Aqua Trivy: Vulnerability and Misconfiguration Scanning

Shift left using Aqua Trivy, the fastest way for DevOps and security teams to get started with vulnerability and infrastructure as code (IaC) scanning.

Start Now
Get started fast
Popular default scanner
Ecosystem integrations
Start scanning quickly
With Aqua Trivy, DevOps teams can get set up and start scanning as fast as development requires. No database dependencies or middleware are required, and integration into the CI/CD pipeline is a simple binary installation.
The open source default scanner of choice
Those who are just beginning with cloud native security can be confident in choosing Aqua Trivy, based on the extensive range of public testimonials and its wide use as a default scanner.
Security with the least friction
Reduce management overhead and minimize friction with security by working with Aqua Trivy as an integrated experience in your current tech stack. Benefit from regular contributions and integration feature requests.

Quickly add vulnerability and IaC scanning capabilities

Deployment and integration into the CI/CD pipeline is as simple as installing the binary and specifying a target. Aqua Trivy has a compact database, with auto-update capabilities that do not require middleware or database dependencies. Scanning takes seconds, and critical CVEs can be filtered directly in the command line.

Ecosystem compatibility

View results directly in the GitHub UI via the GitHub Action or in your favorite Kubernetes dashboard using Aqua Starboard. Export results to external user interfaces in various formats, such as JUnit XML, SARIF, and AWS Security Finding Format (ASFF). Use a Helm chart to install Aqua Trivy into a Kubernetes cluster, or scan images in Harbor with the plug-in adapter.

Broad & accurate coverage

Gain comprehensive visibility across operating system packages and programming language packages, with detailed vulnerability information available at the Aqua Vulnerability Database. See results for fixed and unfixed vulnerabilities, and achieve low false positives for historically difficult operating systems such as Alpine Linux and RHEL/CentOS. 

Environment versatility

Scan for private and public registries, local filesystems, and container formats such as tar archivesPodman and Git repositories. Achieve functionality for a variety of execution environments, such as Linux, macOS, FreeBSD, and OpenBSD, with the option to support air-gapped environments as well as distroless images. 

Open source scanner

Aqua Trivy is the default scanner of choice for DevOps and security teams across many popular projects and companies. Users benefit from regular, quality contributions and innovative feature requests. Aqua Trivy is the default scanner for GitLab’s Container Scanning functionality, Artifact Hub and Harbor. Aqua Trivy is also a RedHat certified scanner.