All-in-one security scanner for containers, code, and Kubernetes
- Stars36.4k
- Forks479
- Open Issues244
Apache-2.0
- Go
- Go Template
- Shell
About Trivy
Trivy is a comprehensive security scanner organized around two ideas: targets, the things it can scan, and scanners, the kinds of issues it looks for. Targets span container images, filesystems, remote Git repositories, virtual machine images, and live Kubernetes clusters.
Against any of those it can find known vulnerabilities in OS packages and language dependencies, infrastructure-as-code misconfigurations, exposed secrets, and risky software licenses, and it can generate an SBOM. Scanners can be toggled individually, so a run can focus on just vulnerabilities, just secrets, or just misconfigurations.
Trivy is an open source project from Aqua Security under the Apache-2.0 license. It installs via Homebrew, Docker, or prebuilt binaries and plugs into GitHub Actions, a Kubernetes operator, and a VS Code extension.
Key features
- Scans images, filesystems, Git repos, VMs, and Kubernetes
- Finds CVEs, IaC misconfigurations, secrets, and licenses
- Generates SBOMs from scanned targets
- Toggle individual scanners for focused runs
- Integrates with GitHub Actions and a Kubernetes operator
Details
- First released
- 2019
- Platforms
- CLI · Docker · macOS · Linux
- Deployment
- self-hostable · docker
- License
- Apache-2.0
- Origins
- Aqua Security
- Latest release
- v0.71.0