Trivy

What is it?

Trivy is an open-source security scanning tool developed by Aqua Security. It is designed to provide fast and comprehensive vulnerability scanning for container images and cloud-native environments.

What does it do?

Trivy scans container images, file systems, Git repositories, Kubernetes manifests, and IaC files to identify vulnerabilities, exposed secrets, misconfigurations, and compliance issues. It integrates easily into CI/CD pipelines.

Where is it used?

Trivy is widely used in DevSecOps pipelines, Kubernetes environments, cloud-native applications, and enterprise systems where container security and supply chain protection are critical.

When & why it emerged

Trivy was introduced in 2019 as container adoption increased and security risks shifted left into development workflows. It emerged to provide a simple, fast, and developer-friendly security scanner for modern infrastructures.

Why we use it at Internative

We use Trivy to automate security scanning across containers and infrastructure code. Its speed and ease of integration allow us to enforce security controls early without slowing down delivery.