Docker - Vulnerability Scanning Tools - Trivy

Trivy is open source, and scans images for vulnerabilities in OS packages and application dependencies, helping identify security risks before deployment.

Trivy is lightweight, fast, and can output results in various formats like table, JSON, and Markdown for easy integration into security workflows.

Usage

trivy image <image-name>

NOTE: Replace <image-name> with the name of the Docker image.

Trivy will analyze the image layers for known vulnerabilities.

Installation

docker run aquasec/trivy

References

https://trivy.dev/latest/

https://trivy.dev/latest/getting-started/

Wiki

Table of Contents

Docker - Vulnerability Scanning Tools - Trivy

Usage

Installation

References