Overview
trivy¶
Unified security scanner
Synopsis¶
Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues and hard-coded secrets
trivy [global flags] command [flags] target
Examples¶
# Scan a container image
$ trivy image python:3.4-alpine
# Scan a container image from a tar archive
$ trivy image --input ruby-3.1.tar
# Scan local filesystem
$ trivy fs .
# Run in server mode
$ trivy server
Options¶
--cache-dir string cache directory (default "/path/to/cache")
-c, --config string config path (default "trivy.yaml")
-d, --debug debug mode
-f, --format string version format (json)
--generate-default-config write the default config to trivy-default.yaml
-h, --help help for trivy
--insecure allow insecure server connections
-q, --quiet suppress progress bar and log output
--timeout duration timeout (default 5m0s)
-v, --version show version
SEE ALSO¶
- trivy clean - Remove cached files
- trivy config - Scan config files for misconfigurations
- trivy convert - Convert Trivy JSON report into a different format
- trivy filesystem - Scan local filesystem
- trivy image - Scan a container image
- trivy kubernetes - [EXPERIMENTAL] Scan kubernetes cluster
- trivy module - Manage modules
- trivy plugin - Manage plugins
- trivy registry - Manage registry authentication
- trivy repository - Scan a repository
- trivy rootfs - Scan rootfs
- trivy sbom - Scan SBOM for vulnerabilities and licenses
- trivy server - Server mode
- trivy version - Print the version
- trivy vex - [EXPERIMENTAL] VEX utilities
- trivy vm - [EXPERIMENTAL] Scan a virtual machine image