Trivy

Trivy is a security scanner that detects issues across various targets such as container images, filesystems, Git repositories, virtual machine images, Kubernetes clusters, and AWS environments. It identifies OS packages and software dependencies, known vulnerabilities (CVEs), IaC issues and misconfigurations, sensitive information and secrets, and software licenses.

Use cases include scanning container images for vulnerabilities before deployment, auditing local filesystems for misconfigurations and secrets, analyzing Git repositories for security issues, and checking Kubernetes clusters experimentally. It supports server mode for continuous scanning and provides utilities for report conversion and cache management.

The tool is versatile for DevSecOps pipelines, cloud security, and infrastructure as code validation, helping teams identify and remediate risks early in development and deployment processes.

Trivy operates by scanning specified targets using dedicated scanners for OS packages/software dependencies (SBOM), CVEs, IaC misconfigurations, secrets, and licenses. It uses a cache directory for efficiency (default /root/.cache/trivy), configurable via --cache-dir, and supports formats like JSON via -f. Global flags control debug mode (-d), quiet output (-q), insecure connections (--insecure), and config files (-c trivy.yaml). Commands like image, fs, repository target specific environments, with experimental support for kubernetes and vm.