Trivy

trivy.dev

The All-in-One Security Scanner for vulnerabilities and misconfigurations

Visit
Trivy screenshot
/ About /

Trivy is an open-source security scanner that detects vulnerabilities (CVEs), misconfigurations, secrets, and license issues across container images, code repositories, binary artifacts, Kubernetes clusters, and cloud environments. It also supports SBOM generation and IaC scanning. Maintained by Aqua Security, it is widely adopted by security professionals and organizations worldwide.

/ How it works /

Trivy scans container images, repositories, binaries, Kubernetes clusters, and cloud configurations using a comprehensive vulnerability database and policy engine to surface CVEs, misconfigurations, secrets, and SBOM data.

/ Who it's for /

DevOps engineers, security engineers, and developers working with containers and cloud-native infrastructure

/ More info /

Background.

Status
launched
Business model
open-source
Company
Aqua Security
/ Discovered patterns /

Similar projects.

Coming soonSpektrail’s read on Security

Editorial take on the space this project sits in — momentum signals, adjacent moves, our call on whether the wedge is real. Get pinged when we publish a new read or when the landscape shifts.

Coming soon

Have a take on this space?

Tell us what you’d build differently, where you think the incumbents miss, or what we’ve gotten wrong about this project. Comments + reactions are coming soon.