macOS
brew install trivylocal Homebrew formula metadata
sudo port install trivyMacPorts ports tree · security/trivy/Portfile · ソース: api.github.com
brew
trivy のインストール経路、実行ファイル、メタデータ、AI エージェント向けセキュリティノートを確認します。
インストール
brew install trivylocal Homebrew formula metadata
sudo port install trivyMacPorts ports tree · security/trivy/Portfile · ソース: api.github.com
sudo apk add trivyAlpine Linux edge package indexes · trivy · ソース: dl-cdn.alpinelinux.org
sudo dnf install trivyFedora Rawhide package metadata · trivy · ソース: dl.fedoraproject.org
nix profile install nixpkgs#trivynixpkgs package indexes · pkgs/by-name/tr/trivy/package.nix · ソース: api.github.com
sudo pacman -S trivyArch Linux sync databases · trivy · ソース: geo.mirror.pkgbuild.com
sudo zypper install trivyopenSUSE Tumbleweed package metadata · trivy · ソース: download.opensuse.org
choco install trivyChocolatey community package catalog · trivy · ソース: community.chocolatey.org
scoop install main/trivyScoop official bucket manifest trees · bucket/trivy.json · ソース: api.github.com
winget install --id AquaSecurity.Trivy -eWindows Package Manager source index · AquaSecurity.Trivy · ソース: cdn.winget.microsoft.com
概要
Vulnerability scanner for container images, file systems, and Git repos
履歴
Trivy is Aqua Security's open-source security scanner. It began public life in the container-image vulnerability scanning niche and is now documented as a comprehensive scanner for container images, filesystems, Git repositories, VM images, and Kubernetes.
Aqua's official blog announced on August 19, 2019 that Trivy, described there as a popular open-source container image vulnerability scanner, had joined the Aqua open-source family. The current project README shows how the scope expanded: Trivy now has multiple target types and scanners, including vulnerabilities, SBOM/package inventory, IaC misconfiguration, secrets, and license scanning.
That expansion mirrors the wider cloud-native security shift from image scanning as a point task to supply-chain and runtime-adjacent checks in CI, repositories, Kubernetes clusters, and local filesystems. Trivy's own docs and README frame it as a single CLI front end for those related checks rather than a collection of separate tools.
The official homepage calls Trivy the most popular open-source security scanner for vulnerability scanning, IaC, SBOM discovery, cloud scanning, and Kubernetes security. The README lists integrations with GitHub Actions, the Trivy Kubernetes operator, and a VS Code extension, while the installation docs distinguish official and community install channels.
Homebrew adoption fits the way Trivy is commonly used: installed as a local CLI for developers and CI authors, run in Docker for pipeline isolation, and embedded into GitHub Actions or Kubernetes workflows for continuous scanning. Its package-manager presence is not ornamental; the package is a common entry point for trying a scanner before wiring it into automation.
The README's general pattern is `trivy <target> [--scanners <scanner1,scanner2>] <subject>`. Examples include `trivy image python:3.4-alpine`, filesystem scans such as `trivy fs --scanners vuln,secret,misconfig myproject/`, and Kubernetes scans such as `trivy k8s --report summary cluster`.
In the package-nerd niche, Trivy is often used to inspect what a package, container image, repository, lockfile, or cluster would expose to a vulnerability database or policy scanner. The same executable can produce quick local answers and also serve as the scanner behind CI jobs, image-registry checks, and Kubernetes security reports.
Trivy is significant because it connects package metadata to security outcomes. It reads OS packages and language dependencies, maps them to CVEs and other findings, and can emit SBOM-centered views. For people who track package ecosystems, it is both a user-facing CLI and a packaging/data-source stress test across distros, language lockfiles, images, and repositories.
It is also a good example of a security CLI becoming infrastructure: package managers install it, CI systems wrap it, Kubernetes operators schedule it, and downstream tools consume its reports. That makes its history more important than a normal formula entry.
セキュリティ状態
broad file, network, media, or database tool signal. escape, surveillance, or offensive capability signal.
リスク red · 信頼度 中 · escape-surveillance-offensive
エージェントに無人実行させる前に、このツールが平文の認証情報を読むか、リモート状態を書き込むか、成果物を公開するか、プラグインを起動するかを確認してください。
local files
These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.
Config paths the tool may read or write during local use.
trivy.yaml実行可能ファイル
| コマンド | 種類 | 公開範囲 | メモ |
|---|---|---|---|
trivy | cli | グローバル実行可能ファイル |
鮮度
これらの信号は、ページ生成時期、パッケージマネージャの活動、上流リリース比較を分けて示します。バージョン遅れは、証拠 URL と比較可能なバージョンがある場合だけ警告されます。
https://github.com/aquasecurity/trivy
インストールメタデータ
| パッケージキー | brew:trivy |
|---|---|
| バージョン | 0.72.0 |
| パッケージマネージャ | Homebrew |
| パッケージマネージャページ | https://formulae.brew.sh/formula/trivy |
| ホームページ | https://trivy.dev/ |
| リポジトリ | https://github.com/aquasecurity/trivy |
| 上流ドキュメント | https://trivy.dev/latest |
| ライセンス | Apache-2.0 |
| ソースアーカイブ | https://github.com/aquasecurity/trivy/archive/refs/tags/v0.72.0.tar.gz |
| 最終更新 | 2026-06-30T10:15:59Z |
| Pulse | updated |
| ビルド依存関係 | go |
| Bottle | 利用可能 (対象 arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux) |
| Homebrew post-install | 未定義 |
| サービス | 宣言なし |
レジストリ情報
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | trivy |
| Version Scheme | 0 |
| Revision | 0 |
| Head Version | HEAD |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
ソースデータベース一致
一致は外部パッケージマネージャインデックスから取得され、ローカルの Automic Vault パッケージリンクとは分けて表示されます。
trivy
nix profile install nixpkgs#trivytrivy 0.71.0-r0
Simple and comprehensive vulnerability scanner for containers
https://github.com/aquasecurity/trivy
sudo apk add trivytrivy 0.69.3-1.fc45
Vulnerability and license scanner
https://github.com/aquasecurity/trivy
sudo dnf install trivytrivy 0.71.1-1
A Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI
https://github.com/aquasecurity/trivy
sudo pacman -S trivytrivy 0.71.0-1.1
A Simple and Comprehensive Vulnerability Scanner for Containers
https://github.com/aquasecurity/trivy
sudo zypper install trivytrivy
sudo port install trivytrivy
choco install trivymain/trivy
scoop install main/trivyAquaSecurity.Trivy
winget install --id AquaSecurity.Trivy -eソース経路
このページは scripts/generate-pkg-sqlite.py が生成した非公開のパッケージ SQLite アーティファクトから av-web によって提供されます。
View the package source record on GitHub.