Additional References

There are external blogs and evaluations.

Blogs

• Trivy Vulnerability Scanner Joins the Aqua Open-source Family
• Trivy Image Vulnerability Scanner Now Under Apache 2.0 License
• DevSecOps with Trivy and GitHub Actions
• Find Image Vulnerabilities Using GitHub and Aqua Security Trivy Action
• Using Trivy to Discover Vulnerabilities in VS Code Projects
• the vulnerability remediation lifecycle of Alpine containers
• Continuous Container Vulnerability Testing with Trivy
• Open Source CVE Scanner Round-Up: Clair vs Anchore vs Trivy
• Docker Image Security: Static Analysis Tool Comparison – Anchore Engine vs Clair vs Trivy

Links

• Research Spike: evaluate Trivy for scanning running containers
• Istio evaluates scanners

Presentations

• Aqua Security YouTube Channel
  • Trivy - container image scanning
  • Using Trivy in client server mode
  • Tweaking Trivy output to fit your workflow
  • How does a vulnerability scanner identify packages?
• CNCF Webinar 2020
  • Trivy Open Source Scanner for Container Images – Just Download and Run!
• KubeCon + CloudNativeCon Europe 2020 Virtual
  • Handling Container Vulnerabilities with Open Policy Agent - Teppei Fukuda, Aqua Security