Installation

    or

    1. rpm -ivh https://github.com/aquasecurity/trivy/releases/download/v0.17.2/trivy_0.17.2_Linux-64bit.rpm

    Debian/Ubuntu

    Add repository to /etc/apt/sources.list.d.

    1. sudo apt-get install wget apt-transport-https gnupg lsb-release
    2. wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -
    3. sudo apt-get update
    4. sudo apt-get install trivy

    or

    1. wget https://github.com/aquasecurity/trivy/releases/download/v0.17.2/trivy_0.17.2_Linux-64bit.deb
    2. sudo dpkg -i trivy_0.17.2_Linux-64bit.deb

    Arch Linux

    Package trivy-bin can be installed from the Arch User Repository. Examples:

    1. pikaur -Sy trivy-bin

    or

    1. yay -Sy trivy-bin

    You can use homebrew on macOS and Linux.

    Nix/NixOS

    Note that trivy is currently only in the unstable channels.

    1. nix-env --install trivy

    Or through your configuration on NixOS or with home-manager as usual

    Install Script

    This script downloads Trivy binary based on your OS and architecture.

    1. curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v0.17.2

    Download the archive file for your operating system/architecture from here. Unpack the archive, and put the binary somewhere in your $PATH (on UNIX-y systems, /usr/local/bin or the like). Make sure it has execution bits turned on.

    From source

    1. mkdir -p $GOPATH/src/github.com/aquasecurity
    3. git clone --depth 1 --branch v0.17.2 https://github.com/aquasecurity/trivy
    4. cd trivy/cmd/trivy/
    5. export GO111MODULE=on
    6. go install

    Docker

    Replace [YOUR_CACHE_DIR] with the cache directory on your machine.

    1. docker pull aquasec/trivy:0.17.2

    Example for Linux:

    1. docker run --rm -v [YOUR_CACHE_DIR]:/root/.cache/ aquasec/trivy:0.17.2 [YOUR_IMAGE_NAME]

    If you would like to scan the image on your host machine, you need to mount docker.sock.

    1. docker run --rm -v /var/run/docker.sock:/var/run/docker.sock \
    2.     -v $HOME/Library/Caches:/root/.cache/ aquasec/trivy:0.17.2 python:3.4-alpine

    Please re-pull latest aquasec/trivy if an error occurred.

    Result

    1. 2019-05-16T01:20:53.029+0900    INFO    Detecting Alpine vulnerabilities...
    3. python:3.4-alpine3.9 (alpine 3.9.2)
    4. ===================================
    7. +---------+------------------+----------+-------------------+---------------+--------------------------------+
    8. | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION |             TITLE              |
    9. +---------+------------------+----------+-------------------+---------------+--------------------------------+
    10. | openssl | CVE-2019-1543    | MEDIUM   | 1.1.1a-r1         | 1.1.1b-r1     | openssl: ChaCha20-Poly1305     |
    11. |         |                  |          |                   |               | with long nonces               |
    12. +---------+------------------+----------+-------------------+---------------+--------------------------------+

    The same image is hosted on as well.

    1. docker pull ghcr.io/aquasecurity/trivy:0.17.2

    The same image is hosted on Amazon ECR Public as well.

    1. docker pull public.ecr.aws/aquasecurity/trivy:0.17.2
    1. helm repo add aquasecurity https://aquasecurity.github.io/helm-charts/
    2. helm repo update
    3. helm search repo trivy
    4. helm install my-trivy aquasecurity/trivy

    To install the chart with the release name my-release: