecosystem](https://aquasecurity.github.io/trivy/latest/ecosystem/) for more ### [Canary builds](https://github.com/aquasecurity/trivy#canary-builds) There are canary builds ([Docker Hub](https://hub.docker.com/r/aquasec/trivy/tags?page=1\&name=canary), [GitHub](https://github.com/aquasecurity/trivy/pkgs/container/trivy/75776514?tag=canary), [ECR](https://gallery.ecr.aws/aquasecurity/trivy#canary) images and [binaries](https://github.com/aquasecurity/trivy/actions/workflows/canary.yaml)) as generated every push to main branch. Please be aware: canary builds might have critical bugs, it's not recommended for use in production. ### [General usage](https://github.com/aquasecurity/trivy#general-usage) ``` trivy [--scanners ] ``` Examples: ``` trivy image python:3.4-alpine ``` ``` trivy fs --scanners vuln,secret,config myproject/ ``` ``` trivy k8s --report summary cluster ``` Result ![](https://296194292-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FLoAqAoOfr7XVUQw7Gff8%2Fuploads%2Fgit-blob-e959d50c7039070d109c1663d6f4fac499db633d%2Ftrivy-k8s.png?alt=media) ## [FAQ](https://github.com/aquasecurity/trivy#faq) ### [How to pronounce the name "Trivy"?](https://github.com/aquasecurity/trivy#how-to-pronounce-the-name-trivy) `tri` is pronounced like **tri**gger, `vy` is pronounced like en**vy**. ## [Want more? Check out Aqua](https://github.com/aquasecurity/trivy#want-more-check-out-aqua) If you liked Trivy, you will love Aqua which builds on top of Trivy to provide even more enhanced capabilities for a complete security management offering. You can find a high level comparison table specific to Trivy users [here](https://gitlab.com/johnmkane/tech-recipe-book/-/blob/main/Book/Architect/Kubernetes/Image%20scanning/Trivy/trivy-aqua/README.md). In addition check out the [https://aquasec.com](https://aquasec.com/) website for more information about our products and services. If you'd like to contact Aqua or request a demo, please use this form: ## [Community](https://github.com/aquasecurity/trivy#community) Trivy is an [Aqua Security](https://aquasec.com/) open source project. Learn about our open source work and portfolio [here](https://www.aquasec.com/products/open-source-projects/). Contact us about any matter by opening a GitHub Discussion [here](https://github.com/aquasecurity/trivy/discussions) Join our [Slack community](https://slack.aquasec.com/) to stay up to date with community efforts. Please ensure to abide by our [Code of Conduct](https://gitlab.com/johnmkane/tech-recipe-book/-/blob/main/Book/Architect/Kubernetes/Image%20scanning/Trivy/CODE_OF_CONDUCT/README.md) during all interactions.