Trivy logo

Trivy

Vulnerability Scanner for Containers, Suitable for CI
13
8
+ 1
0

What is Trivy?

It is a simple and comprehensive vulnerability scanner for containers and other artifacts. It detects vulnerabilities of OS packages (Alpine, RHEL, CentOS, etc.) and application dependencies (Bundler, Composer, npm, yarn, etc.). It is easy to use. Just install the binary and you're ready to scan. All you need to do for scanning is to specify a target such as an image name of the container.
Trivy is a tool in the Security category of a tech stack.
Trivy is an open source tool with 9.3K GitHub stars and 848 GitHub forks. Here’s a link to Trivy's open source repository on GitHub

Who uses Trivy?

Companies
4 companies reportedly use Trivy in their tech stacks, including Onefootball, Infrastructure, and Tool Stack.

Developers
9 developers on StackShare have stated that they use Trivy.

Trivy Integrations

Jenkins, CentOS, Travis CI, CircleCI, and GitLab CI are some of the popular tools that integrate with Trivy. Here's a list of all 10 tools that integrate with Trivy.

Trivy's Features

  • Simple
  • Fast
  • Easy installation
  • High accuracy
  • Detect comprehensive vulnerabilities
  • Suitable for CI such as Travis CI, CircleCI, Jenkins, GitLab CI, etc
  • Support multiple formats

Trivy Alternatives & Comparisons

What are some alternatives to Trivy?
Kubernetes
Kubernetes is an open source orchestration system for Docker containers. It handles scheduling onto nodes in a compute cluster and actively manages workloads to ensure that their state matches the users declared intentions.
Docker Compose
With Compose, you define a multi-container application in a single file, then spin your application up in a single command which does everything that needs to be done to get it running.
OpenSSL
It is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It is also a general-purpose cryptography library.
Let's Encrypt
It is a free, automated, and open certificate authority brought to you by the non-profit Internet Security Research Group (ISRG).
Helm
Helm is the best way to find, share, and use software built for Kubernetes.
See all alternatives
Related Comparisons
No related comparisons found

Trivy's Followers
8 developers follow Trivy to keep up with related blogs and decisions.