trivy
https://github.com/aquasecurity/trivy
Go
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
Triage Issues!
When you volunteer to triage issues, you'll receive an email each day with a link to an open issue that needs help in this project. You'll also receive instructions on how to triage issues.
Triage Docs!
Receive a documented method or class from your favorite GitHub repos in your inbox every day. If you're really pro, receive undocumented methods or classes and supercharge your commit history.
Go not yet supported3 Subscribers
Add a CodeTriage badge to trivy
Help out
- Issues
- tag trivy-db image with timestamp
- tar archive may not be scanned depending on how it was created
- Analyzer support for git-based dependencies
- k8s: should trivy k8s --components=workload return rbac
- Support for CRI-O
- Trivy SBOM should take precedence in Rekor attestations
- Scan manifest for self-packaged software
- compress(bzip2) scan result output(json) and encode (base64) it
- Use zstd to compress DB files
- test(integration): add cases for Terraform and CloudFormation
- Docs
- Go not yet supported