Installation

    Add repository setting to /etc/yum.repos.d.

    or

    1. $ rpm -ivh https://github.com/aquasecurity/trivy/releases/download/{TRIVY_VERSION}/trivy_{TRIVY_VERSION}_Linux-64bit.rpm

    Debian/Ubuntu

    Add repository to /etc/apt/sources.list.d.

    1. $ sudo apt-get install wget apt-transport-https gnupg lsb-release
    2. $ wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -
    3. $ sudo apt-get update
    4. $ sudo apt-get install trivy

    or

    1. $ wget https://github.com/aquasecurity/trivy/releases/download/{TRIVY_VERSION}/trivy_{TRIVY_VERSION}_Linux-64bit.deb
    2. $ sudo dpkg -i trivy_{TRIVY_VERSION}_Linux-64bit.deb

    Arch Linux

    Package trivy-bin can be installed from the Arch User Repository. Examples:

    1. pikaur -Sy trivy-bin

    You can use homebrew on macOS and Linux.

    1. $ brew install aquasecurity/trivy/trivy

    Nix/NixOS

    You can use nix on Linux or macOS and on others unofficially.

    Note that trivy is currently only in the unstable channels.

    Or through your configuration on NixOS or with home-manager as usual

    Install Script

    This script downloads Trivy binary based on your OS and architecture.

    1. $ curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin

    From source

    1. $ mkdir -p $GOPATH/src/github.com/aquasecurity
    2. $ cd $GOPATH/src/github.com/aquasecurity
    3. $ git clone https://github.com/aquasecurity/trivy
    4. $ cd trivy/cmd/trivy/
    5. $ export GO111MODULE=on
    6. $ go install

    Docker

    Replace [YOUR_CACHE_DIR] with the cache directory on your machine.

    Example for Linux:

      Example for macOS:

      1. $ docker run --rm -v $HOME/Library/Caches:/root/.cache/ aquasec/trivy python:3.4-alpine

      If you would like to scan the image on your host machine, you need to mount docker.sock.

      1. $ docker run --rm -v /var/run/docker.sock:/var/run/docker.sock \

      Please re-pull latest aquasec/trivy if an error occurred.

      1. 2019-05-16T01:20:43.180+0900    INFO    Updating vulnerability database...
      2. 2019-05-16T01:20:53.029+0900    INFO    Detecting Alpine vulnerabilities...
      4. python:3.4-alpine3.9 (alpine 3.9.2)
      5. ===================================
      6. Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0)
      8. +---------+------------------+----------+-------------------+---------------+--------------------------------+
      9. | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION |             TITLE              |
      10. +---------+------------------+----------+-------------------+---------------+--------------------------------+
      11. | openssl | CVE-2019-1543    | MEDIUM   | 1.1.1a-r1         | 1.1.1b-r1     | openssl: ChaCha20-Poly1305     |
      12. +---------+------------------+----------+-------------------+---------------+--------------------------------+

      GitHub Container Registry

      The same image is hosted on as well.