trivy
15 commands
15 shown
Scan filesystem
Scan a local directory for vulnerabilities and misconfigs
trivy fs --severity HIGH,CRITICAL .
Scan k8s cluster
Security audit of the whole cluster: images, configs, RBAC
trivy k8s --report summary cluster
Scan specific namespace
Scan workloads only in a specific namespace
trivy k8s --namespace production --report summary all
Scan Helm chart
Check Helm chart templates for security misconfigurations
trivy config ./my-chart
Scan with JSON output
Machine-readable vulnerability scan results
trivy image --format json -o results.json img:tag
Scan IaC directory
Find misconfigurations in Terraform/Kubernetes/Helm code
trivy config --severity MEDIUM,HIGH,CRITICAL ./terraform
Ignore unfixed CVEs
Skip vulnerabilities that have no fix available yet
trivy image --ignore-unfixed --severity HIGH,CRITICAL img:tag
Update vulnerability DB
Pre-download the latest vulnerability database
trivy image --download-db-only
Scan filesystem
Scan the current directory for vulnerabilities
trivy fs .
Scan Kubernetes cluster
Scan the entire Kubernetes cluster for vulnerabilities and misconfigs
trivy k8s --report summary cluster
Scan with SARIF output
Output scan results in SARIF format for CI/IDE integration
trivy image --format sarif --output results.sarif myimage:tag
Scan config files
Scan IaC config files for misconfigurations
trivy config .
Filter by severity
Show only HIGH and CRITICAL vulnerabilities
trivy image --severity HIGH,CRITICAL myimage:tag
Ignore unfixed vulns
Skip vulnerabilities that have no fix available
trivy image --ignore-unfixed myimage:tag
Scan sbom
Scan a Software Bill of Materials file for vulnerabilities
trivy sbom ./sbom.json
no commands match