dockle VS trivy

Compare dockle vs trivy and see what are their differences.

dockle

Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start (by goodwithtech)

trivy

Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues and hard-coded secrets (by aquasecurity)
Our great sponsors
  • SonarLint - Deliver Cleaner and Safer Code - Right in Your IDE of Choice!
  • Scout APM - Less time debugging, more time building
  • SaaSHub - Software Alternatives and Reviews
dockle trivy
2 46
1,897 12,029
3.1% 7.1%
6.4 9.6
9 days ago 6 days ago
Go Go
Apache License 2.0 Apache License 2.0
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

dockle

Posts with mentions or reviews of dockle. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2021-05-29.

trivy

Posts with mentions or reviews of trivy. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2022-05-10.

What are some alternatives?

When comparing dockle and trivy you can also consider the following projects:

clair - Vulnerability Static Analysis for Containers

grype - A vulnerability scanner for container images and filesystems

snyk - Snyk CLI scans and monitors your projects for security vulnerabilities.

syft - CLI tool and library for generating a Software Bill of Materials from container images and filesystems

checkov - Prevent cloud misconfigurations during build-time for Terraform, CloudFormation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew.

falco - Cloud Native Runtime Security

starboard - Kubernetes-native security toolkit

tfsec - Security scanner for your Terraform code

hadolint - Dockerfile linter, validate inline bash, written in Haskell

gitleaks - Scan git repos (or files) for secrets using regex and entropy 🔑

Grafana - The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many more.