Trivy (pronunciation) is a comprehensive and versatile security scanner. Trivy has scanners that look for security issues, and targets where it can find those issues.
Targets (what Trivy can scan):
Scanners (what Trivy can find there):
Trivy is available in most common distribution channels. The full list of installation options is available in the Installation page. Here are a few popular examples:
brew install trivy
docker run aquasec/trivy
Trivy is integrated with many popular platforms and applications. The complete list of integrations is available in the Ecosystem page. Here are a few popular examples:
trivy <target> [--scanners <scanner1,scanner2>] <subject>
trivy image python:3.4-alpine
trivy fs --scanners vuln,secret,config myproject/
trivy k8s --report summary cluster
tri is pronounced like trigger,
vy is pronounced like envy.