Trivy NSA Kubernetes Hardening: Security Benchmark Checks
Kubernetes security is a moving target, and NSA's hardening guide for Kubernetes provides a set of best practices to secure your cluster.
Trivy Articles
49 articles
Trivy Offline Scanning: Air-Gap Setup Without Internet
Trivy can scan container images and filesystems without an internet connection, a crucial capability for air-gapped environments.
Trivy Output Formats: JSON, SARIF, Table, and Template
Trivy's output formats are less about how Trivy sees the vulnerabilities and more about how it communicates them to other tools and humans.
Trivy Plugin Development: Extend Trivy with Custom Scanners
Trivy Plugin Development: Extend Trivy with Custom Scanners — practical guide covering trivy setup, configuration, and troubleshooting with real-world e...
Trivy PR Gating: Block Merges on High Severity Findings
Trivy PR Gating is the mechanism that prevents code from being merged into your main branch if it introduces new, high-severity security vulnerabilities.
Trivy Python Scanning: pip and pipenv Requirements
Trivy, a security scanner, can analyze your Python project's dependencies for known vulnerabilities. It's particularly adept at parsing requirements
Trivy Rekor Attestation: Verify Build Provenance
The most surprising thing about Trivy's Rekor attestations is that they don't actually prove anything about your build; they simply record a claim about.
Trivy Remediation Priority: Score and Rank Findings
Trivy's remediation priority feature doesn't just tell you what's vulnerable; it helps you cut through the noise by telling you how badly it's vulnerabl.
Trivy HTML Dashboard: Generate Visual Security Reports
Trivy's HTML dashboard transforms raw scan data into an interactive visual report, making it easier to digest and act on security findings.
Trivy VM and Rootfs Scanning: Scan Disk Images
Scanning disk images with Trivy is surprisingly effective because it doesn't need to boot the OS or run any code within the image to find vulnerabilitie.
Trivy Ruby Gems Scanning: Find Vulnerable Gems
Trivy can find vulnerable Ruby gems, but it doesn't actually scan your gem files directly; it scans your dependency lockfiles.
Trivy Rust Cargo Scanning: Audit Crates for CVEs
Trivy Rust Cargo Scanning: Audit Crates for CVEs — Trivy's Rust Cargo scanner doesn't just check your Cargo.lock file; it actually builds your project .
Trivy SBOM Generation: CycloneDX and SPDX Formats
Trivy can generate Software Bill of Materials SBOMs in both CycloneDX and SPDX formats, but its primary strength lies in how it discovers the software i.
Trivy Secret Scanning: Find Credentials in Code and Images
Trivy's secret scanning doesn't just find potential leaks; it actively identifies the precise credential types and their locations, acting as a highly s.
Trivy Server Mode: Centralized Scanning for CI/CD
Trivy server mode doesn't just scan images; it fundamentally redefines how security scanning integrates into your CI/CD pipeline by acting as a persiste.
Trivy Severity Filtering: Focus on High and Critical CVEs
Trivy's default behavior is to report all detected vulnerabilities, but you can, and absolutely should, filter this output to focus on what matters most.
Trivy Supply Chain Security: SBOM and Attestation
Trivy Supply Chain Security: SBOM and Attestation — practical guide covering trivy setup, configuration, and troubleshooting with real-world examples.
Trivy vs Snyk vs Grype: Choose the Right Scanner
Trivy, Snyk, and Grype all find vulnerabilities, but they operate with fundamentally different philosophies about how and where they find them.
Trivy Vulnerability Database Update: Keep Fresh in CI
The Trivy vulnerability database is a critical component for security scanning in CI/CD pipelines, but it's notoriously prone to falling out of date, le.
Trivy WASM Module Scanning: Scan WebAssembly Artifacts
Trivy can scan WebAssembly Wasm modules for vulnerabilities, but it doesn't just look at the Wasm bytecode itself; it analyzes the underlying OS and lib.
Trivy API: Programmatic Vulnerability Scanning
Trivy's API lets you integrate vulnerability scanning directly into your CI/CD pipelines, applications, or custom workflows, treating it as a library ra.
Trivy AWS ECR Scanning: Scan Images Before Pulling
Trivy AWS ECR Scanning: Scan Images Before Pulling. Trivy can scan your AWS ECR images without pulling them down first. Let's see it in action
Trivy Base Image Identification: Find Vulnerable Ancestors
Trivy can identify vulnerabilities in your base image and all its parent layers, not just the immediate image you're scanning.
Trivy CIS Kubernetes Benchmark: Scan Cluster Compliance
The Trivy CIS Kubernetes Benchmark scan doesn't just tell you if your cluster is compliant; it reveals how securely your control plane components are co.
Trivy DevSecOps Workflow: Scan at Every Stage
Trivy can scan container images, filesystems, and Git repositories for vulnerabilities and misconfigurations, and it's designed to be integrated into yo.
Trivy Compliance Scanning: PCI-DSS and HIPAA Checks
Trivy's compliance scanning isn't just about finding vulnerabilities; it's a way to systematically audit your cloud-native artifacts against industry-sp.
Trivy Container Image Scan: Find CVEs Fast
Trivy’s ability to find CVEs in container images isn't just about speed; it's fundamentally about shifting security left by making vulnerability scannin.
Trivy Custom Checks: Write Rego Policies for Your Rules
Trivy's custom checks let you define your own security rules, but the real power comes from understanding how to write those rules in Rego, the policy l.
Trivy Distroless Image Scanning: Find Vulns Without a Shell
Distroless images are a fantastic way to shrink your container attack surface, but they come with a hidden cost: no shell means you can't just exec into.
Trivy Docker Official Images: Audit Base Layer CVEs
Trivy can audit your Docker base image for CVEs, but it might not be showing you the full picture because it only scans the layers Trivy itself is aware.
Trivy False Positive Reduction: Tune for Accurate Results
The most surprising thing about Trivy's "false positives" is that they often aren't false at all, but rather an accurate reflection of vulnerabilities t.
Trivy Filesystem Scan: Find Secrets and Misconfigs in Code
Trivy can find secrets and misconfigurations in your code, but its real magic is how it models your entire filesystem, not just files.
Trivy Getting Started: Install and Run Your First Scan
Trivy can scan your container images for vulnerabilities, misconfigurations, and secrets without needing to download the entire image first.
Trivy in GitHub Actions: Scan and Block Vulnerable Images
Trivy can break your CI/CD pipeline by failing builds when it finds vulnerabilities. The core issue is that Trivy, by default, exits with a non-zero sta.
Trivy in GitLab CI: Security Scanning in Pipelines
Trivy is surprisingly good at finding vulnerabilities, but its real power in GitLab CI comes from how it integrates with the platform's security scannin.
Trivy Go Binary Scanning: Find Vulnerable Dependencies
Trivy, the popular security scanner, can look inside your Go binaries to find vulnerable dependencies, even if the source code isn't available.
Trivy Helm Chart Scanning: Find Misconfigurations
Trivy Helm Chart Scanning: Find Misconfigurations — practical guide covering trivy setup, configuration, and troubleshooting with real-world examples.
Trivy IaC Scanning: Detect Terraform Misconfigurations
Terraform's declarative nature makes it powerful for infrastructure as code, but it also means a single typo or outdated module can ripple into signific.
Trivy .trivyignore: Suppress Known-Acceptable Findings
Trivy .trivyignore: Suppress Known-Acceptable Findings — A .trivyignore file lets you tell Trivy to stop complaining about specific vulnerabilities or m...
Trivy with ArgoCD: GitOps Security Gate
Trivy, the popular open-source vulnerability scanner, can be integrated into an Argo CD-based GitOps workflow to act as a security gate, preventing vuln.
Trivy with Flux GitOps: Scan Before Sync
The most surprising thing about integrating Trivy with Flux for GitOps is that you can actually prevent bad deployments from ever reaching your cluster,.
Trivy Harbor Integration: Registry Scanning at Push
The most surprising thing about Trivy scanning images in Harbor at push time is that it doesn't actually scan at push time.
Trivy Java JAR Scanning: Find Vulnerable Maven Packages
Trivy Java JAR Scanning: Find Vulnerable Maven Packages — practical guide covering trivy setup, configuration, and troubleshooting with real-world examp...
Trivy Jenkins Plugin: Security Scan in Jenkins Pipelines
The Trivy Jenkins plugin doesn't just scan your code; it actively prevents vulnerable artifacts from ever reaching production by integrating directly in.
Trivy Kubernetes Cluster Scan: RBAC, Misconfigs, CVEs
Trivy's Kubernetes cluster scan can reveal RBAC issues, misconfigurations, and CVEs, but the underlying problem is usually that the scanned cluster's AP.
Trivy License Scanning: Block Forbidden Open Source Licenses
Trivy can actually prevent your builds from completing if they include forbidden open-source licenses, not just report them.
Trivy Cloud Misconfiguration: AWS, Azure, GCP Checks
Trivy Cloud misconfiguration checks are surprisingly effective at finding security holes even in environments that are otherwise well-managed, because t.
Trivy Multi-Architecture Image Scanning: AMD64 and ARM
Trivy can scan multi-architecture container images, but it's not doing what you think it's doing when you run trivy image myimage:latest.
Trivy Node.js Scanning: Audit npm and yarn Dependencies
Trivy Node.js Scanning: Audit npm and yarn Dependencies — Node.js dependency scanning with Trivy isn't just about finding vulnerabilities; it's about un...