hadolint VS trivy

Compare hadolint vs trivy and see what are their differences.

hadolint

Dockerfile linter, validate inline bash, written in Haskell (by hadolint)

trivy

Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues and hard-coded secrets (by aquasecurity)
Our great sponsors
  • SonarQube - Static code analysis for 29 languages.
  • Scout APM - Less time debugging, more time building
  • SaaSHub - Software Alternatives and Reviews
hadolint trivy
12 46
6,917 12,029
3.7% 7.1%
8.7 9.6
17 days ago 6 days ago
Haskell Go
GNU General Public License v3.0 only Apache License 2.0
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

hadolint

Posts with mentions or reviews of hadolint. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2022-03-30.

trivy

Posts with mentions or reviews of trivy. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2022-05-10.

What are some alternatives?

When comparing hadolint and trivy you can also consider the following projects:

clair - Vulnerability Static Analysis for Containers

grype - A vulnerability scanner for container images and filesystems

snyk - Snyk CLI scans and monitors your projects for security vulnerabilities.

syft - CLI tool and library for generating a Software Bill of Materials from container images and filesystems

checkov - Prevent cloud misconfigurations during build-time for Terraform, CloudFormation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew.

falco - Cloud Native Runtime Security

starboard - Kubernetes-native security toolkit

tfsec - Security scanner for your Terraform code

dockle - Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start

gitleaks - Scan git repos (or files) for secrets using regex and entropy 🔑

Grafana - The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many more.