Alternatives to Trivy logo

Alternatives to Trivy

Kubernetes, Docker Compose, OpenSSL, Let's Encrypt, and Rancher are the most popular alternatives and competitors to Trivy.
42
22
+ 1
0

What is Trivy and what are its top alternatives?

It is a simple and comprehensive vulnerability scanner for containers and other artifacts. It detects vulnerabilities of OS packages (Alpine, RHEL, CentOS, etc.) and application dependencies (Bundler, Composer, npm, yarn, etc.). It is easy to use. Just install the binary and you're ready to scan. All you need to do for scanning is to specify a target such as an image name of the container.
Trivy is a tool in the Security category of a tech stack.
Trivy is an open source tool with 20.9K GitHub stars and 2.1K GitHub forks. Here’s a link to Trivy's open source repository on GitHub

Top Alternatives to Trivy

  • Kubernetes
    Kubernetes

    Kubernetes is an open source orchestration system for Docker containers. It handles scheduling onto nodes in a compute cluster and actively manages workloads to ensure that their state matches the users declared intentions. ...

  • Docker Compose
    Docker Compose

    With Compose, you define a multi-container application in a single file, then spin your application up in a single command which does everything that needs to be done to get it running. ...

  • OpenSSL
    OpenSSL

    It is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It is also a general-purpose cryptography library. ...

  • Let's Encrypt
    Let's Encrypt

    It is a free, automated, and open certificate authority brought to you by the non-profit Internet Security Research Group (ISRG). ...

  • Rancher
    Rancher

    Rancher is an open source container management platform that includes full distributions of Kubernetes, Apache Mesos and Docker Swarm, and makes it simple to operate container clusters on any cloud or infrastructure platform. ...

  • Docker Swarm
    Docker Swarm

    Swarm serves the standard Docker API, so any tool which already communicates with a Docker daemon can use Swarm to transparently scale to multiple hosts: Dokku, Compose, Krane, Deis, DockerUI, Shipyard, Drone, Jenkins... and, of course, the Docker client itself. ...

  • Argo
    Argo

    Argo is an open source container-native workflow engine for getting work done on Kubernetes. Argo is implemented as a Kubernetes CRD (Custom Resource Definition). ...

  • Portainer
    Portainer

    It is a universal container management tool. It works with Kubernetes, Docker, Docker Swarm and Azure ACI. It allows you to manage containers without needing to know platform-specific code. ...

Trivy alternatives & related posts

Kubernetes logo

Kubernetes

58.6K
50.3K
677
Manage a cluster of Linux containers as a single system to accelerate Dev and simplify Ops
58.6K
50.3K
+ 1
677
PROS OF KUBERNETES
  • 164
    Leading docker container management solution
  • 128
    Simple and powerful
  • 106
    Open source
  • 76
    Backed by google
  • 58
    The right abstractions
  • 25
    Scale services
  • 20
    Replication controller
  • 11
    Permission managment
  • 9
    Supports autoscaling
  • 8
    Cheap
  • 8
    Simple
  • 6
    Self-healing
  • 5
    No cloud platform lock-in
  • 5
    Promotes modern/good infrascture practice
  • 5
    Open, powerful, stable
  • 5
    Reliable
  • 4
    Scalable
  • 4
    Quick cloud setup
  • 3
    Cloud Agnostic
  • 3
    Captain of Container Ship
  • 3
    A self healing environment with rich metadata
  • 3
    Runs on azure
  • 3
    Backed by Red Hat
  • 3
    Custom and extensibility
  • 2
    Sfg
  • 2
    Gke
  • 2
    Everything of CaaS
  • 2
    Golang
  • 2
    Easy setup
  • 2
    Expandable
CONS OF KUBERNETES
  • 16
    Steep learning curve
  • 15
    Poor workflow for development
  • 8
    Orchestrates only infrastructure
  • 4
    High resource requirements for on-prem clusters
  • 2
    Too heavy for simple systems
  • 1
    Additional vendor lock-in (Docker)
  • 1
    More moving parts to secure
  • 1
    Additional Technology Overhead

related Kubernetes posts

Conor Myhrvold
Tech Brand Mgr, Office of CTO at Uber · | 44 upvotes · 9.5M views

How Uber developed the open source, end-to-end distributed tracing Jaeger , now a CNCF project:

Distributed tracing is quickly becoming a must-have component in the tools that organizations use to monitor their complex, microservice-based architectures. At Uber, our open source distributed tracing system Jaeger saw large-scale internal adoption throughout 2016, integrated into hundreds of microservices and now recording thousands of traces every second.

Here is the story of how we got here, from investigating off-the-shelf solutions like Zipkin, to why we switched from pull to push architecture, and how distributed tracing will continue to evolve:

https://eng.uber.com/distributed-tracing/

(GitHub Pages : https://www.jaegertracing.io/, GitHub: https://github.com/jaegertracing/jaeger)

Bindings/Operator: Python Java Node.js Go C++ Kubernetes JavaScript OpenShift C# Apache Spark

See more
Yshay Yaacobi

Our first experience with .NET core was when we developed our OSS feature management platform - Tweek (https://github.com/soluto/tweek). We wanted to create a solution that is able to run anywhere (super important for OSS), has excellent performance characteristics and can fit in a multi-container architecture. We decided to implement our rule engine processor in F# , our main service was implemented in C# and other components were built using JavaScript / TypeScript and Go.

Visual Studio Code worked really well for us as well, it worked well with all our polyglot services and the .Net core integration had great cross-platform developer experience (to be fair, F# was a bit trickier) - actually, each of our team members used a different OS (Ubuntu, macos, windows). Our production deployment ran for a time on Docker Swarm until we've decided to adopt Kubernetes with almost seamless migration process.

After our positive experience of running .Net core workloads in containers and developing Tweek's .Net services on non-windows machines, C# had gained back some of its popularity (originally lost to Node.js), and other teams have been using it for developing microservices, k8s sidecars (like https://github.com/Soluto/airbag), cli tools, serverless functions and other projects...

See more
Docker Compose logo

Docker Compose

21.4K
15.9K
501
Define and run multi-container applications with Docker
21.4K
15.9K
+ 1
501
PROS OF DOCKER COMPOSE
  • 123
    Multi-container descriptor
  • 110
    Fast development environment setup
  • 79
    Easy linking of containers
  • 68
    Simple yaml configuration
  • 60
    Easy setup
  • 16
    Yml or yaml format
  • 12
    Use Standard Docker API
  • 8
    Open source
  • 5
    Go from template to application in minutes
  • 5
    Can choose Discovery Backend
  • 4
    Scalable
  • 4
    Easy configuration
  • 4
    Kubernetes integration
  • 3
    Quick and easy
CONS OF DOCKER COMPOSE
  • 9
    Tied to single machine
  • 5
    Still very volatile, changing syntax often

related Docker Compose posts

Simon Reymann
Senior Fullstack Developer at QUANTUSflow Software GmbH · | 30 upvotes · 8.9M views

Our whole DevOps stack consists of the following tools:

  • GitHub (incl. GitHub Pages/Markdown for Documentation, GettingStarted and HowTo's) for collaborative review and code management tool
  • Respectively Git as revision control system
  • SourceTree as Git GUI
  • Visual Studio Code as IDE
  • CircleCI for continuous integration (automatize development process)
  • Prettier / TSLint / ESLint as code linter
  • SonarQube as quality gate
  • Docker as container management (incl. Docker Compose for multi-container application management)
  • VirtualBox for operating system simulation tests
  • Kubernetes as cluster management for docker containers
  • Heroku for deploying in test environments
  • nginx as web server (preferably used as facade server in production environment)
  • SSLMate (using OpenSSL) for certificate management
  • Amazon EC2 (incl. Amazon S3) for deploying in stage (production-like) and production environments
  • PostgreSQL as preferred database system
  • Redis as preferred in-memory database/store (great for caching)

The main reason we have chosen Kubernetes over Docker Swarm is related to the following artifacts:

  • Key features: Easy and flexible installation, Clear dashboard, Great scaling operations, Monitoring is an integral part, Great load balancing concepts, Monitors the condition and ensures compensation in the event of failure.
  • Applications: An application can be deployed using a combination of pods, deployments, and services (or micro-services).
  • Functionality: Kubernetes as a complex installation and setup process, but it not as limited as Docker Swarm.
  • Monitoring: It supports multiple versions of logging and monitoring when the services are deployed within the cluster (Elasticsearch/Kibana (ELK), Heapster/Grafana, Sysdig cloud integration).
  • Scalability: All-in-one framework for distributed systems.
  • Other Benefits: Kubernetes is backed by the Cloud Native Computing Foundation (CNCF), huge community among container orchestration tools, it is an open source and modular tool that works with any OS.
See more

Recently I have been working on an open source stack to help people consolidate their personal health data in a single database so that AI and analytics apps can be run against it to find personalized treatments. We chose to go with a #containerized approach leveraging Docker #containers with a local development environment setup with Docker Compose and nginx for container routing. For the production environment we chose to pull code from GitHub and build/push images using Jenkins and using Kubernetes to deploy to Amazon EC2.

We also implemented a dashboard app to handle user authentication/authorization, as well as a custom SSO server that runs on Heroku which allows experts to easily visit more than one instance without having to login repeatedly. The #Backend was implemented using my favorite #Stack which consists of FeathersJS on top of Node.js and ExpressJS with PostgreSQL as the main database. The #Frontend was implemented using React, Redux.js, Semantic UI React and the FeathersJS client. Though testing was light on this project, we chose to use AVA as well as ESLint to keep the codebase clean and consistent.

See more
OpenSSL logo

OpenSSL

13.1K
6.8K
0
Full-featured toolkit for the Transport Layer Security and Secure Sockets Layer protocols
13.1K
6.8K
+ 1
0
PROS OF OPENSSL
    Be the first to leave a pro
    CONS OF OPENSSL
      Be the first to leave a con

      related OpenSSL posts

      Simon Reymann
      Senior Fullstack Developer at QUANTUSflow Software GmbH · | 30 upvotes · 8.9M views

      Our whole DevOps stack consists of the following tools:

      • GitHub (incl. GitHub Pages/Markdown for Documentation, GettingStarted and HowTo's) for collaborative review and code management tool
      • Respectively Git as revision control system
      • SourceTree as Git GUI
      • Visual Studio Code as IDE
      • CircleCI for continuous integration (automatize development process)
      • Prettier / TSLint / ESLint as code linter
      • SonarQube as quality gate
      • Docker as container management (incl. Docker Compose for multi-container application management)
      • VirtualBox for operating system simulation tests
      • Kubernetes as cluster management for docker containers
      • Heroku for deploying in test environments
      • nginx as web server (preferably used as facade server in production environment)
      • SSLMate (using OpenSSL) for certificate management
      • Amazon EC2 (incl. Amazon S3) for deploying in stage (production-like) and production environments
      • PostgreSQL as preferred database system
      • Redis as preferred in-memory database/store (great for caching)

      The main reason we have chosen Kubernetes over Docker Swarm is related to the following artifacts:

      • Key features: Easy and flexible installation, Clear dashboard, Great scaling operations, Monitoring is an integral part, Great load balancing concepts, Monitors the condition and ensures compensation in the event of failure.
      • Applications: An application can be deployed using a combination of pods, deployments, and services (or micro-services).
      • Functionality: Kubernetes as a complex installation and setup process, but it not as limited as Docker Swarm.
      • Monitoring: It supports multiple versions of logging and monitoring when the services are deployed within the cluster (Elasticsearch/Kibana (ELK), Heapster/Grafana, Sysdig cloud integration).
      • Scalability: All-in-one framework for distributed systems.
      • Other Benefits: Kubernetes is backed by the Cloud Native Computing Foundation (CNCF), huge community among container orchestration tools, it is an open source and modular tool that works with any OS.
      See more
      Let's Encrypt logo

      Let's Encrypt

      1.7K
      967
      98
      A free, automated, and open Certificate Authority (CA)
      1.7K
      967
      + 1
      98
      PROS OF LET'S ENCRYPT
      • 48
        Open Source SSL
      • 32
        Simple setup
      • 9
        Free
      • 9
        Microservices
      • 0
        Easy ssl certificates
      CONS OF LET'S ENCRYPT
        Be the first to leave a con

        related Let's Encrypt posts

        Rancher logo

        Rancher

        945
        1.5K
        644
        Open Source Platform for Running a Private Container Service
        945
        1.5K
        + 1
        644
        PROS OF RANCHER
        • 103
          Easy to use
        • 79
          Open source and totally free
        • 63
          Multi-host docker-compose support
        • 58
          Load balancing and health check included
        • 58
          Simple
        • 44
          Rolling upgrades, green/blue upgrades feature
        • 42
          Dns and service discovery out-of-the-box
        • 37
          Only requires docker
        • 34
          Multitenant and permission management
        • 29
          Easy to use and feature rich
        • 11
          Cross cloud compatible
        • 11
          Does everything needed for a docker infrastructure
        • 8
          Simple and powerful
        • 8
          Next-gen platform
        • 7
          Very Docker-friendly
        • 6
          Support Kubernetes and Swarm
        • 6
          Application catalogs with stack templates (wizards)
        • 6
          Supports Apache Mesos, Docker Swarm, and Kubernetes
        • 6
          Rolling and blue/green upgrades deployments
        • 6
          High Availability service: keeps your app up 24/7
        • 5
          Easy to use service catalog
        • 4
          Very intuitive UI
        • 4
          IaaS-vendor independent, supports hybrid/multi-cloud
        • 4
          Awesome support
        • 3
          Scalable
        • 2
          Requires less infrastructure requirements
        CONS OF RANCHER
        • 10
          Hosting Rancher can be complicated

        related Rancher posts

        Docker Swarm logo

        Docker Swarm

        779
        974
        282
        Native clustering for Docker. Turn a pool of Docker hosts into a single, virtual host.
        779
        974
        + 1
        282
        PROS OF DOCKER SWARM
        • 55
          Docker friendly
        • 46
          Easy to setup
        • 40
          Standard Docker API
        • 38
          Easy to use
        • 23
          Native
        • 22
          Free
        • 13
          Clustering made easy
        • 12
          Simple usage
        • 11
          Integral part of docker
        • 6
          Cross Platform
        • 5
          Labels and annotations
        • 5
          Performance
        • 3
          Easy Networking
        • 3
          Shallow learning curve
        CONS OF DOCKER SWARM
        • 9
          Low adoption

        related Docker Swarm posts

        Yshay Yaacobi

        Our first experience with .NET core was when we developed our OSS feature management platform - Tweek (https://github.com/soluto/tweek). We wanted to create a solution that is able to run anywhere (super important for OSS), has excellent performance characteristics and can fit in a multi-container architecture. We decided to implement our rule engine processor in F# , our main service was implemented in C# and other components were built using JavaScript / TypeScript and Go.

        Visual Studio Code worked really well for us as well, it worked well with all our polyglot services and the .Net core integration had great cross-platform developer experience (to be fair, F# was a bit trickier) - actually, each of our team members used a different OS (Ubuntu, macos, windows). Our production deployment ran for a time on Docker Swarm until we've decided to adopt Kubernetes with almost seamless migration process.

        After our positive experience of running .Net core workloads in containers and developing Tweek's .Net services on non-windows machines, C# had gained back some of its popularity (originally lost to Node.js), and other teams have been using it for developing microservices, k8s sidecars (like https://github.com/Soluto/airbag), cli tools, serverless functions and other projects...

        See more
        Simon Reymann
        Senior Fullstack Developer at QUANTUSflow Software GmbH · | 30 upvotes · 8.9M views

        Our whole DevOps stack consists of the following tools:

        • GitHub (incl. GitHub Pages/Markdown for Documentation, GettingStarted and HowTo's) for collaborative review and code management tool
        • Respectively Git as revision control system
        • SourceTree as Git GUI
        • Visual Studio Code as IDE
        • CircleCI for continuous integration (automatize development process)
        • Prettier / TSLint / ESLint as code linter
        • SonarQube as quality gate
        • Docker as container management (incl. Docker Compose for multi-container application management)
        • VirtualBox for operating system simulation tests
        • Kubernetes as cluster management for docker containers
        • Heroku for deploying in test environments
        • nginx as web server (preferably used as facade server in production environment)
        • SSLMate (using OpenSSL) for certificate management
        • Amazon EC2 (incl. Amazon S3) for deploying in stage (production-like) and production environments
        • PostgreSQL as preferred database system
        • Redis as preferred in-memory database/store (great for caching)

        The main reason we have chosen Kubernetes over Docker Swarm is related to the following artifacts:

        • Key features: Easy and flexible installation, Clear dashboard, Great scaling operations, Monitoring is an integral part, Great load balancing concepts, Monitors the condition and ensures compensation in the event of failure.
        • Applications: An application can be deployed using a combination of pods, deployments, and services (or micro-services).
        • Functionality: Kubernetes as a complex installation and setup process, but it not as limited as Docker Swarm.
        • Monitoring: It supports multiple versions of logging and monitoring when the services are deployed within the cluster (Elasticsearch/Kibana (ELK), Heapster/Grafana, Sysdig cloud integration).
        • Scalability: All-in-one framework for distributed systems.
        • Other Benefits: Kubernetes is backed by the Cloud Native Computing Foundation (CNCF), huge community among container orchestration tools, it is an open source and modular tool that works with any OS.
        See more
        Argo logo

        Argo

        670
        433
        6
        Container-native workflows for Kubernetes
        670
        433
        + 1
        6
        PROS OF ARGO
        • 3
          Open Source
        • 2
          Autosinchronize the changes to deploy
        • 1
          Online service, no need to install anything
        CONS OF ARGO
          Be the first to leave a con

          related Argo posts

          Portainer logo

          Portainer

          482
          817
          144
          Open source tool for managing containerized applications
          482
          817
          + 1
          144
          PROS OF PORTAINER
          • 35
            Simple
          • 26
            Great UI
          • 19
            Friendly
          • 12
            Easy to setup, gives a practical interface for Docker
          • 11
            Because it just works, super simple yet powerful
          • 11
            Fully featured
          • 9
            A must for Docker DevOps
          • 7
            Free and opensource
          • 5
            It's simple, fast and the support is great
          • 5
            API
          • 4
            Template Support
          CONS OF PORTAINER
            Be the first to leave a con

            related Portainer posts

            Wallace Alves
            Cyber Security Analyst · | 2 upvotes · 854.8K views

            Docker Docker Compose Portainer ELK Elasticsearch Kibana Logstash nginx

            See more
            Charles Coleman
            President/CEO at Rapidfyre · | 2 upvotes · 279.7K views
            Shared insights
            on
            PortainerPortainerDockerDocker

            I've found Portainer to be a like the 8 tooled jacknife I need for Docker and am loving it. Wasn't hard to get up and going and is well rounded enough to do everything I need. Win win.

            See more