github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/README.md (about) 1 <div align="center"> 2 <img src="docs/imgs/logo.png" width="200"> 3 4 [![GitHub Release][release-img]][release] 5 [![Test][test-img]][test] 6 [![Go Report Card][go-report-img]][go-report] 7 [![License: Apache-2.0][license-img]][license] 8 [![GitHub Downloads][github-downloads-img]][release] 9 ![Docker Pulls][docker-pulls] 10 11 [📖 Documentation][docs] 12 </div> 13 14 Trivy ([pronunciation][pronunciation]) is a comprehensive and versatile security scanner. 15 Trivy has *scanners* that look for security issues, and *targets* where it can find those issues. 16 17 Targets (what Trivy can scan): 18 19 - Container Image 20 - Filesystem 21 - Git Repository (remote) 22 - Virtual Machine Image 23 - Kubernetes 24 - AWS 25 26 Scanners (what Trivy can find there): 27 28 - OS packages and software dependencies in use (SBOM) 29 - Known vulnerabilities (CVEs) 30 - IaC issues and misconfigurations 31 - Sensitive information and secrets 32 - Software licenses 33 34 Trivy supports most popular programming languages, operating systems, and platforms. For a complete list, see the [Scanning Coverage] page. 35 36 To learn more, go to the [Trivy homepage][homepage] for feature highlights, or to the [Documentation site][docs] for detailed information. 37 38 ## Quick Start 39 40 ### Get Trivy 41 42 Trivy is available in most common distribution channels. The full list of installation options is available in the [Installation] page. Here are a few popular examples: 43 44 - `brew install trivy` 45 - `docker run aquasec/trivy` 46 - Download binary from <https://github.com/devseccon/trivy/releases/latest/> 47 - See [Installation] for more 48 49 Trivy is integrated with many popular platforms and applications. The complete list of integrations is available in the [Ecosystem] page. Here are a few popular examples: 50 51 - [GitHub Actions](https://github.com/devseccon/trivy-action) 52 - [Kubernetes operator](https://github.com/devseccon/trivy-operator) 53 - [VS Code plugin](https://github.com/devseccon/trivy-vscode-extension) 54 - See [Ecosystem] for more 55 56 ### Canary builds 57 There are canary builds ([Docker Hub](https://hub.docker.com/r/aquasec/trivy/tags?page=1&name=canary), [GitHub](https://github.com/devseccon/trivy/pkgs/container/trivy/75776514?tag=canary), [ECR](https://gallery.ecr.aws/devseccon/trivy#canary) images and [binaries](https://github.com/devseccon/trivy/actions/workflows/canary.yaml)) as generated every push to main branch. 58 59 Please be aware: canary builds might have critical bugs, it's not recommended for use in production. 60 61 ### General usage 62 63 ```bash 64 trivy <target> [--scanners <scanner1,scanner2>] <subject> 65 ``` 66 67 Examples: 68 69 ```bash 70 trivy image python:3.4-alpine 71 ``` 72 73 <details> 74 <summary>Result</summary> 75 76 https://user-images.githubusercontent.com/1161307/171013513-95f18734-233d-45d3-aaf5-d6aec687db0e.mov 77 78 </details> 79 80 ```bash 81 trivy fs --scanners vuln,secret,misconfig myproject/ 82 ``` 83 84 <details> 85 <summary>Result</summary> 86 87 https://user-images.githubusercontent.com/1161307/171013917-b1f37810-f434-465c-b01a-22de036bd9b3.mov 88 89 </details> 90 91 ```bash 92 trivy k8s --report summary cluster 93 ``` 94 95 <details> 96 <summary>Result</summary> 97 98 ![k8s summary](docs/imgs/trivy-k8s.png) 99 100 </details> 101 102 ## FAQ 103 104 ### How to pronounce the name "Trivy"? 105 106 `tri` is pronounced like **tri**gger, `vy` is pronounced like en**vy**. 107 108 ## Want more? Check out DevSecCon 109 110 If you liked Trivy, you will love DevSecCon which builds on top of Trivy to provide even more enhanced capabilities for a complete security management offering. 111 You can find a high level comparison table specific to Trivy users [here](https://github.com/aquasecurity/resources/blob/main/trivy-aqua.md). 112 In addition check out the <https://aquasec.com> website for more information about our products and services. 113 If you'd like to contact DevSecCon or request a demo, please use this form: <https://www.aquasec.com/demo> 114 115 ## Community 116 117 Trivy is an [DevSecCon Security][aquasec] open source project. 118 Learn about our open source work and portfolio [here][oss]. 119 Contact us about any matter by opening a GitHub Discussion [here][discussions] 120 Join our [Slack community][slack] to stay up to date with community efforts. 121 122 Please ensure to abide by our [Code of Conduct][code-of-conduct] during all interactions. 123 124 [test]: https://github.com/devseccon/trivy/actions/workflows/test.yaml 125 [test-img]: https://github.com/devseccon/trivy/actions/workflows/test.yaml/badge.svg 126 [go-report]: https://goreportcard.com/report/github.com/devseccon/trivy 127 [go-report-img]: https://goreportcard.com/badge/github.com/devseccon/trivy 128 [release]: https://github.com/devseccon/trivy/releases 129 [release-img]: https://img.shields.io/github/release/devseccon/trivy.svg?logo=github 130 [github-downloads-img]: https://img.shields.io/github/downloads/devseccon/trivy/total?logo=github 131 [docker-pulls]: https://img.shields.io/docker/pulls/aquasec/trivy?logo=docker&label=docker%20pulls%20%2F%20trivy 132 [license]: https://github.com/devseccon/trivy/blob/main/LICENSE 133 [license-img]: https://img.shields.io/badge/License-Apache%202.0-blue.svg 134 [homepage]: https://trivy.dev 135 [docs]: https://aquasecurity.github.io/trivy 136 [pronunciation]: #how-to-pronounce-the-name-trivy 137 [slack]: https://slack.aquasec.com 138 [code-of-conduct]: https://github.com/aquasecurity/community/blob/main/CODE_OF_CONDUCT.md 139 140 [Installation]:https://aquasecurity.github.io/trivy/latest/getting-started/installation/ 141 [Ecosystem]: https://aquasecurity.github.io/trivy/latest/ecosystem/ 142 [Scanning Coverage]: https://aquasecurity.github.io/trivy/latest/docs/coverage/ 143 144 [alpine]: https://ariadne.space/2021/06/08/the-vulnerability-remediation-lifecycle-of-alpine-containers/ 145 [rego]: https://www.openpolicyagent.org/docs/latest/#rego 146 [sigstore]: https://www.sigstore.dev/ 147 148 [aquasec]: https://aquasec.com 149 [oss]: https://www.aquasec.com/products/open-source-projects/ 150 [discussions]: https://github.com/devseccon/trivy/discussions