GitHub - aquasecurity/trivy: Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
2 months ago
- #open-source
- #security
- #scanner
- Trivy is a comprehensive security scanner with multiple scanners and targets.
- Targets include Container Image, Filesystem, Git Repository, Virtual Machine Image, and Kubernetes.
- Scanners detect OS packages, vulnerabilities (CVEs), IaC issues, secrets, and software licenses.
- Supports most popular programming languages, operating systems, and platforms.
- Available via various installation methods like Homebrew, Docker, and direct downloads.
- Integrated with platforms like GitHub Actions, Kubernetes operator, and VS Code plugin.
- Canary builds are available but not recommended for production due to potential critical bugs.
- Basic usage involves commands like `trivy image` or `trivy fs` with specified scanners.
- Pronounced like 'trigger' for 'tri' and 'envy' for 'vy'.
- Aqua Security enhances Trivy's capabilities for complete security management.
- Trivy is an open-source project by Aqua Security, with a Code of Conduct for interactions.