[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-1658":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":16,"subscribersCount":16,"size":16,"stars1d":17,"stars7d":18,"stars30d":19,"stars90d":16,"forks30d":16,"starsTrendScore":20,"compositeScore":21,"rankGlobal":10,"rankLanguage":10,"license":22,"archived":23,"fork":23,"defaultBranch":24,"hasWiki":23,"hasPages":25,"topics":26,"createdAt":10,"pushedAt":10,"updatedAt":42,"readmeContent":43,"aiSummary":44,"trendingCount":16,"starSnapshotCount":16,"syncStatus":45,"lastSyncTime":46,"discoverSource":47},1658,"trivy","aquasecurity\u002Ftrivy","aquasecurity","Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more","https:\u002F\u002Ftrivy.dev",null,"Go",36315,468,213,167,0,42,705,1372,241,118.01,"Apache License 2.0",false,"main",true,[27,28,29,30,31,32,33,34,35,36,37,38,39,40,41],"containers","devsecops","docker","go","golang","hacktoberfest","iac","infrastructure-as-code","kubernetes","misconfiguration","security","security-tools","vulnerability","vulnerability-detection","vulnerability-scanners","2026-06-12 04:00:10","\u003Cdiv align=\"center\">\n\u003Cimg src=\"docs\u002Fimgs\u002Flogo.png\" width=\"200\">\n\n[![GitHub Release][release-img]][release]\n[![Test][test-img]][test]\n[![Go Report Card][go-report-img]][go-report]\n[![License: Apache-2.0][license-img]][license]\n[![GitHub Downloads][github-downloads-img]][release]\n![Docker Pulls][docker-pulls]\n\n[📖 Documentation][docs]\n\u003C\u002Fdiv>\n\nTrivy ([pronunciation][pronunciation]) is a comprehensive and versatile security scanner.\nTrivy has *scanners* that look for security issues, and *targets* where it can find those issues.\n\nTargets (what Trivy can scan):\n\n- Container Image\n- Filesystem\n- Git Repository (remote)\n- Virtual Machine Image\n- Kubernetes\n\nScanners (what Trivy can find there):\n\n- OS packages and software dependencies in use (SBOM)\n- Known vulnerabilities (CVEs)\n- IaC issues and misconfigurations\n- Sensitive information and secrets\n- Software licenses\n\nTrivy supports most popular programming languages, operating systems, and platforms. For a complete list, see the [Scanning Coverage] page.\n\nTo learn more, go to the [Trivy homepage][homepage] for feature highlights, or to the [Documentation site][docs] for detailed information.\n\n## Quick Start\n\n### Get Trivy\n\nTrivy is available in most common distribution channels. The full list of installation options is available in the [Installation] page. Here are a few popular examples:\n\n- `brew install trivy`\n- `docker run aquasec\u002Ftrivy`\n- Download binary from \u003Chttps:\u002F\u002Fgithub.com\u002Faquasecurity\u002Ftrivy\u002Freleases\u002Flatest\u002F>\n- See [Installation] for more\n\nTrivy is integrated with many popular platforms and applications. The complete list of integrations is available in the [Ecosystem] page. Here are a few popular examples:\n\n- [GitHub Actions](https:\u002F\u002Fgithub.com\u002Faquasecurity\u002Ftrivy-action)\n- [Kubernetes operator](https:\u002F\u002Fgithub.com\u002Faquasecurity\u002Ftrivy-operator)\n- [VS Code plugin](https:\u002F\u002Fgithub.com\u002Faquasecurity\u002Ftrivy-vscode-extension)\n- See [Ecosystem] for more\n\n### Canary builds\nThere are canary builds ([Docker Hub](https:\u002F\u002Fhub.docker.com\u002Fr\u002Faquasec\u002Ftrivy\u002Ftags?page=1&name=canary), [GitHub](https:\u002F\u002Fgithub.com\u002Faquasecurity\u002Ftrivy\u002Fpkgs\u002Fcontainer\u002Ftrivy\u002F75776514?tag=canary), [ECR](https:\u002F\u002Fgallery.ecr.aws\u002Faquasecurity\u002Ftrivy#canary) images and [binaries](https:\u002F\u002Fgithub.com\u002Faquasecurity\u002Ftrivy\u002Factions\u002Fworkflows\u002Fcanary.yaml)) generated with every push to the main branch.\n\nPlease be aware: canary builds might have critical bugs, so they are not recommended for use in production.\n\n### General usage\n\n```bash\ntrivy \u003Ctarget> [--scanners \u003Cscanner1,scanner2>] \u003Csubject>\n```\n\nExamples:\n\n```bash\ntrivy image python:3.4-alpine\n```\n\n\u003Cdetails>\n\u003Csummary>Result\u003C\u002Fsummary>\n\nhttps:\u002F\u002Fgithub.com\u002Fuser-attachments\u002Fassets\u002Faf1c11e7-d9c5-48af-8e05-cb34dfd6352a\n\n\u003C\u002Fdetails>\n\n```bash\ntrivy fs --scanners vuln,secret,misconfig myproject\u002F\n```\n\n\u003Cdetails>\n\u003Csummary>Result\u003C\u002Fsummary>\n\nhttps:\u002F\u002Fgithub.com\u002Fuser-attachments\u002Fassets\u002F6b3894b7-77c5-4ffc-ac94-ffe6648a30dc\n\n\u003C\u002Fdetails>\n\n```bash\ntrivy k8s --report summary cluster\n```\n\n\u003Cdetails>\n\u003Csummary>Result\u003C\u002Fsummary>\n\n![k8s summary](docs\u002Fimgs\u002Ftrivy-k8s.png)\n\n\u003C\u002Fdetails>\n\n## FAQ\n\n### How to pronounce the name \"Trivy\"?\n\n`tri` is pronounced like **tri**gger, `vy` is pronounced like en**vy**.\n\n## Want more? Check out Aqua\n\nIf you liked Trivy, you will love Aqua which builds on top of Trivy to provide even more enhanced capabilities for a complete security management offering.  \nYou can find a high level comparison table specific to Trivy users [here](https:\u002F\u002Ftrivy.dev\u002Fdocs\u002Flatest\u002Fcommercial\u002Fcompare\u002F).\nIn addition check out the \u003Chttps:\u002F\u002Faquasec.com> website for more information about our products and services.\nIf you'd like to contact Aqua or request a demo, please use this form: \u003Chttps:\u002F\u002Fwww.aquasec.com\u002Fdemo>\n\n## Community\n\nTrivy is an [Aqua Security][aquasec] open source project.  \nLearn about our open source work and portfolio [here][oss].  \nContact us about any matter by opening a GitHub Discussion [here][discussions]\n\nPlease ensure to abide by our [Code of Conduct][code-of-conduct] during all interactions.\n\n[test]: https:\u002F\u002Fgithub.com\u002Faquasecurity\u002Ftrivy\u002Factions\u002Fworkflows\u002Ftest.yaml\n[test-img]: https:\u002F\u002Fgithub.com\u002Faquasecurity\u002Ftrivy\u002Factions\u002Fworkflows\u002Ftest.yaml\u002Fbadge.svg\n[go-report]: https:\u002F\u002Fgoreportcard.com\u002Freport\u002Fgithub.com\u002Faquasecurity\u002Ftrivy\n[go-report-img]: https:\u002F\u002Fgoreportcard.com\u002Fbadge\u002Fgithub.com\u002Faquasecurity\u002Ftrivy\n[release]: https:\u002F\u002Fgithub.com\u002Faquasecurity\u002Ftrivy\u002Freleases\n[release-img]: https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Frelease\u002Faquasecurity\u002Ftrivy.svg?logo=github\n[github-downloads-img]: https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fdownloads\u002Faquasecurity\u002Ftrivy\u002Ftotal?logo=github\n[docker-pulls]: https:\u002F\u002Fimg.shields.io\u002Fdocker\u002Fpulls\u002Faquasec\u002Ftrivy?logo=docker&label=docker%20pulls%20%2F%20trivy\n[license]: https:\u002F\u002Fgithub.com\u002Faquasecurity\u002Ftrivy\u002Fblob\u002Fmain\u002FLICENSE\n[license-img]: https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FLicense-Apache%202.0-blue.svg\n[homepage]: https:\u002F\u002Ftrivy.dev\n[docs]: https:\u002F\u002Ftrivy.dev\u002Fdocs\u002Flatest\u002F\n[pronunciation]: #how-to-pronounce-the-name-trivy\n[code-of-conduct]: https:\u002F\u002Fgithub.com\u002Faquasecurity\u002Fcommunity\u002Fblob\u002Fmain\u002FCODE_OF_CONDUCT.md\n\n[Installation]:https:\u002F\u002Ftrivy.dev\u002Fdocs\u002Flatest\u002Fgetting-started\u002Finstallation\u002F\n[Ecosystem]: https:\u002F\u002Ftrivy.dev\u002Fdocs\u002Flatest\u002Fecosystem\u002F\n[Scanning Coverage]: https:\u002F\u002Ftrivy.dev\u002Fdocs\u002Flatest\u002Fcoverage\u002F\n\n[alpine]: https:\u002F\u002Fariadne.space\u002F2021\u002F06\u002F08\u002Fthe-vulnerability-remediation-lifecycle-of-alpine-containers\u002F\n[rego]: https:\u002F\u002Fwww.openpolicyagent.org\u002Fdocs\u002Flatest\u002F#rego\n[sigstore]: https:\u002F\u002Fwww.sigstore.dev\u002F\n\n[aquasec]: https:\u002F\u002Faquasec.com\n[oss]: https:\u002F\u002Fwww.aquasec.com\u002Fproducts\u002Fopen-source-projects\u002F\n[discussions]: https:\u002F\u002Fgithub.com\u002Faquasecurity\u002Ftrivy\u002Fdiscussions\n","Trivy 是一个全面且多功能的安全扫描工具，能够检测容器、Kubernetes、代码仓库、云环境等中的漏洞、配置错误、敏感信息和软件物料清单。其核心功能包括扫描操作系统包与软件依赖（SBOM）、已知漏洞（CVEs）、基础设施即代码问题及配置错误、敏感信息泄露以及软件许可证问题。Trivy 支持多种主流编程语言、操作系统和平台，特别适合在 DevSecOps 环境中使用，以确保应用程序在整个开发周期内的安全性。此外，它还提供了与 GitHub Actions、Kubernetes Operator 和 VS Code 插件等多种流行平台的集成，方便用户在不同场景下进行安全检查。",2,"2026-06-11 02:45:17","top_all"]