Skip to content

aquasecurity/trivy

main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
15 branches 118 tags
Code

Latest commit

@chen-keinan @knqyf263
chen-keinan and knqyf263 test: k8s integration tests (#4423)
16af41b May 18, 2023
test: k8s integration tests (#4423) 
Signed-off-by: chenk <hen.keinan@gmail.com>
Co-authored-by: knqyf263 <knqyf263@gmail.com>
16af41b

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
.github
test: k8s integration tests (#4423)
May 18, 2023 22:41
brand
chore: add licensed project logo (#3058)
October 21, 2022 07:22
ci
ci: rpm repository for all versions and aarch64 (#4077)
May 14, 2023 14:53
cmd/trivy
BREAKING: use normalized trivy-java-db (#3583)
February 10, 2023 02:16
contrib
chore: install.sh support for windows (#4155)
May 4, 2023 13:48
docs
feat(misconf): Add --reset-policy-bundle for policy bundle (#4167)
May 18, 2023 11:54
examples
docs: restructure scanners (#3977)
April 17, 2023 11:54
helm/trivy
fix(helm): update networking API version detection (#4106)
April 23, 2023 10:50
integration
test: k8s integration tests (#4423)
May 18, 2023 22:41
internal/testutil
perf(misconf): replace with post-analyzers (#4090)
April 23, 2023 19:22
magefiles
test: k8s integration tests (#4423)
May 18, 2023 22:41
misc
chore: add missing target labels (#3504)
January 31, 2023 17:20
pkg
feat(redhat): add package digest for rpm (#4410)
May 18, 2023 14:30
rpc
fix(sbom): add checksum to files (#3888)
March 30, 2023 09:24
.clang-format
feat: support client/server mode (#295)
December 13, 2019 15:00
.dockerignore
SARIF: Tweak format for GitHub UI (#571)
July 28, 2020 11:22
.gitattributes
feat: Adding support for Windows testing (#3037)
December 22, 2022 22:54
.gitignore
chore: trivy bin ignore (#4212)
May 9, 2023 12:03
.golangci.yaml
feat(image): secret scanning on container image config (#3495)
January 30, 2023 16:50
CONTRIBUTING.md
docs: move CONTRIBUTING.md to docs (#1971)
April 11, 2022 18:53
Dockerfile
chore(alpine): Update Alpine to 3.18 (#4351)
May 14, 2023 14:37
Dockerfile.canary
ci: fix path to canary binaries (#4045)
April 13, 2023 10:27
Dockerfile.protoc
chore: replace make with mage (#3932)
March 30, 2023 10:40
LICENSE
Change license to Apache 2.0
March 11, 2020 18:16
NOTICE
Change license to Apache 2.0
March 11, 2020 18:16
README.md
docs: add canary build info to README.md (#3799)
March 9, 2023 13:36
aqua.yaml
feat(spdx): add support for SPDX 2.3 (#4058)
April 23, 2023 23:36
go.mod
feat(redhat): add package digest for rpm (#4410)
May 18, 2023 14:30
go.sum
feat(redhat): add package digest for rpm (#4410)
May 18, 2023 14:30
goreleaser-canary.yml
ci: bump goreleaser for Github Action from 1.4.1 to 1.16.2 (#3979)
April 12, 2023 15:15
goreleaser.yml
chore(deps): bump sigstore/cosign-installer from 2.8.1 to 3.0.1 (#3952)
April 24, 2023 08:43
mkdocs.yml
docs(scanning): Add versioning banner (#4415)
May 17, 2023 06:32
Quick Start Get Trivy Canary builds General usage FAQ How to pronounce the name "Trivy"?

README.md

Trivy (pronunciation) is a comprehensive and versatile security scanner. Trivy has scanners that look for security issues, and targets where it can find those issues.

Targets (what Trivy can scan):

  • Container Image
  • Filesystem
  • Git Repository (remote)
  • Virtual Machine Image
  • Kubernetes
  • AWS

Scanners (what Trivy can find there):

  • OS packages and software dependencies in use (SBOM)
  • Known vulnerabilities (CVEs)
  • IaC issues and misconfigurations
  • Sensitive information and secrets
  • Software licenses

To learn more, go to the Trivy homepage for feature highlights, or to the Documentation site for detailed information.

Quick Start

Get Trivy

Trivy is available in most common distribution channels. The full list of installation options is available in the Installation page. Here are a few popular examples:

Trivy is integrated with many popular platforms and applications. The complete list of integrations is available in the Ecosystem page. Here are a few popular examples:

Canary builds

There are canary builds (Docker Hub, GitHub, ECR images and binaries) as generated every push to main branch.

Please be aware: canary builds might have critical bugs, it's not recommended for use in production.

General usage

trivy <target> [--scanners <scanner1,scanner2>] <subject>

Examples:

trivy image python:3.4-alpine
Result
trivy-image.mov 
trivy fs --scanners vuln,secret,config myproject/
Result
trivy-fs.mov 
trivy k8s --report summary cluster
Result

k8s summary

FAQ

How to pronounce the name "Trivy"?

tri is pronounced like trigger, vy is pronounced like envy.

Trivy is an Aqua Security open source project.
Learn about our open source work and portfolio here.
Contact us about any matter by opening a GitHub Discussion here

About

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

aquasecurity.github.io/trivy

Topics

go docker kubernetes golang security containers iac vulnerability infrastructure-as-code vulnerability-detection hacktoberfest vulnerability-scanners security-tools devsecops misconfiguration

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct

Stars

17.4k stars

Watchers

156 watching

Forks

1.7k forks
Report repository

Releases 118

v0.41.0 Latest
Apr 28, 2023
+ 117 releases

Packages 1

 

Used by 143

  • @andrekolodochka
  • @uk02919
  • @numanjatt
  • @HubSpot
  • @afdesk
  • @vmware-tanzu
  • @afdesk
  • @zorianix
+ 135

Contributors 302

+ 291 contributors

Languages