Trivy logo


Vulnerability Scanner for Containers, Suitable for CI
+ 1

What is Trivy?

It is a simple and comprehensive vulnerability scanner for containers and other artifacts. It detects vulnerabilities of OS packages (Alpine, RHEL, CentOS, etc.) and application dependencies (Bundler, Composer, npm, yarn, etc.). It is easy to use. Just install the binary and you're ready to scan. All you need to do for scanning is to specify a target such as an image name of the container.
Trivy is a tool in the Security category of a tech stack.
Trivy is an open source tool with 15.5K GitHub stars and 1.5K GitHub forks. Here’s a link to Trivy's open source repository on GitHub

Who uses Trivy?

9 companies reportedly use Trivy in their tech stacks, including Onefootball, Infrastructure, and HUMANOO.

17 developers on StackShare have stated that they use Trivy.

Trivy Integrations

Jenkins, CentOS, Travis CI, CircleCI, and GitHub Actions are some of the popular tools that integrate with Trivy. Here's a list of all 10 tools that integrate with Trivy.

Trivy's Features

  • Simple
  • Fast
  • Easy installation
  • High accuracy
  • Detect comprehensive vulnerabilities
  • Suitable for CI such as Travis CI, CircleCI, Jenkins, GitLab CI, etc
  • Support multiple formats

Trivy Alternatives & Comparisons

What are some alternatives to Trivy?
Kubernetes is an open source orchestration system for Docker containers. It handles scheduling onto nodes in a compute cluster and actively manages workloads to ensure that their state matches the users declared intentions.
Docker Compose
With Compose, you define a multi-container application in a single file, then spin your application up in a single command which does everything that needs to be done to get it running.
It is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It is also a general-purpose cryptography library.
Let's Encrypt
It is a free, automated, and open certificate authority brought to you by the non-profit Internet Security Research Group (ISRG).
Spring Cloud
It provides tools for developers to quickly build some of the common patterns in distributed systems.
See all alternatives
Related Comparisons
No related comparisons found

Trivy's Followers
14 developers follow Trivy to keep up with related blogs and decisions.