Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/aquasecurity/trivy

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
https://github.com/aquasecurity/trivy

containers devsecops docker go golang hacktoberfest iac infrastructure-as-code kubernetes misconfiguration security security-tools vulnerability vulnerability-detection vulnerability-scanners

Last synced: 3 days ago
JSON representation

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

Host: GitHub
URL: https://github.com/aquasecurity/trivy
Owner: aquasecurity
License: apache-2.0
Created: 2019-04-11T01:01:07.000Z (over 5 years ago)
Default Branch: main
Last Pushed: 2024-10-29T23:13:18.000Z (about 1 month ago)
Last Synced: 2024-10-30T00:47:33.331Z (about 1 month ago)
Topics: containers, devsecops, docker, go, golang, hacktoberfest, iac, infrastructure-as-code, kubernetes, misconfiguration, security, security-tools, vulnerability, vulnerability-detection, vulnerability-scanners
Language: Go
Homepage: https://aquasecurity.github.io/trivy
Size: 843 MB
Stars: 23,421
Watchers: 165
Forks: 2,311
Open Issues: 206
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Codeowners: .github/CODEOWNERS
- Security: SECURITY.md

Awesome Lists containing this project

awesome-DevOpsSec - Trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes (Tools / Kubernetes)
awesome-go - aquasecurity/trivy
awesome-containerized-security - trivy
awesome-cybersecurity-blueteam - Trivy - Simple and comprehensive vulnerability scanner for containers and other artifacts, suitable for use in continuous integration pipelines. (DevSecOps / Service meshes)
awesome-devsecops - Trivy - _Aqua Security_ - Simple and comprehensive vulnerability scanner for containers. (Tools / Infrastructure as Code Analysis)
awesome-modern-devops - Trivy - An open source security scanner. (DevSecOps)
awesome-github-repos - aquasecurity/trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more (Go)
awesome-rainmana - aquasecurity/trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more (Go)
awesome-repositories - aquasecurity/trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more (Go)
awesome-cloud-security - Trivy
awesome-software-supply-chain-security - aquasecurity/trivy: Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues
awesome-starts - aquasecurity/trivy - A Simple and Comprehensive Vulnerability Scanner for Container Images, Git Repositories and Filesystems. Suitable for CI (Go)
awesome-k8s - Trivy
awesome-list - trivy
dereks-awesome-list - Trivy - Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues. (Containers)
awesome-golang-repositories - trivy
awesome-kubernetes-threat-detection - trivy
awesome-wasm-runtimes - trivy - vulnerability/misconfiguration/secret scanner for containers and other artifacts (<a name="wazero"></a>[wazero](https://wazero.io) <sup>[top⇈](#contents)</sup>)
awesome-k8s-security - trivy
awesome-cloud-sec - trivy - - Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues (Other Awesome Lists / Containers)
awesome-docker-security - trivy - A simple and comprehensive Vulnerability Scanner for Containers, suitable for CI. (Tools / Container Scanning)
awesome-kubernetes-security - trivy - A Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI (Open Source Projects)
awesome-cloud-security - 地址
awesome-opa - Trivy - Scan your code and artifacts for known vulnerabilities and misconfiguration issues. (Infrastructure as Code / Datasource Integrations Blogs and Articles)
awesome-devsecops-russia - Trivy
awesome-hacking-lists - aquasecurity/trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more (Go)
awesome-docker - Trivy - Aqua Security's open source simple and comprehensive vulnerability scanner for containers (suitable for CI). (Container Operations / Security)
awesome-software-supply-chain-security - trivy - ![GitHub stars](https://img.shields.io/github/stars/aquasecurity/trivy?style=flat-square) - Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues. (Static Application Security Testing)
my-awesome - aquasecurity/trivy - as-code,kubernetes,misconfiguration,security,security-tools,vulnerability,vulnerability-detection,vulnerability-scanners pushed_at:2024-12 star:23.9k fork:2.3k Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more (Go)
awesome-docker-security - trivy - 适用于 CI 的简单且全面的容器漏洞扫描工具。 (工具 / 容器扫描)
DevSecOps - https://github.com/aquasecurity/trivy - as-code |![Trivy](https://img.shields.io/github/stars/aquasecurity/trivy?style=for-the-badge) | (Infrastructure as code security)
StarryDivineSky - aquasecurity/trivy
awesome-starred - aquasecurity/trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more (security)
awesome-devsecops - Trivy - _Aqua Security_ - Simple and comprehensive vulnerability scanner for containers. (Tools / Infrastructure as Code Analysis)
awesome-technostructure - aquasecurity/trivy
awesome-technostructure - aquasecurity/trivy
awesome-sbom - Aqua Trivy
awesome-docker-security - trivy - 适用于 CI 的简单且全面的容器漏洞扫描工具。 (工具 / 容器扫描)

README

        




[![GitHub Release][release-img]][release]

[![Test][test-img]][test]

[![Go Report Card][go-report-img]][go-report]

[![License: Apache-2.0][license-img]][license]

[![GitHub Downloads][github-downloads-img]][release]

![Docker Pulls][docker-pulls]

[📖 Documentation][docs]



Trivy ([pronunciation][pronunciation]) is a comprehensive and versatile security scanner.

Trivy has *scanners* that look for security issues, and *targets* where it can find those issues.

Targets (what Trivy can scan):

- Container Image

- Filesystem

- Git Repository (remote)

- Virtual Machine Image

- Kubernetes

Scanners (what Trivy can find there):

- OS packages and software dependencies in use (SBOM)

- Known vulnerabilities (CVEs)

- IaC issues and misconfigurations

- Sensitive information and secrets

- Software licenses

Trivy supports most popular programming languages, operating systems, and platforms. For a complete list, see the [Scanning Coverage] page.

To learn more, go to the [Trivy homepage][homepage] for feature highlights, or to the [Documentation site][docs] for detailed information.

## Quick Start

### Get Trivy

Trivy is available in most common distribution channels. The full list of installation options is available in the [Installation] page. Here are a few popular examples:

- `brew install trivy`

- `docker run aquasec/trivy`

- Download binary from 

- See [Installation] for more

Trivy is integrated with many popular platforms and applications. The complete list of integrations is available in the [Ecosystem] page. Here are a few popular examples:

- [GitHub Actions](https://github.com/aquasecurity/trivy-action)

- [Kubernetes operator](https://github.com/aquasecurity/trivy-operator)

- [VS Code plugin](https://github.com/aquasecurity/trivy-vscode-extension)

- See [Ecosystem] for more

### Canary builds

There are canary builds ([Docker Hub](https://hub.docker.com/r/aquasec/trivy/tags?page=1&name=canary), [GitHub](https://github.com/aquasecurity/trivy/pkgs/container/trivy/75776514?tag=canary), [ECR](https://gallery.ecr.aws/aquasecurity/trivy#canary) images and [binaries](https://github.com/aquasecurity/trivy/actions/workflows/canary.yaml)) as generated every push to main branch.

Please be aware: canary builds might have critical bugs, it's not recommended for use in production.

### General usage

```bash

trivy  [--scanners ] 

```

Examples:

```bash

trivy image python:3.4-alpine

```

Result

https://user-images.githubusercontent.com/1161307/171013513-95f18734-233d-45d3-aaf5-d6aec687db0e.mov

```bash

trivy fs --scanners vuln,secret,misconfig myproject/

```

Result

https://user-images.githubusercontent.com/1161307/171013917-b1f37810-f434-465c-b01a-22de036bd9b3.mov

```bash

trivy k8s --report summary cluster

```

Result

![k8s summary](docs/imgs/trivy-k8s.png)

## FAQ

### How to pronounce the name "Trivy"?

`tri` is pronounced like **tri**gger, `vy` is pronounced like en**vy**.

## Want more? Check out Aqua

If you liked Trivy, you will love Aqua which builds on top of Trivy to provide even more enhanced capabilities for a complete security management offering.  

You can find a high level comparison table specific to Trivy users [here](https://trivy.dev/commercial/comparison).  

In addition check out the  website for more information about our products and services.

If you'd like to contact Aqua or request a demo, please use this form: 

## Community

Trivy is an [Aqua Security][aquasec] open source project.  

Learn about our open source work and portfolio [here][oss].  

Contact us about any matter by opening a GitHub Discussion [here][discussions]

Join our [Slack community][slack] to stay up to date with community efforts.

Please ensure to abide by our [Code of Conduct][code-of-conduct] during all interactions.

[test]: https://github.com/aquasecurity/trivy/actions/workflows/test.yaml

[test-img]: https://github.com/aquasecurity/trivy/actions/workflows/test.yaml/badge.svg

[go-report]: https://goreportcard.com/report/github.com/aquasecurity/trivy

[go-report-img]: https://goreportcard.com/badge/github.com/aquasecurity/trivy

[release]: https://github.com/aquasecurity/trivy/releases

[release-img]: https://img.shields.io/github/release/aquasecurity/trivy.svg?logo=github

[github-downloads-img]: https://img.shields.io/github/downloads/aquasecurity/trivy/total?logo=github

[docker-pulls]: https://img.shields.io/docker/pulls/aquasec/trivy?logo=docker&label=docker%20pulls%20%2F%20trivy

[license]: https://github.com/aquasecurity/trivy/blob/main/LICENSE

[license-img]: https://img.shields.io/badge/License-Apache%202.0-blue.svg

[homepage]: https://trivy.dev

[docs]: https://aquasecurity.github.io/trivy

[pronunciation]: #how-to-pronounce-the-name-trivy

[slack]: https://slack.aquasec.com

[code-of-conduct]: https://github.com/aquasecurity/community/blob/main/CODE_OF_CONDUCT.md

[Installation]:https://aquasecurity.github.io/trivy/latest/getting-started/installation/

[Ecosystem]: https://aquasecurity.github.io/trivy/latest/ecosystem/

[Scanning Coverage]: https://aquasecurity.github.io/trivy/latest/docs/coverage/

[alpine]: https://ariadne.space/2021/06/08/the-vulnerability-remediation-lifecycle-of-alpine-containers/

[rego]: https://www.openpolicyagent.org/docs/latest/#rego

[sigstore]: https://www.sigstore.dev/

[aquasec]: https://aquasec.com

[oss]: https://www.aquasec.com/products/open-source-projects/

[discussions]: https://github.com/aquasecurity/trivy/discussions