trivy
Comprehensive security scanner for container images, filesystems, Git repos, VMs, and Kubernetes clusters
Trivy is a security scanner that identifies vulnerabilities, misconfigurations, secrets, and license issues across multiple targets including container images, filesystems, Git repositories, virtual machine images, and Kubernetes clusters. It combines multiple scanner types to detect OS packages and software dependencies (SBOM), known vulnerabilities (CVEs), Infrastructure as Code issues, sensitive information, and software licenses in a single tool.
The tool supports scanning with configurable scanner combinations using the --scanners flag, allowing users to focus on specific security aspects like vuln,secret,misconfig. Trivy can scan Docker images directly (trivy image python:3.4-alpine), local filesystem directories (trivy fs myproject/), and entire Kubernetes clusters (trivy k8s cluster) with summary reporting capabilities.
Trivy integrates with popular development platforms through GitHub Actions, Kubernetes operators, and VS Code extensions. It supports most programming languages and operating systems, making it suitable for DevOps teams, security engineers, and developers who need to identify security issues across their infrastructure and applications. The tool is available as a standalone binary, Docker container, and through package managers.
Installation
# via Homebrew
brew install trivy
# via Docker
docker run aquasec/trivy
