Textbook of Linux

Dr Chris Paton

← Software

Trivy

A vulnerability scanner for containers and IaC.

Trivy logo

Trivy is a vulnerability scanner that examines container images, file systems, Git repositories, Kubernetes clusters, and Infrastructure-as-Code files for known CVEs and misconfigurations. The scanner uses Aqua Security's continuously updated vulnerability database, which aggregates data from the major Linux distribution security trackers (Debian Security Tracker, Red Hat Bugzilla, Alpine secdb, and others).

Aqua Security started Trivy in 2018 and continues to maintain it as a permissively-licensed open-source tool alongside their commercial security platform. The scanner is fast — most container images scan in seconds — and integrates with Docker, Kubernetes admission controllers, GitHub Actions, GitLab CI, and many other CI systems.

Trivy is the most widely used open-source container vulnerability scanner. It also covers IaC misconfiguration scanning (kubescape, Terraform, CloudFormation) and license scanning, which positions it as a generalist software supply-chain tool rather than just a container scanner.

License: Apache-2.0

Category: Security

Website: https://trivy.dev/

Install

Debian/Ubuntu: sudo apt install trivy   # via Aqua's APT repo
Fedora/RHEL:   sudo dnf install trivy
Arch:          sudo pacman -S trivy
macOS:         brew install trivy

Authors

  • Aqua Security
Previoustree-sitter NextUbuntu

This site is currently in Beta. Contact: Chris Paton

Textbook of AI · Textbook of Usability · Textbook of Digital Health

Auckland Maths and Science Tutoring