Trivy

Features

Container Security Scanners - Identifies vulnerabilities and misconfigurations in container images for secure deployment.
Vulnerability Scanners - Identifies known software vulnerabilities and misconfigurations within container images, file systems, and infrastructure files.
Infrastructure as Code Scanners - Detects security risks and policy violations in configuration files like Terraform or Kubernetes manifests.
Infrastructure Security Scanners - Evaluates cloud configurations and infrastructure templates against security best practices.
Pipeline Security Tools - Automates security checks within development pipelines to prevent vulnerable code from reaching production.
Software Composition Analysis Tools - Detects open source dependencies and licenses to manage supply chain risks.
Supply Chain Security Tools - Analyzes application dependencies and build artifacts to detect vulnerabilities.
Cloud Auditing Tools - Assesses cloud platform configurations against security best practices to identify exposure.
Policy Enforcement Engines - Evaluates infrastructure configurations against predefined compliance standards using declarative rules.
Container Management - Vulnerability scanner for container images and filesystems.
Container Security - Comprehensive vulnerability scanner for container images.
DevOps Security - Vulnerability scanner for containers and software artifacts.
DevSecOps And Hardening - Scans containers and artifacts for vulnerabilities in CI pipelines.
IaC Security - Scanner for infrastructure-as-code vulnerabilities.
Infrastructure as Code Analysis - Comprehensive vulnerability scanner for container environments.
Security and Vulnerability Scanning - Comprehensive vulnerability scanner for containers and artifacts.
Image Scanning and SBOM - Comprehensive vulnerability scanner for containers.
Security and Compliance - Security scanner for containers and artifacts.
Security And Privacy - Vulnerability and secret scanner for containers.
Security and Vulnerability Scanning - Vulnerability scanner for containers and software artifacts.
Vulnerability Scanning - Scans containers for vulnerabilities.
Static Analysis Signatures - Identifies vulnerabilities by comparing artifacts against a versioned database of security signatures.
Vulnerability Intelligence Feeds - Fetches security intelligence from remote databases to maintain current detection logic.
Security Scanner Plugins - Uses a modular architecture to inspect diverse targets like containers and filesystems.

Open-source alternatives to Trivy

Similar open-source projects, ranked by how many features they share with Trivy.

anchore/grype
anchore/grype
12,423View on GitHub
Grype is a command-line security scanner designed to identify known vulnerabilities within container images, filesystems, and software manifests. It functions as a software composition analysis tool that detects security flaws in application components and open-source libraries to support supply chain security. The tool distinguishes itself by reconstructing the final state of container images through layered filesystem inspection and normalizing diverse package formats into a unified dependency graph. It maintains a local cache of security advisories synchronized from multiple upstream sourc
Gocontainer-imagecontainerscyclonedx
View on GitHub12,423
bridgecrewio/checkov
bridgecrewio/checkov
8,798View on GitHub
Checkov is a static analysis tool and security scanner designed to identify misconfigurations in infrastructure as code, container images, and Kubernetes configurations. It functions as a cloud security posture tool, an SCA vulnerability scanner, and a secret scanning utility to prevent security breaches and version control leaks. The project distinguishes itself through deep graph analysis and variable resolution, allowing it to map relationships between interconnected resources and evaluate the final state of infrastructure attributes. It provides extensibility for defining custom security
Python
View on GitHub8,798
quay/clair
quay/clair
11,012View on GitHub
Clair is a container image vulnerability scanner and security analyzer. It performs static analysis of container images by matching package contents against vulnerability databases to identify security risks across different package formats and architectures. The project functions as both an image indexer and a vulnerability database manager. It processes container layers into intermediate representations to enable fast security lookups and synchronizes security metadata from multiple external sources to maintain a local registry. Capability areas include continuous security monitoring, whic
Goclaircontainersdocker
View on GitHub11,012
docker/docker-bench-security
docker/docker-bench-security
9,655View on GitHub
This project is a security compliance tool and configuration auditor designed to evaluate Docker deployments against industry security benchmarks. It functions as a script-based scanner that identifies misconfigurations and vulnerabilities within both the host operating system and container settings. The tool specifically implements the Center for Internet Security standards for Docker to verify host and container configurations. It enables a hardening workflow by comparing system states against these standards to identify security gaps and document compliance status. The audit engine suppor
Shell
View on GitHub9,655

See all 30 alternatives to Trivy

aquasecuritytrivy

Features

Open-source alternatives to Trivy

anchore/grype

bridgecrewio/checkov

quay/clair

docker/docker-bench-security

Star history

Open-source alternatives to Trivy

anchore/grype

bridgecrewio/checkov

quay/clair

docker/docker-bench-security