Trivy
Comprehensive security scanner for containers, filesystems, and IaC. Find vulnerabilities, misconfigurations, and secrets.
30 commands
Browse by Topic
Install Trivy (macOS)
Install Trivy security scanner using Homebrew on macOS
Install Trivy (Linux)
Install Trivy security scanner on Debian/Ubuntu Linux
Check Trivy version
Verify Trivy installation and display version info
Scan image
Scan a container image for vulnerabilities.
Scan with severity filter
Show only high and critical vulnerabilities.
Ignore unfixed
Hide vulnerabilities without fixes.
JSON output
Output results as JSON.
Scan for secrets
Scan image for embedded secrets.
Scan local image
Scan a local image tarball.
Scan directory
Scan current directory for vulnerabilities.
Scan with skip
Scan and skip certain directories.
Scan lock files
Scan specific lock file.
Exit code on findings
Exit with code 1 if vulnerabilities found.
Scan Git repo
Scan a remote Git repository.
Scan for secrets
Scan repository for secrets.
Scan specific branch
Scan a specific branch.
Scan with commit
Scan at specific commit.
Scan Terraform
Scan Terraform files for misconfigurations.
Scan Kubernetes
Scan Kubernetes manifests.
Compliance check
Run compliance benchmark checks.
Scan Dockerfile
Scan Dockerfile for issues.
Generate CycloneDX
Generate CycloneDX SBOM.
Generate SPDX
Generate SPDX SBOM.
Scan existing SBOM
Scan an existing SBOM for vulnerabilities.
Filesystem SBOM
Generate SBOM for filesystem.
Scan cluster
Scan entire Kubernetes cluster.
Scan namespace
Scan specific namespace.
Scan workloads
Scan specific resource types.
Compliance scan
Run NSA K8s hardening compliance.
Scan with context
Scan using specific kubeconfig context.
Discussion
Loading comments...