trivy
by
aquasecurity

Description: Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

View on GitHub ↗

Summary Information

Updated 1 hour ago
Added to GitGenius on May 26th, 2022
Created on April 11th, 2019
Open Issues & Pull Requests: 230 (+0)
Number of forks: 531
Total Stargazers: 36,866 (+0)
Total Subscribers: 217 (+0)

Issue Activity (beta)

Open issues: 115
New in 7 days: 3
Closed in 7 days: 3
Avg open age: 786 days
Stale 30+ days: 107
Stale 90+ days: 99

Recent activity

Opened in 7 days: 3
Closed in 7 days: 3
Comments in 7 days: 3
Events in 7 days: 6

Top labels

  • kind/bug (613)
  • kind/feature (445)
  • scan/misconfiguration (269)
  • triage/support (172)
  • lifecycle/stale (151)
  • priority/backlog (99)
  • target/kubernetes (82)
  • scan/vulnerability (80)

Repository Insights (GitGenius)

Median issue/PR response: 0.0 hours
Mean response time: 206.4 days
90th percentile: 772.5 days
Tracked items: 779

Most active contributors

Detailed Description

Trivy is a comprehensive security scanner developed by Aqua Security that identifies vulnerabilities, misconfigurations, secrets, and software bill of materials across multiple target environments. Written in Go, the tool supports scanning container images, filesystems, Git repositories, virtual machine images, and Kubernetes clusters. Within each target, Trivy can detect OS packages and software dependencies, known vulnerabilities identified by CVE databases, infrastructure-as-code issues and misconfigurations, sensitive information and secrets, and software licenses. The scanner covers most popular programming languages, operating systems, and platforms according to its documented scanning coverage.

The repository demonstrates substantial community engagement and active maintenance. GitGenius tracking data shows a median issue and pull request response latency of 0.0 hours, indicating rapid triage and response cycles, though the mean latency of 4953.7 hours reflects some longer-running discussions across 779 tracked items. The most frequently labeled issues fall into three categories: kind/bug with 345 occurrences, kind/feature with 230 occurrences, and scan/misconfiguration with 205 occurrences. The core maintenance team includes DmitriyLewen with 773 tracked events, knqyf263 with 651 events, and nikpivkin with 650 events, indicating consistent leadership and contribution patterns.

Trivy is distributed through multiple channels including Homebrew, Docker Hub, and direct binary downloads from the GitHub releases page. The project maintains canary builds generated with every push to the main branch, available through Docker Hub, GitHub Container Registry, and Amazon ECR, though these are explicitly noted as potentially containing critical bugs and unsuitable for production use. The tool integrates with popular development platforms including GitHub Actions, a Kubernetes operator for automated scanning, and a VS Code plugin extension, with additional ecosystem integrations documented on the project's website.

The repository's classification spans multiple security and DevOps domains including static analysis, CI/CD integration, dependency checking, Kubernetes support, container security, and compliance validation. This broad categorization reflects Trivy's positioning as a multi-purpose security scanner rather than a single-purpose tool. The project's connection to other repositories through overlapping contributors includes github/gh-aw, solo-io/gloo, and microsoft/vscode, suggesting integration points and shared development practices across the security tooling ecosystem.

The project documentation is centralized at trivy.dev with comprehensive guides covering installation, usage, and integration patterns. Aqua Security positions Trivy as the foundation for its broader Aqua security management platform, with commercial offerings building enhanced capabilities on top of the open source scanner. The project maintains active community engagement through GitHub Discussions and enforces a code of conduct for all interactions.

trivy
by
aquasecurityaquasecurity/trivy

Repository Details

Fetching additional details & charts...