👋 Welcome to Trivy Documentation! To help you get around, please notice the different sections at the top global menu:
- You are currently in the Getting Started section where you can find general information and help with first steps.
- In the Tutorials section you can find step-by-step guides that help you accomplish specific tasks.
- In the Docs section you can find the complete reference documentation for all of the different features and settings that Trivy has to offer.
- In the Ecosystem section you can find how Trivy works together with other tools and applications that you might already use.
- In the Contributing section you can find technical developer documentation and contribution guidelines.
Trivy (pronunciation) is a comprehensive and versatile security scanner. Trivy has scanners that look for security issues, and targets where it can find those issues.
Targets (what Trivy can scan):
- Container Image
- Git Repository (remote)
- Virtual Machine Image
Scanners (what Trivy can find there):
- OS packages and software dependencies in use (SBOM)
- Known vulnerabilities (CVEs)
- IaC issues and misconfigurations
- Sensitive information and secrets
- Software licenses
Trivy is available in most common distribution channels. The complete list of installation options is available in the Installation page. Here are a few popular examples:
brew install trivy
docker run aquasec/trivy
- Download binary from https://github.com/aquasecurity/trivy/releases/latest/
- See Installation for more
Trivy is integrated with many popular platforms and applications. The complete list of integrations is available in the Ecosystem page. Here are a few popular options examples:
trivy <target> [--scanners <scanner1,scanner2>] <subject>
trivy image python:3.4-alpine
trivy fs --scanners vuln,secret,config myproject/
trivy k8s --report summary cluster
How to pronounce the name "Trivy"?
tri is pronounced like trigger,
vy is pronounced like envy.