Cyber Tool Stack
All tools
Container & Kubernetes SecurityOpen source · Apache-2.0

Trivy

By Aqua Security

A widely used open-source scanner covering container images (OS packages and language dependencies), IaC misconfigurations, exposed secrets, SBOM generation, and live Kubernetes clusters via the Trivy Operator. Created and maintained by Aqua Security — despite its ubiquity in cloud-native pipelines it is not a CNCF project.

Verified Source: 1

Product type
Software
Deployment
CLI
Organization size
IndividualSMBMid-marketEnterprise
Pricing tier
Free

Capability checklist

How Trivy measures up against the full Container & Kubernetes Security taxonomy.

Container image scanning — supported
Scans container images for vulnerabilities and exposed secrets before deployment.
Runtime threat detection — not supported
Detects anomalous process and system-call behavior in running containers.
Kubernetes posture management (KSPM) — supported
Flags misconfigured cluster settings, RBAC, and pod security policies.
Admission control — not supported
Blocks noncompliant workloads from being deployed to the cluster in the first place.
Runtime response actions — not supported
Kills, isolates, or quarantines a compromised container or pod.
Registry scanning — not supported
Continuously rescans image registries for newly disclosed vulnerabilities.

Alternatives

Other Container & Kubernetes Security tools with overlapping capabilities, sized for similar teams.

Appears in stacks

Real-world stacks that include Trivy.

Search Cyber Tool Stack

Jump to any tool, vendor, category, or glossary term.