Back to Agent Skills
Security & Quality
Trivy Container Security Scanning
Scan container images, filesystems, and IaC for vulnerabilities and misconfigurations with Trivy.
Claude Code Cursor Copilot
Overview
Trivy is a comprehensive security scanner by Aqua Security that detects vulnerabilities in container images, filesystems, Git repositories, and Infrastructure as Code configurations. It scans OS packages (Alpine, Debian, Ubuntu, RHEL) and application dependencies (npm, pip, Go, Rust, Java) against multiple vulnerability databases including NVD, GitHub Advisory Database, and vendor-specific databases.
Beyond vulnerability scanning, Trivy detects misconfigurations in Dockerfiles, Kubernetes manifests, Terraform, CloudFormation, and Helm charts. It also includes a secret scanner that finds exposed credentials, API keys, and tokens in codebases and container images. The SBOM (Software Bill of Materials) generation feature produces CycloneDX and SPDX output for compliance requirements.
Trivy is designed for CI/CD integration with zero configuration needed — it downloads vulnerability databases automatically on first run. It supports multiple output formats (table, JSON, SARIF, GitHub template) and can be configured with a trivy.yaml file for custom severity thresholds and ignore rules. The tool runs as a single binary with no external dependencies, making it easy to integrate into any pipeline.
Beyond vulnerability scanning, Trivy detects misconfigurations in Dockerfiles, Kubernetes manifests, Terraform, CloudFormation, and Helm charts. It also includes a secret scanner that finds exposed credentials, API keys, and tokens in codebases and container images. The SBOM (Software Bill of Materials) generation feature produces CycloneDX and SPDX output for compliance requirements.
Trivy is designed for CI/CD integration with zero configuration needed — it downloads vulnerability databases automatically on first run. It supports multiple output formats (table, JSON, SARIF, GitHub template) and can be configured with a trivy.yaml file for custom severity thresholds and ignore rules. The tool runs as a single binary with no external dependencies, making it easy to integrate into any pipeline.
Who Is This For?
- Scan Docker images for OS and application vulnerabilities
- Check Terraform and Kubernetes configs for misconfigurations
- Detect hardcoded secrets in codebases and container images
- Generate SBOM reports for compliance and audit requirements
Installation
Setup for Claude Code
brew install trivyConfiguration
# Scan a container image
# trivy image myapp:latest
# Scan filesystem
# trivy fs --severity HIGH,CRITICAL .
# Scan IaC
# trivy config ./terraform/
# trivy.yaml
severity:
- HIGH
- CRITICAL
ignorefile: .trivyignore
format: tableExplore AI Tools
Discover the best AI tools that complement your skills
Read AI & Design Articles
Tips and trends in the world of design and AI
Related Skills
Security & Quality
Snyk Security Scan
Detect vulnerabilities in your dependencies and application code. Get actionable remediation advice and automatic fix pull requests.
Claude Code Codex Copilot
Security & Quality SonarQube Code Quality
Run continuous code quality and security analysis to catch bugs, code smells, and vulnerabilities before they reach production.
Claude Code Codex Copilot
Security & Quality OWASP ZAP Security Testing
Perform automated web application security testing to find common vulnerabilities like XSS, injection flaws, and misconfigurations.
Claude Code Codex