Trivy
trivy.devThe All-in-One Security Scanner for vulnerabilities and misconfigurations
Securityvulnerability-scanningcontainer-securitykubernetessbomiacopen-sourcedevsecops
About
Trivy is an open-source security scanner that detects vulnerabilities (CVEs), misconfigurations, secrets, and license issues across container images, code repositories, binary artifacts, Kubernetes clusters, and cloud environments. It also supports SBOM generation and IaC scanning. Maintained by Aqua Security, it is widely adopted by security professionals and organizations worldwide.
Problem
Teams need a single, reliable tool to detect security vulnerabilities and misconfigurations across the entire software supply chain.
For
DevOps engineers, security engineers, and developers working with containers and cloud-native infrastructure
How it works
Trivy scans container images, repositories, binaries, Kubernetes clusters, and cloud configurations using a comprehensive vulnerability database and policy engine to surface CVEs, misconfigurations, secrets, and SBOM data.
Business model
open-source
Status
launched
Company
Aqua Security