Trivy
The All-in-One Security Scanner for vulnerabilities and misconfigurations

Trivy is an open-source security scanner that detects vulnerabilities (CVEs), misconfigurations, secrets, and license issues across container images, code repositories, binary artifacts, Kubernetes clusters, and cloud environments. It also supports SBOM generation and IaC scanning. Maintained by Aqua Security, it is widely adopted by security professionals and organizations worldwide.
Trivy scans container images, repositories, binaries, Kubernetes clusters, and cloud configurations using a comprehensive vulnerability database and policy engine to surface CVEs, misconfigurations, secrets, and SBOM data.
DevOps engineers, security engineers, and developers working with containers and cloud-native infrastructure
Background.
- Status
- launched
- Business model
- open-source
- Company
- Aqua Security
Similar projects.
Editorial take on the space this project sits in — momentum signals, adjacent moves, our call on whether the wedge is real. Get pinged when we publish a new read or when the landscape shifts.
Have a take on this space?
Tell us what you’d build differently, where you think the incumbents miss, or what we’ve gotten wrong about this project. Comments + reactions are coming soon.