What is Trivy?
An open-source security scanner for container images, filesystems, and IaC configurations.
Trivy is an open-source vulnerability scanner by Aqua Security. It scans container images, filesystems, Git repositories, and IaC files (Terraform, Kubernetes manifests) for vulnerabilities (CVEs), misconfigurations, secrets, and license compliance issues. Trivy is fast, accurate, and easy to integrate into CI/CD pipelines. It's commonly used as a gate: fail the pipeline if HIGH or CRITICAL vulnerabilities are found in the Docker image before pushing to a registry.
Deep Dive Guide
docker security best practices
Free Tool
dockerfile linter
Related Terms
More Security Terms
DevSecOps
Integrating security practices into every stage of the DevOps pipeline.
Falco
A runtime security tool that detects anomalous behavior in containers using eBPF/syscalls.
JWT (JSON Web Token)
A compact, self-contained token format for transmitting claims between parties.
mTLS (Mutual TLS)
Two-way TLS authentication where both client and server verify each other's certificates.
OAuth2
An authorization framework allowing third-party apps limited access to user accounts.
OIDC (OpenID Connect)
An identity layer on top of OAuth2 that provides user authentication.
Test your knowledge of Trivy and 130 other DevOps concepts