Skip to content

First steps with Trivy

Get Trivy

Trivy is available in most common distribution channels. The complete list of installation options is available in the Installation page. Here are a few popular examples:

Trivy is integrated with many popular platforms and applications. The complete list of integrations is available in the Ecosystem page. Here are a few popular options examples:

General usage

Trivy's Command Line Interface pattern follows its major concepts: targets (what you want to scan), and scanners (what you want to scan for):

trivy <target> [--scanners <scanner1,scanner2>] <subject>

Examples

Scan a container image from registry, with the default scanner which is Vulnerabilities scanner:

trivy image python:3.4-alpine

Scan a local code repository, for vulnerabilities, exposed secrets and misconfigurations:

trivy fs --scanners vuln,secret,misconfig /path/to/myproject

Scan a Kubernetes cluster, with all available scanners, and show a summary report:

trivy k8s --report summary cluster

trivy-k8s

For a more complete introduction, check out the basic Trivy Demo: https://github.com/itaysk/trivy-demo

Learn more

Now that you up and ready, here are some resources to help you deepen your knowledge:

Want more? Check out Aqua

If you liked Trivy, you will love Aqua which builds on top of Trivy to provide even more enhanced capabilities for a complete security management offering.
You can find a high level comparison table specific to Trivy users here.
In addition, check out the https://aquasec.com website for more information about our products and services. If you'd like to contact Aqua or request a demo, please use this form: https://www.aquasec.com/demo