Great repository scanner to get an allround look at the dependencies vulnerabilities of all (nested) codebases in a folder structure

Trivy has different scanners that look for different security issues, and different targets where it can find those issues.

scans

  • Container Image
  • Filesystem
  • Git repository (remote)
  • Kubernetes cluster or resource

Scanner modules

  • OS packages and software dependencies in use (SBOM)
  • Known vulnerabilities (CVEs)
  • IaC misconfigurations
  • Sensitive information and secrets

installation and usage

brew install trivy
trivy fs . > trivy-scan.txt