trivy
A Simple and Comprehensive Vulnerability Scanner for Containers and other Artifacts, Suitable for CI. Trivy detects vulnerabilities of OS packages (Alpine, RHEL, CentOS, etc.) and application dependencies (Bundler, Composer, npm, yarn, etc.). Checks containers and filesystems.
Github:
- 653265321365702019
Workflow integration:
- cli
https://github.com/aquasecurity/trivy
Apache-2.0 License
Maintained