Trivy
aquasecurity/trivy
A versatile security scanner that helps you check for vulnerabilities, secret leaks, or configuration errors in code, containers, and cloud settings.
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
AI Summary
What This Project Does
Simply put, it's a "health check doctor" for software, containers, and cloud environments, checking for bugs or configuration errors.
What Problems It Solves
Previously, you needed multiple tools for vulnerabilities, secrets, and configs; now one command does it all, preventing hackers from exploiting issues after launch.
Who It's For
Developers, server admins, ops teams, or anyone worried about software safety, especially teams using Docker and Kubernetes.
Typical Use Cases
Scan Docker images for known vulnerabilities before release; check Git repos for hardcoded passwords or keys; verify Kubernetes config compliance.
Key Strengths & Highlights
Fast, vast support (almost all languages/platforms), free open-source, and integrates directly into GitHub Actions for automated runs.
Getting Started Requirements
Basic CLI knowledge needed, download and run, no complex setup, no API Key required for basic scanning.
Purpose
Suitable for automated security checks during code commits, container packaging, or cloud resource creation. Not suitable for real-time network intrusion prevention or enterprise-level compliance audit reporting.
Category
Tech Stack
Project Info
- Primary Language
- Go
- Default Branch
- main
- License
- Apache-2.0
- Homepage
- https://trivy.dev
- Created
- Apr 11, 2019
- Last Commit
- yesterday
- Last Push
- yesterday
- Indexed
- Apr 18, 2026