The all-in-one open source security scanner

Use Trivy to find vulnerabilities (CVE) & misconfigurations (IaC) across code repositories, binary artifacts, container images, Kubernetes clusters, and more. All in one tool!

Get started Read the Docs

It's all about the community!

Trivy is praised by professionals worldwide. Are you a Trivy fan as well? We'd love to hear from you!

Share your story Discuss on GitHub

Sam White, GitLab

Case Study

"Trivy was a clear leader in the market as far as features, functionality, and capabilities"

Ariadne Conill, Alpine Security

@ariadneconill

...the tl;dr is basically Aqua's Trivy is the best one, all of the other ones are a waste of time

Harbor Team

Harbor blog

"Trivy takes container image scanning to higher levels of usability and performance."

Milind Gadre, Mirantis

Mirantis

"After evaluating several leading options for open source vulnerability scanning, Trivy really stood out"

Jerry Gambli

@JGamblin

The way the @AquaSecTeam team has turned Trivy into the best open-source vulnerability scanner in such a short time is really amazing.

Yaney

y4ney

"Trivy is, by far, the best open-source tool for cloud-native security that I have ever used"

Ulises Galeano, MasterCard

ulises-galeano

"This tool just keeps getting better and better..."

Damian Naprawa

@DamianNaprawa

"So happy to see collaboration between @Azure and @AquaSecTeam on scanning container images in Azure Container Registry CI/CD workflows using such a great tool - Trivy."

Mustafa Akin, Resmo

mustafaakin

"I love how Trivy democratized dependency scanning to the masses as a free and extremely easy to use tool, with also a permissive license. This used to be a gated community with predatory security vendors charging premium, and they were not half as good as Trivy."

dynaptik, Deutsche Bahn

@dynaptik

"Trivy easily for what it brings to the table (secret scanning, vuln scan, license check) and little effort required. Bang for the buck it's pretty amazing"

Cristiano Corrado, Wise

wise-engineering

"The discovery process led us to evaluate multiple open-source tools ... The final decision was to use Trivy"

Saim Safdar

@cloudnativeboy

"my favorite @Docker extension. (Trivy)"

Jonathan Gonzalez V., CloudNativePG

@sxd

"Thanks @AquaSecTeam for creating Trivy and help us to improve @CloudNativePg security"

Andy Roberts, Vista

@andyr8939

"I've tried a few and all have pros/cons but I found that Trivy is the best of them"

Ali Faraj, Antigen Security

@andyr8939

"Trivy from Aqua Security is my new favorite tool... It's such a powerful tool with the ability to generate SBOMs, find vulnerabilities, misconfigurations, and secrets!"