trivy

Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues.

TLDR

Scan an image

$ trivy image [image:tag]
copy

Scan the filesystem for vulnerabilities and misconfigurations

$ trivy fs --security-checks [vuln,config] [path/to/project_directory]
copy

Scan a directory for misconfigurations

$ trivy config [path/to/iac_directory]
copy

Generate output with a SARIF template

$ trivy image --format [template] --template ["@sarif.tpl"] -o [path/to/report.sarif] [image:tag]
copy

Copied to clipboard
Coindodo