Trivy
Trivy is a comprehensive and versatile security scanner. Trivy has scanners that look for security issues, and targets where it can find those issues.
Targets (what Trivy can scan):
- Container Image
- Filesystem
- Git Repository (remote)
- Virtual Machine Image
- Kubernetes
Scanners (what Trivy can find there):
- OS packages and software dependencies in use (SBOM)
- Known vulnerabilities (CVEs)
- IaC issues and misconfigurations
- Sensitive information and secrets
- Software licenses
Trivy also has a kubernetes operator.
Usage
Usage: trivy [command] [options]
Commands:
config: Scan config files for misconfigurationsfilesystem: Scan local filesystemimage: Scan a container imagekubernetes: Scan kubernetes clusterrepository: Scan a repositoryrootfs: Scan rootfssbom: Scan SBOM for vulnerabilities and licensesvm: Scan a virtual machine image