Trivy
What is Trivy?
TrivyAn open-source, single-binary scanner from Aqua Security that finds CVEs, misconfigurations, secrets, SBOM data, and license issues in container images, file systems, Git repos, and Kubernetes clusters.
Trivy is an Apache 2.0 vulnerability and configuration scanner developed by Aqua Security and widely adopted as a CNCF-friendly default for container CI/CD. Distributed as a single Go binary, it pulls daily-refreshed vulnerability databases (NVD, Red Hat OVAL, GitHub Advisory, Aqua's own feeds) and scans OS packages, language dependencies (npm, PyPI, Maven, Go modules, Cargo, etc.), Dockerfiles, Terraform, Kubernetes manifests, Helm charts, and AWS accounts. It can produce CycloneDX or SPDX SBOMs, detect hard-coded AWS keys and GitHub tokens, and integrates into GitHub Actions, GitLab CI, Jenkins, and admission controllers via the Trivy Operator. Trivy is often paired with Falco for build-time plus runtime coverage.
● Examples
- 01
Running "trivy image myapp:1.4" in CI to fail the pipeline on any HIGH or CRITICAL CVE.
- 02
Scanning a Terraform plan with "trivy config ." to catch a publicly exposed S3 bucket.
● Frequently asked questions
What is Trivy?
An open-source, single-binary scanner from Aqua Security that finds CVEs, misconfigurations, secrets, SBOM data, and license issues in container images, file systems, Git repos, and Kubernetes clusters. It belongs to the Defense & Operations category of cybersecurity.
What does Trivy mean?
An open-source, single-binary scanner from Aqua Security that finds CVEs, misconfigurations, secrets, SBOM data, and license issues in container images, file systems, Git repos, and Kubernetes clusters.
How does Trivy work?
Trivy is an Apache 2.0 vulnerability and configuration scanner developed by Aqua Security and widely adopted as a CNCF-friendly default for container CI/CD. Distributed as a single Go binary, it pulls daily-refreshed vulnerability databases (NVD, Red Hat OVAL, GitHub Advisory, Aqua's own feeds) and scans OS packages, language dependencies (npm, PyPI, Maven, Go modules, Cargo, etc.), Dockerfiles, Terraform, Kubernetes manifests, Helm charts, and AWS accounts. It can produce CycloneDX or SPDX SBOMs, detect hard-coded AWS keys and GitHub tokens, and integrates into GitHub Actions, GitLab CI, Jenkins, and admission controllers via the Trivy Operator. Trivy is often paired with Falco for build-time plus runtime coverage.
How do you defend against Trivy?
Defences for Trivy typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Trivy?
Common alternative names include: Aqua Trivy.
● Related terms
- defense-ops№ 212
Container Image Scanning
The practice of analyzing OCI/Docker images for known vulnerabilities, secrets, malware, and policy violations before they are deployed to a container runtime.
- vulnerabilities№ 259
CVE (Common Vulnerabilities and Exposures)
A public catalogue that assigns a unique identifier to each disclosed software or hardware vulnerability so they can be referenced unambiguously across the industry.
- defense-ops№ 403
Falco
An open-source cloud-native runtime security engine that detects abnormal container, host, and Kubernetes behavior by streaming syscalls and audit events through a rules engine.