Continuous Container Vulnerability Testing With Trivy

This page summarizes the projects mentioned and recommended in the original post on

Our great sponsors
  • SonarLint - Deliver Cleaner and Safer Code - Right in Your IDE of Choice!
  • Scout APM - Less time debugging, more time building
  • OPS - Build and Run Open Source Unikernels
  • GitHub repo trivy

    Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues

    wget sudo dpkg -i trivy_0.20.1_Linux-64bit.deb checkout docker pull "${DOCKER_USERNAME}"/semaphore-demo-ruby-kubernetes:$SEMAPHORE_WORKFLOW_ID trivy image --severity HIGH,CRITICAL "${DOCKER_USERNAME}"/semaphore-demo-ruby-kubernetes:$SEMAPHORE_WORKFLOW_ID

  • GitHub repo semaphore-demo-ruby-kubernetes

    A Semaphore demo CI/CD pipeline for Kubernetes.

  • SonarLint

    Deliver Cleaner and Safer Code - Right in Your IDE of Choice!. SonarLint is a free and open source IDE extension that identifies and catches bugs and vulnerabilities as you code, directly in the IDE. Install from your favorite IDE marketplace today.

  • GitHub repo trivy-ci-test

  • GitHub repo appshield

    Security configuration checks for popular cloud native applications and infrastructure.

    Being proactive in this area means using IaC tools such as Terraform, so Trivy can enforce a set of rules that encode good security practices.

  • GitHub repo trivy-plugin-kubectl

    A Trivy plugin that scans the images of a kubernetes resource

    Let me close up this post by mentioning that Trivy can be extended with plugins and custom policies. For example, Aqua provides the kubectl plugin to better integrate Trivy with Kubectl. The plugin lets us scan images running in a Kubernetes pod or deployment:

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts