Trivy
Open-source vulnerability scanner for containers, file systems, IaC, and Kubernetes with zero-config setup
Pricing: Free (open source) / Aqua Platform for enterprise features
Reviewed by the CyberSecTool editorial team against the public sources cited below · Last reviewed February 2026 · How we review listings
What is Trivy?
Trivy is an open-source, comprehensive vulnerability scanner developed by Aqua Security that covers container images, file systems, Git repositories, Kubernetes clusters, and infrastructure-as-code configurations. Trivy stands out for its simplicity, speed, and breadth of scanning targets, requiring zero configuration to get started. It has become a widely adopted open-source scanner for container images in CI/CD pipelines and is widely adopted in Kubernetes-native environments for runtime vulnerability assessment.
- ✓ Completely free and open source with no licensing costs
- ✓ Zero-configuration setup with a single binary installation
- ✓ Extremely fast scanning suitable for every CI/CD pipeline run
- ✓ Broadest scanning target coverage of any open-source scanner
- ✓ De facto standard for container image scanning in Kubernetes environments
- • No web dashboard or centralized management in open-source version
- • Vulnerability database updates rely on community and Aqua research
- • Lacks automated fix PR generation and remediation workflow
- • No dedicated SAST engine for deep code-level vulnerability analysis
- • Enterprise features require paid Aqua Platform subscription
Reported in public reviews and vendor documentation. See sources below.
Key Features
Are you Trivy? Improve this listing with screenshots, case studies and more.
Sources & references
Where the information on this listing comes from. Always verify pricing and capabilities against the vendor before a purchasing decision.
Spot an error, or do you represent Trivy? Request a correction.
Quick Info
| Pricing | Free (open source) / Aqua Platform for enterprise features |
| Model | Open source with commercial Aqua Platform |
| Founded | 2019 |
| Cloud | No |
| Self-Hosted | Yes |
| Open Source | Yes |
Last updated: Feb 20, 2026
Trivy Alternatives
View All AlternativesDeveloper-first application security platform for finding an...SonarQube
Open-source code quality and security analysis platform with...Checkmarx
Enterprise application security platform with deep SAST, SCA...Veracode
Cloud-based application security testing platform with SAST,...Semgrep
Lightweight, open-source static analysis with intuitive patt...