# aquasecurity/trivy

**Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/aquasecurity-trivy).**

36,462 stars · 481 forks · Go · Apache-2.0

## Links

- GitHub: https://github.com/aquasecurity/trivy
- Homepage: https://trivy.dev
- awesome-repositories: https://awesome-repositories.com/repository/aquasecurity-trivy.md

## Topics

`containers` `devsecops` `docker` `go` `golang` `hacktoberfest` `iac` `infrastructure-as-code` `kubernetes` `misconfiguration` `security` `security-tools` `vulnerability` `vulnerability-detection` `vulnerability-scanners`

## Description

Trivy is a comprehensive security scanner designed to identify vulnerabilities and misconfigurations across container images, filesystems, and infrastructure as code files. It functions as a software composition analysis tool and an infrastructure security scanner, providing automated checks for CI/CD pipelines and cloud environments to ensure the integrity of the software supply chain.

The tool distinguishes itself through a modular, plugin-based architecture that allows for the independent inspection of diverse targets. It utilizes a declarative policy engine to evaluate configurations against compliance standards and relies on a remote, periodically updated vulnerability database to maintain current detection logic without requiring binary updates. By employing static analysis pattern matching, it maps disparate scan results into a unified output schema for consistent reporting.

Beyond its core scanning capabilities, the project supports cloud infrastructure auditing and deep inspection of local and remote environments. It is distributed as a single cross-platform executable, and comprehensive configuration and usage details are available in the project's official user guide.

## Tags

### Security & Cryptography

- [Container Security Scanners](https://awesome-repositories.com/f/security-cryptography/container-security-scanners.md) — Identifies vulnerabilities and misconfigurations in container images for secure deployment.
- [Vulnerability Scanners](https://awesome-repositories.com/f/security-cryptography/vulnerability-scanners.md) — Identifies known software vulnerabilities and misconfigurations within container images, file systems, and infrastructure files.
- [Infrastructure as Code Scanners](https://awesome-repositories.com/f/security-cryptography/infrastructure-as-code-scanners.md) — Detects security risks and policy violations in configuration files like Terraform or Kubernetes manifests.
- [Infrastructure Security Scanners](https://awesome-repositories.com/f/security-cryptography/infrastructure-security-scanners.md) — Evaluates cloud configurations and infrastructure templates against security best practices.
- [Pipeline Security Tools](https://awesome-repositories.com/f/security-cryptography/pipeline-security-tools.md) — Automates security checks within development pipelines to prevent vulnerable code from reaching production.
- [Software Composition Analysis Tools](https://awesome-repositories.com/f/security-cryptography/software-composition-analysis-tools.md) — Detects open source dependencies and licenses to manage supply chain risks.
- [Supply Chain Security Tools](https://awesome-repositories.com/f/security-cryptography/supply-chain-security-tools.md) — Analyzes application dependencies and build artifacts to detect vulnerabilities.
- [Cloud Auditing Tools](https://awesome-repositories.com/f/security-cryptography/cloud-auditing-tools.md) — Assesses cloud platform configurations against security best practices to identify exposure.
- [Policy Enforcement Engines](https://awesome-repositories.com/f/security-cryptography/policy-enforcement-engines.md) — Evaluates infrastructure configurations against predefined compliance standards using declarative rules.
- [Static Analysis Signatures](https://awesome-repositories.com/f/security-cryptography/static-analysis-signatures.md) — Identifies vulnerabilities by comparing artifacts against a versioned database of security signatures.
- [Vulnerability Intelligence Feeds](https://awesome-repositories.com/f/security-cryptography/vulnerability-intelligence-feeds.md) — Fetches security intelligence from remote databases to maintain current detection logic.
- [Security Scanner Plugins](https://awesome-repositories.com/f/security-cryptography/security-scanner-plugins.md) — Uses a modular architecture to inspect diverse targets like containers and filesystems.

### Part of an Awesome List

- [Container Management](https://awesome-repositories.com/f/awesome-lists/devops/container-management.md) — Vulnerability scanner for container images and filesystems.
- [Container Security](https://awesome-repositories.com/f/awesome-lists/devops/container-security.md) — Comprehensive vulnerability scanner for container images.
- [DevOps Security](https://awesome-repositories.com/f/awesome-lists/devops/devops-security.md) — Vulnerability scanner for containers and software artifacts.
- [DevSecOps And Hardening](https://awesome-repositories.com/f/awesome-lists/devops/devsecops-and-hardening.md) — Scans containers and artifacts for vulnerabilities in CI pipelines.
- [IaC Security](https://awesome-repositories.com/f/awesome-lists/devops/iac-security.md) — Scanner for infrastructure-as-code vulnerabilities.
- [Infrastructure as Code Analysis](https://awesome-repositories.com/f/awesome-lists/devops/infrastructure-as-code-analysis.md) — Comprehensive vulnerability scanner for container environments.
- [Security and Vulnerability Scanning](https://awesome-repositories.com/f/awesome-lists/devops/security-and-vulnerability-scanning.md) — Comprehensive vulnerability scanner for containers and artifacts.
- [Image Scanning and SBOM](https://awesome-repositories.com/f/awesome-lists/security/image-scanning-and-sbom.md) — Comprehensive vulnerability scanner for containers.
- [Security and Compliance](https://awesome-repositories.com/f/awesome-lists/security/security-and-compliance.md) — Security scanner for containers and artifacts.
- [Security And Privacy](https://awesome-repositories.com/f/awesome-lists/security/security-and-privacy.md) — Vulnerability and secret scanner for containers.
- [Security and Vulnerability Scanning](https://awesome-repositories.com/f/awesome-lists/security/security-and-vulnerability-scanning.md) — Vulnerability scanner for containers and software artifacts.
- [Vulnerability Scanning](https://awesome-repositories.com/f/awesome-lists/security/vulnerability-scanning.md) — Scans containers for vulnerabilities.