Trivy

Filesystem Commands

Scan local filesystems for vulnerabilities in package.json, requirements.txt, go.mod, and more.

4 commands

Pro Tips

Use --skip-dirs to exclude node_modules and vendor

$ trivy fs .

Scan current directory for vulnerabilities.

$ trivy fs --skip-dirs node_modules,vendor .

Scan and skip certain directories.

$ trivy fs --scanners vuln package-lock.json

Scan specific lock file.

$ trivy fs --exit-code 1 --severity HIGH,CRITICAL .

Exit with code 1 if vulnerabilities found.