Trivy (pronunciation) is a comprehensive and versatile security scanner. Trivy has scanners that look for security issues, and targets where it can find those issues. Targets (what Trivy can scan): Container …

Mar 20, 2026 · Trivy Security incident 2026-03-19 There will be always bypasses, but thanks for the reminder. A risk is something that a security model and risk management covers (severity / potential …

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more - aquasecurity/trivy

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more - aquasecurity/trivy

Jun 3, 2020 · It is possible to define all options in the trivy.yaml file. Specifying individual options via the action are left for backward compatibility purposes. Defining the following is required as they cannot …

Mar 21, 2026 · trivy-action started pinning setup-go with pull request trivy-action#456. If you pinned trivy-action to a commit prior to that PR (merged 2025-04-09), then you would get a safe trivy-action but it …

Trivy is available in most common distribution channels. The complete list of installation options is available in the Installation page. Here are a few popular examples: macOS: brew install trivy …

Trivy (pronunciation) is a comprehensive and versatile security scanner. Trivy has scanners that look for security issues, and targets where it can find those issues. Targets (what Trivy can scan): Container …

The trivy-db CLI tool builds vulnerability DBs. A GitHub Actions workflow periodically builds a fresh version of the vulnerability DB using trivy-db and uploads it to the GitHub Container Registry (see …

The Trivy Operator leverages Trivy to continuously scan your Kubernetes cluster for security issues. The scans are summarised in security reports as Kubernetes Custom Resource Definitions, which …