{"id":13414504,"url":"https://github.com/aquasecurity/trivy","last_synced_at":"2025-05-12T15:07:20.506Z","repository":{"id":37240930,"uuid":"180687624","full_name":"aquasecurity/trivy","owner":"aquasecurity","description":"Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more","archived":false,"fork":false,"pushed_at":"2025-05-05T08:00:13.000Z","size":902771,"stargazers_count":26156,"open_issues_count":203,"forks_count":2532,"subscribers_count":172,"default_branch":"main","last_synced_at":"2025-05-05T11:11:47.411Z","etag":null,"topics":["containers","devsecops","docker","go","golang","hacktoberfest","iac","infrastructure-as-code","kubernetes","misconfiguration","security","security-tools","vulnerability","vulnerability-detection","vulnerability-scanners"],"latest_commit_sha":null,"homepage":"https://trivy.dev","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/aquasecurity.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2019-04-11T01:01:07.000Z","updated_at":"2025-05-05T09:58:05.000Z","dependencies_parsed_at":"2023-11-24T19:24:29.363Z","dependency_job_id":"73ba804c-b454-4018-ba31-e5ae7d1b6520","html_url":"https://github.com/aquasecurity/trivy","commit_stats":{"total_commits":2838,"total_committers":402,"mean_commits":7.059701492537314,"dds":0.7618040873854828,"last_synced_commit":"b7b8cdc9e96abec35757295582f5deaa43bd3181"},"previous_names":[],"tags_count":166,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aquasecurity%2Ftrivy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aquasecurity%2Ftrivy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aquasecurity%2Ftrivy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aquasecurity%2Ftrivy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/aquasecurity","download_url":"https://codeload.github.com/aquasecurity/trivy/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252486917,"owners_count":21755835,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["containers","devsecops","docker","go","golang","hacktoberfest","iac","infrastructure-as-code","kubernetes","misconfiguration","security","security-tools","vulnerability","vulnerability-detection","vulnerability-scanners"],"created_at":"2024-07-30T21:00:24.742Z","updated_at":"2025-05-05T12:35:02.426Z","avatar_url":"https://github.com/aquasecurity.png","language":"Go","funding_links":[],"categories":["Tools","Go","Official resources","Popular","Security Scanners","Container Operations","Security Testing","Docker","Image Lifecycle","DevOps","DevSecOps","\u003ca id=\"683b645c2162a1fce5f24ac2abfa1973\"\u003e\u003c/a\u003e漏洞\u0026\u0026漏洞管理\u0026\u0026漏洞发现/挖掘\u0026\u0026漏洞开发\u0026\u0026漏洞利用\u0026\u0026Fuzzing","Container Tools","Kubernetes Security","Dependency intelligence","Security","CI/CD","\u003ca name=\"wazero\"\u003e\u003c/a\u003e[wazero](https://wazero.io) \u003csup\u003e[top⇈](#contents)\u003c/sup\u003e","Repositories / Tools","Other Awesome Lists","Code Security","Go (531)","Static Application Security Testing","security-tools","Containers","漏洞库、漏洞靶场","📋 Table of Contents","蓝队工具","Infrastructure as Code","security","Compliance Tools","Repos","Infrastructure as code security","Security \u0026 Compliance","一、核心工具集（按场景分类）","vulnerability-scanners","[🔓 security](https://github.com/stars/ketsapiwiq/lists/unlock-security)","Инструменты","Application Recommendation","📊 At a glance","Official projects","golang","Platform Engineering","Real-world Examples","Weapons","Container Scanning","Multiple languages","Network","docker","0x02 工具 :hammer_and_wrench:","Security \u0026 DevSecOps","go","Secure Programming","Configuration Management","Companion Tools","☸️ Kubernetes e Cloud Native","Container and Kubernetes Security","🚀 DevOps \u0026 Infrastructure","Tools \u0026 softwares","Container \u0026 Kubernetes","Open Source Projects","Repositories","Dependency Automation","容器管理与运维 (Container Operations)","Tools \u0026 Platforms","Software Composition Analysis (SCA)","🔐 Supply Chain \u0026 Runtime Security","工具：覆盖攻防全流程的实用利器"],"sub_categories":["Kubernetes","Trivy","Security",".NET","Snippets Manager","Image Scanning \u0026 SBOM","Development","Service meshes","\u003ca id=\"c0bec2b143739028ff4ec439e077aa63\"\u003e\u003c/a\u003e漏洞扫描\u0026\u0026挖掘\u0026\u0026发现","Infrastructure as Code Analysis","MultiCloud Governance","Online resources","Vulnerability information exchange","Kubernetes Security","Detection","Defending","Containers","Software Composition Analysis (SCA)","Threat modelling","网络服务_其他","Open Source SCA Tools","IAC(Infrastructure-as-Code)扫描","Container Scanning","Datasource Integrations Blogs and Articles","Security Assessment","10. 安全与合规（防护风险）","Сканеры Docker образов","🔒 Cybersecurity","Repositories","Code Service","Tools","Network Vulnerability Scanners","2 云原生工具","SAST","Professional Security","SCA and SBOM","Segurança K8s","Image Scanning","Security assessment","IaC \u0026 Container Security Tools","CLI Audit Tools","安全 (Security)","Open Source Platforms","Image Distribution \u0026 Caching","2. 容器扫描（检测镜像/容器中的风险）"],"readme":"\u003cdiv align=\"center\"\u003e\n\u003cimg src=\"docs/imgs/logo.png\" width=\"200\"\u003e\n\n[![GitHub Release][release-img]][release]\n[![Test][test-img]][test]\n[![Go Report Card][go-report-img]][go-report]\n[![License: Apache-2.0][license-img]][license]\n[![GitHub Downloads][github-downloads-img]][release]\n![Docker Pulls][docker-pulls]\n\n[📖 Documentation][docs]\n\u003c/div\u003e\n\nTrivy ([pronunciation][pronunciation]) is a comprehensive and versatile security scanner.\nTrivy has *scanners* that look for security issues, and *targets* where it can find those issues.\n\nTargets (what Trivy can scan):\n\n- Container Image\n- Filesystem\n- Git Repository (remote)\n- Virtual Machine Image\n- Kubernetes\n\nScanners (what Trivy can find there):\n\n- OS packages and software dependencies in use (SBOM)\n- Known vulnerabilities (CVEs)\n- IaC issues and misconfigurations\n- Sensitive information and secrets\n- Software licenses\n\nTrivy supports most popular programming languages, operating systems, and platforms. For a complete list, see the [Scanning Coverage] page.\n\nTo learn more, go to the [Trivy homepage][homepage] for feature highlights, or to the [Documentation site][docs] for detailed information.\n\n## Quick Start\n\n### Get Trivy\n\nTrivy is available in most common distribution channels. The full list of installation options is available in the [Installation] page. Here are a few popular examples:\n\n- `brew install trivy`\n- `docker run aquasec/trivy`\n- Download binary from \u003chttps://github.com/aquasecurity/trivy/releases/latest/\u003e\n- See [Installation] for more\n\nTrivy is integrated with many popular platforms and applications. The complete list of integrations is available in the [Ecosystem] page. Here are a few popular examples:\n\n- [GitHub Actions](https://github.com/aquasecurity/trivy-action)\n- [Kubernetes operator](https://github.com/aquasecurity/trivy-operator)\n- [VS Code plugin](https://github.com/aquasecurity/trivy-vscode-extension)\n- See [Ecosystem] for more\n\n### Canary builds\nThere are canary builds ([Docker Hub](https://hub.docker.com/r/aquasec/trivy/tags?page=1\u0026name=canary), [GitHub](https://github.com/aquasecurity/trivy/pkgs/container/trivy/75776514?tag=canary), [ECR](https://gallery.ecr.aws/aquasecurity/trivy#canary) images and [binaries](https://github.com/aquasecurity/trivy/actions/workflows/canary.yaml)) as generated every push to main branch.\n\nPlease be aware: canary builds might have critical bugs, it's not recommended for use in production.\n\n### General usage\n\n```bash\ntrivy \u003ctarget\u003e [--scanners \u003cscanner1,scanner2\u003e] \u003csubject\u003e\n```\n\nExamples:\n\n```bash\ntrivy image python:3.4-alpine\n```\n\n\u003cdetails\u003e\n\u003csummary\u003eResult\u003c/summary\u003e\n\nhttps://user-images.githubusercontent.com/1161307/171013513-95f18734-233d-45d3-aaf5-d6aec687db0e.mov\n\n\u003c/details\u003e\n\n```bash\ntrivy fs --scanners vuln,secret,misconfig myproject/\n```\n\n\u003cdetails\u003e\n\u003csummary\u003eResult\u003c/summary\u003e\n\nhttps://user-images.githubusercontent.com/1161307/171013917-b1f37810-f434-465c-b01a-22de036bd9b3.mov\n\n\u003c/details\u003e\n\n```bash\ntrivy k8s --report summary cluster\n```\n\n\u003cdetails\u003e\n\u003csummary\u003eResult\u003c/summary\u003e\n\n![k8s summary](docs/imgs/trivy-k8s.png)\n\n\u003c/details\u003e\n\n## FAQ\n\n### How to pronounce the name \"Trivy\"?\n\n`tri` is pronounced like **tri**gger, `vy` is pronounced like en**vy**.\n\n## Want more? Check out Aqua\n\nIf you liked Trivy, you will love Aqua which builds on top of Trivy to provide even more enhanced capabilities for a complete security management offering.  \nYou can find a high level comparison table specific to Trivy users [here](https://trivy.dev/latest/commercial/compare/).\nIn addition check out the \u003chttps://aquasec.com\u003e website for more information about our products and services.\nIf you'd like to contact Aqua or request a demo, please use this form: \u003chttps://www.aquasec.com/demo\u003e\n\n## Community\n\nTrivy is an [Aqua Security][aquasec] open source project.  \nLearn about our open source work and portfolio [here][oss].  \nContact us about any matter by opening a GitHub Discussion [here][discussions]\n\nPlease ensure to abide by our [Code of Conduct][code-of-conduct] during all interactions.\n\n[test]: https://github.com/aquasecurity/trivy/actions/workflows/test.yaml\n[test-img]: https://github.com/aquasecurity/trivy/actions/workflows/test.yaml/badge.svg\n[go-report]: https://goreportcard.com/report/github.com/aquasecurity/trivy\n[go-report-img]: https://goreportcard.com/badge/github.com/aquasecurity/trivy\n[release]: https://github.com/aquasecurity/trivy/releases\n[release-img]: https://img.shields.io/github/release/aquasecurity/trivy.svg?logo=github\n[github-downloads-img]: https://img.shields.io/github/downloads/aquasecurity/trivy/total?logo=github\n[docker-pulls]: https://img.shields.io/docker/pulls/aquasec/trivy?logo=docker\u0026label=docker%20pulls%20%2F%20trivy\n[license]: https://github.com/aquasecurity/trivy/blob/main/LICENSE\n[license-img]: https://img.shields.io/badge/License-Apache%202.0-blue.svg\n[homepage]: https://trivy.dev\n[docs]: https://trivy.dev/latest/docs/\n[pronunciation]: #how-to-pronounce-the-name-trivy\n[code-of-conduct]: https://github.com/aquasecurity/community/blob/main/CODE_OF_CONDUCT.md\n\n[Installation]:https://trivy.dev/latest/getting-started/installation/\n[Ecosystem]: https://trivy.dev/latest/ecosystem/\n[Scanning Coverage]: https://trivy.dev/latest/docs/coverage/\n\n[alpine]: https://ariadne.space/2021/06/08/the-vulnerability-remediation-lifecycle-of-alpine-containers/\n[rego]: https://www.openpolicyagent.org/docs/latest/#rego\n[sigstore]: https://www.sigstore.dev/\n\n[aquasec]: https://aquasec.com\n[oss]: https://www.aquasec.com/products/open-source-projects/\n[discussions]: https://github.com/aquasecurity/trivy/discussions\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faquasecurity%2Ftrivy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Faquasecurity%2Ftrivy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faquasecurity%2Ftrivy/lists"}