OpenSource-Hub
T

trivy

SHA-256
35.5k stars·Developer Tools·SHA-256 checksum verified

Trivy is a comprehensive open-source security scanner that finds vulnerabilities, misconfigurations, secrets, and SBOMs across containers, Kubernetes, code repos, clouds, and VMs.

Smart Download

Download Download Version

v0.71.0 · 50.1 MB

One command to find vulnerabilities, misconfigs, and secrets in containers, K8s, code, and clouds.

Core Features

  • Scans container images, filesystems, Git repos, VMs, and Kubernetes clusters
  • Four scanners in one: vulnerability, misconfiguration, secret, and license compliance
  • Integrates with GitHub Actions, VS Code, Kubernetes Operator, and CI/CD pipelines
  • Generates SBOM (Software Bill of Materials) with multiple output formats
  • Actively maintained with 35K+ GitHub stars and a large community

What It Can't Do

  • Canary builds may contain critical bugs and are not recommended for production. For large images or repositories, enable caching (--cache-dir) to avoid re-downloading data. Some languages (e.g., Java) require extra dependency resolution setup for accurate vulnerability detection.

Use Cases

  • Automated security scanning in CI/CD pipelines for container images and source code
  • Kubernetes cluster configuration auditing and secret leak detection

Detailed Introduction

Trivy is a versatile and all-in-one security scanner by Aqua Security. It supports multiple targets (container images, filesystems, Git repos, virtual machines, Kubernetes) and multiple scanners (OS packages, software dependencies, known CVEs, IaC misconfigurations, secrets, software licenses). Unlike many tools that focus on only one type of scan (e.g., Clair for containers or Gitleaks for secrets), Trivy combines vulnerability detection, configuration auditing, secret scanning, and license compliance in a single binary. It works with most popular languages and platforms, integrates with GitHub Actions, VS Code, and Kubernetes operators, and is fully open-source under Apache-2.0.

Tags

securityvulnerability-scannercontainer-securitykubernetesdevsecops

Getting Started

1

Download installer

Click the button above to download the installer for your system

Linux· 50.1 MBmacOS· 48.8 MBWindows· 49 MB
2

Install the software

Install the appropriate package for your distro (dpkg / rpm / AppImage)

3

Install via Homebrew: brew install trivy

4

Run with Docker: docker run aquasec/trivy image python:3.4-alpine

5

Download the binary for your OS from GitHub Releases

Install Guide
  1. Install via Homebrew: brew install trivy
  2. Run with Docker: docker run aquasec/trivy image python:3.4-alpine
  3. Download the binary for your OS from GitHub Releases
File Integrity

SHA-256 checksum verified

Checksum extracted from GitHub official Release page

SHA256 Checksum

382250158fb9431ff9b87904205027b066a544234b8952b2dd764bd712d55387

This checksum is extracted from the GitHub Release page. Verify file integrity after download.

All SHA-256 checksums on this platform are extracted from the project's official GitHub Release page, without any modification. You can independently verify them on the GitHub Releases page.

Open Source Transparency

View GitHub Source
Environment Guide

Uninstall Info

Uninstall via Homebrew: brew uninstall trivy. For Docker, delete the image. For manual install, remove the binary file.

No Extra Dependencies

Ready to use after download. No additional runtime required.

Project Info
LicenseApache-2.0
Last Updated2026-06-04T06:53:22Z
GitHub RepositoryOfficial Website

Similar Projects

T

traefik

Traefik is a modern HTTP reverse proxy and load balancer that makes deploying microservices easy.

V

Visual Studio Code (Code - OSS)

A free, open-source code editor by Microsoft with rich extensions, debugging, and Git integration. The most popular developer tool worldwide.

S

scrcpy

Display and control your Android device from your computer via USB or TCP/IP. No root required, high performance, low latency, supports audio and video mirroring.