trivy

Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues.

TLDR

Scan an image

$ trivy image [image:tag]
copy


Scan the filesystem for vulnerabilities and misconfigurations
$ trivy fs --security-checks [vuln,config] [path/to/project_directory]
copy


Scan a directory for misconfigurations
$ trivy config [path/to/iac_directory]
copy


Generate output with a SARIF template
$ trivy image --format [template] --template ["@sarif.tpl"] -o [path/to/report.sarif] [image:tag]
copy

Copied to clipboard