EN
ENNA

Trivy

Apache-2.0

Vulnerability Scanning · Go

Trivy is a comprehensive vulnerability scanner capable of analyzing containers, filesystems, git repositories, and Kubernetes configurations. It generates Software Bill of Materials (SBOM) and identifies vulnerabilities by matching known CVEs against the scanned components. Designed for ease of use, Trivy integrates seamlessly into CI/CD pipelines, enabling continuous security assessments. Its broad coverage and support for multiple formats make it a versatile tool for maintaining security across diverse environments.

34.4kstars
236forks
247issues
Updated 3d ago
View on GitHubOfficial Website

Tags

container-securitysbomvulnerability-scanneriac-scanningcontainersdevsecopsdockergogolanghacktoberfestiacinfrastructure-as-codekubernetesmisconfigurationsecuritysecurity-toolsvulnerabilityvulnerability-detectionvulnerability-scanners

Details

Category
Vulnerability Scanning
Language
Go
License
Apache-2.0
Platforms
🐧linux🍎macos🪟windows

Links

GitHub Repository

github.com/aquasecurity/trivy

Official Website

trivy.dev

Releases

github.com/aquasecurity/trivy/releases

Issues

github.com/aquasecurity/trivy/issues

Sponsored

Your ad here

Reach security professionals and developers — ads@en-na.com

More in Vulnerability Scanning

Nuclei

Go

Fast vulnerability scanner driven by YAML templates. Thousands of community-contributed detection templates.

template-basedcvemisconfig

sqlmap

Python

Automatic SQL injection and database takeover tool. Detects and exploits SQL injection flaws.

sql-injectiondatabaseautomated

WPScan

Ruby

WordPress security scanner. Enumerates plugins, themes, users, and checks for known vulnerabilities.

wordpressplugin-enumcve

OpenVAS

C

Full-featured vulnerability scanner. 50,000+ NVTs, credentialed scanning, compliance checks.

enterprisenvtcompliance

XSStrike

Python

Advanced XSS detection suite. Fuzzing engine, context analysis, and WAF detection/bypass capabilities.

xsswaf-bypassfuzzing

Commix

Python

Automated OS command injection exploitation tool. Tests web apps for command injection vulnerabilities.

command-injectionautomatedweb-app