Trivy – Vulnerability Scanner for Containers, Suitable for CI
Trivy
(tri
pronounced like trigger, vy
pronounced like envy) is a simple and comprehensive vulnerability scanner for containers and other artifacts. A software vulnerability is a glitch, flaw, or weakness present in the software or in an Operating System. Trivy
detects vulnerabilities of OS packages (Alpine, RHEL, CentOS, etc.) and application dependencies (Bundler, Composer, npm, yarn, etc.).
Trivy
is easy to use. Just install the binary and you’re ready to scan. All you need to do for scanning is to specify a target such as an image name of the container.

Some of the features with this tool are:
- Detect comprehensive vulnerabilities –
- OS packages (Alpine, Red Hat Universal Base Image, Red Hat Enterprise Linux, CentOS, Oracle Linux, Debian, Ubuntu, Amazon Linux, openSUSE Leap, SUSE Enterprise Linux, Photon OS and Distroless).
- Application dependencies (Bundler, Composer, Pipenv, Poetry, npm, yarn and Cargo)
- Simple
- Specify only an image name or artifact name
- Fast
- The first scan will finish within 10 seconds (depending on your network). Consequent scans will finish in single seconds.
- Unlike other scanners that take long to fetch vulnerability information (~10 minutes) on the first run, and encourage you to maintain the a durable vulnerability database, Trivy is stateless and requires no maintenance or preparation.
- Easy installation
apt-get install
,yum install
andbrew install
is possible- No pre-requisites such as installation of DB, libraries, etc. (The exception is that you need
rpm
installed to scan images based on RHEL/CentOS. This is automatically included if you use our installers or the Trivy container image.
- High accuracy
- Especially Alpine Linux and RHEL/CentOS
- Other OSes are also high
- DevSecOps
- Suitable for CI such as Travis CI, CircleCI, Jenkins, GitLab CI, etc.
- Support multiple formats
- container image
- A local image in Docker Engine which is running as a daemon
- A remote image in Docker Registry such as Docker Hub, ECR, GCR and ACR
- A tar archive stored in the
docker save
formatted file - An image directory compliant with OCI Image Format
- local filesystem
- remote git repository
- container image
You can read more and download this tool over here: https://github.com/aquasecurity/trivy
Subscribe
0 Comments