Anchore
Container security and compliance platform for scanning container images and software supply chains
Open-Source Projects
Discover top open-source software, updated regularly with real-world adoption signals.
Discover top open-source software, updated regularly with real-world adoption signals.
Unified scanner for vulnerabilities, misconfigurations, secrets, and SBOMs
Trivy scans container images, filesystems, Git repos, VM images, and Kubernetes clusters for CVEs, misconfigurations, secrets, licenses, and generates SBOMs, supporting many languages and platforms.
Trivy provides a single‑command interface to detect a wide range of security issues across multiple target types, including container images, local filesystems, remote Git repositories, virtual‑machine images, and Kubernetes clusters. It identifies known CVEs, infrastructure‑as‑code misconfigurations, embedded secrets, and license problems while also producing a software bill of materials (SBOM) for compliance and supply‑chain visibility.
Designed for DevSecOps engineers, developers, and security auditors, Trivy integrates seamlessly into CI/CD pipelines, IDEs, and orchestration platforms. Installation is straightforward via Homebrew, Docker, pre‑built binaries, or source compilation, and the tool runs on all major operating systems. Updates to vulnerability databases are fetched automatically, but cached data enables offline scans after the initial download. The scanner’s fast, single‑pass approach makes it suitable for both local development checks and large‑scale production environments.
When teams consider Trivy, these hosted platforms usually appear on the same shortlist.
Looking for a hosted option? These are the services engineering teams benchmark against before choosing open source.
CI pipeline vulnerability check
Automatically fails builds when new CVEs are found in container images
IaC misconfiguration audit
Identifies insecure Terraform or Kubernetes manifests before deployment
Secret leakage detection in codebase
Finds hard‑coded API keys and passwords in repositories
SBOM generation for compliance
Produces a software bill of materials to satisfy licensing and supply‑chain requirements
Container images, filesystems, remote Git repositories, virtual machine images, and Kubernetes clusters.
Known CVEs, infrastructure‑as‑code misconfigurations, embedded secrets, software licenses, and it can generate an SBOM.
Via Homebrew, Docker image, pre‑built binaries, or from source; see the Installation page.
Yes, it integrates with GitHub Actions, other CI systems, and provides exit codes for automated gating.
Scanning works offline after the vulnerability database is cached, but initial database download and updates require internet.
Project at a glance
ActiveLast synced 4 days ago
