Trivy
Trivy is a comprehensive and versatile security scanner. Trivy has scanners that look for security issues, and targets where it can find those issues.
Targets (what Trivy can scan):
- Container Image
- Filesystem
- Git Repository (remote)
- Virtual Machine Image
- Kubernetes
Scanners (what Trivy can find there):
- OS packages and software dependencies in use (SBOM)
- Known vulnerabilities (CVEs)
- IaC issues and misconfigurations
- Sensitive information and secrets
- Software licenses
Trivy supports most popular programming languages, operating systems, and platforms. For a complete list, see the Scanning Coverage page.
Installation Instructions
Linux
Depends on:
docker-credential-helpers
Linux
Depends on:
docker-credential-helpers Download Artefact
{
"url": "{{ .SVar `.tool.trivy.download.url` }}",
"destination_folder": "{{ .PDownloads }}",
"output_filename": "{{ .SVar `.tool.trivy.download.filename` }}",
"overwrite": false
}Extract Release
{
"destination": "{{ .PTools }}/trivy/{{ .SVar `.tool.trivy.download.version` }}",
"skip_symlinks": true,
"preserve_permissions": true,
"remove_existing": true,
"source": "{{ .PDownloads }}/{{ .SVar `.tool.trivy.download.filename` }}"
}Make sure artefact is executable
{
"path": "{{ .PTools }}/trivy/{{ .SVar `.tool.trivy.download.version` }}/trivy",
"permission_bits": 504
}
MacOS
Depends on:
docker-credential-helpers
MacOS
Depends on:
docker-credential-helpers Download Artefact
{
"url": "{{ .SVar `.tool.trivy.download.url` }}",
"destination_folder": "{{ .PDownloads }}",
"output_filename": "{{ .SVar `.tool.trivy.download.filename` }}",
"overwrite": false
}Extract Release
{
"destination": "{{ .PTools }}/trivy/{{ .SVar `.tool.trivy.download.version` }}",
"skip_symlinks": true,
"preserve_permissions": true,
"remove_existing": true,
"source": "{{ .PDownloads }}/{{ .SVar `.tool.trivy.download.filename` }}"
}Make sure artefact is executable
{
"path": "{{ .PTools }}/trivy/{{ .SVar `.tool.trivy.download.version` }}/trivy",
"permission_bits": 504
}Binaries
- trivy