aquasec/trivy
Trivy is an all-in-one, cloud native security scanner
50M+
Trivy scans code projects and build artifacts for security issues such as vulnerabilities, IaC misconfigurations, secrets, and more.
It's recommended to read this within the Trivy documentation: Trivy Quickstart
Scan a container image for vulnerabilities:
docker run aquasec/trivy image python:3.4-alpine
Scan a local directory for IaC misconfigurations:
docker run -v $PWD:/myapp aquasec/trivy config /myapp
Generate SBOM:
docker run aquasec/trivy sbom alpine:3.15
In order reuse previously dowloaded vulnerability database, and pulled layers, you should mount the cache directory from the host, for example by adding the following to the docker tun command: -v [YOUR_CACHE_DIR]:/root/.cache/
. Also consider mounting the Docker socket, for example: -v /var/run/docker.sock:/var/run/docker.sock
Trivy is licensed under Apache 2.0.
docker pull aquasec/trivy