trivy
https://github.com/aquasecurity/trivy
Go
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
Triage Issues!
When you volunteer to triage issues, you'll receive an email each day with a link to an open issue that needs help in this project. You'll also receive instructions on how to triage issues.
Triage Docs!
Receive a documented method or class from your favorite GitHub repos in your inbox every day. If you're really pro, receive undocumented methods or classes and supercharge your commit history.
Go not yet supported5 Subscribers
Add a CodeTriage badge to trivy
Help out
- Issues
- Root.io application level vulnerability implementation
- feat(sbom): add `BOMID` field to match packages and decoded BOM components
- fix(vuln): save package-specific severity before severity selection
- feat(rocky): Add Rootio Rocky Support
- feat(sbom): add Parent Contains Relationship for Orphan OS Packages
- feat(spdx): add SHA-512 hash algorithm support to SPDX serializer
- feat(vuln): add ALT Linux support
- bug: trivy convert always filters non-failures
- feat(checks): Add checks to detect suspicious Kubernetes URL annotations
- bug(sbom): Trivy only checks parents from the current result when plotting the dependency graph
- Docs
- Go not yet supported