Share with us your favourite part about Trivy

[AnaisUrlichs]

🎉As you might have seen, we are very very close to reaching 20k stars on GitHub 🎉
This would not have been possible without many amazing people -- including you, our community!🫶

Get involved: Share your favourite part about Trivy, as well as where and how you are using the Trivy CLI or the Trivy Operator, in the comments section of this discussion (just comment below). We will then choose one person for our Giveaway of the LEGO Delorean Set: https://www.lego.com/en-gb/product/back-to-the-future-time-machine-10300

We are excited to hear from you,
Your Trivy Team

*T&C's, prize draw competition open to all participants that provide a quote on this post. The winner will be picked at random and we will communicate via email.
This competition is not affiliated with GitHub. The Giveaway will run until the 14th of February.

[jof]

Hey there! I'm very happy and consistently impressed with the scope of what Trivy accomplishes. Compared to the big commercial-only scanners, Trivy is more flexible and featureful, and critically, when something doesn't work as it should, I can easily find the source code and debug the situation directly ourselves and contribute our improvements upstream.

This open-core model makes Trivy a perfect choice as an in-cluster image scanner.

[AnaisUrlichs]

Hi Jonathan, thank you so much for sharing and this amazing feedback! It's highly appreciated!

[AnaisUrlichs]

Since you have been the first one to share your thoughts on Trivy, we have included your quote in the new Trivy video https://youtu.be/PPauo8e5TCA 🥇

[tonaim]

Hey all, somethings about Trivy which I love most

The way it leverages an extensive vulnerability database to conduct static analysis on container images, swiftly detecting known vulnerabilities in their dependencies is awesome.

Trivy employs a comprehensive set of vulnerability detection methods, including file, docker Image layer analysis, and language-specific package manager scans, ensuring a thorough examination of containerized applications.

It integrates with CI/CD pipelines, automates the vulnerability assessment process, provides developers with immediate feedback on security issues within container images, and promotes a proactive security stance.

Huge fan of trivy...

[AnaisUrlichs]

Hi Naimuddin -- thank you so much for sharing! this is great!

[AnaisUrlichs]

We really appreciate the effort of the two replies so far -- thank you so much for sharing what you like about Trivy! For those joining the discussion: 1 to 3 sentences are totally enough, we don't expect an essay, just to hear form you :)

[jdsmithit]

Hey, all

Trivy's community is truly top-notch, and the way it brings together different security products under one roof is awesome. As a developer & security architect, I love that I can use Trivy to dramatically improve my team's security posture without having to juggle a bunch of different tools. It's made the whole process so much easier and faster, and it's given me a lot more peace of mind knowing that our code is well-protected.

[AnaisUrlichs]

Hi John, thank you! 🎉 Does your company use Trivy?

[nunix]

Hi to the amazing Aqua team,

"ironically" the best story I have about using Trivy is ... that I didn't know I was using it with Rancher Desktop image scanning, until I deep dived when I became the tech writer and had to write about it.
Like some other projects, Trivy has become a "de-facto" option, and the users sometimes don't even know they're using it already but do appreciate its features.

Keep the excellent work!

[AnaisUrlichs]

Thank you so much for sharing this lovely story! 😊

[pnu-s]

Hello there and kudos to the team behind Trivy! 👋
I've been using it since before it was acquired by Aqua Security, and I've been satisfied with it since then :)

It's always great to see new features coming up, such as the kubernetes operator or the inclusion of tfsec, so keep up the good work! 👏

[AnaisUrlichs]

Oh wow! I think you are the first user I know who has used Trivy for THAT long -- I mean, usually, I don't know for how long people have been using it. @itaysk @knqyf263 Look!

[whaakman]

Hi!
I just wrote a blog post where I used Trivy for container image scanning and it was absolutely delightful to use. Currently looking at building out of the box automation for end-to-end container image security (from container build to running on Kubernetes) and potentially creating a standard for us internally and for customers. Documentation is great, community is great and everything works with a single try :)

[AnaisUrlichs]

Hi there, thank you so much for sharing! Feel free to share the blog post in our Slack community https://join.slack.com/t/aquasecurity/shared_invite/zt-2aub8rgme-LWsjJIwXvEAQoNxY_xxOzA

[TeuF]

Hi there,

I love Trivy's ability to generate SBOM, for dependency tracking. And of course It's quick scanning performance, both for pre-commit and for container build in CI/CD jobs, making it the security tool for project management.

[AnaisUrlichs]

Ah that's interesting, thank you for sharing -- why particular for project management?

[TeuF]

Oops, looks like I mixed up my words earlier! What I meant to say was, 'making it the essential tool for managing the security aspects of my project.'

[AnaisUrlichs]

Oh hahah that makes sense -- I thought you had discovered a completely new use case for Trivy that I have not heard about before

[zangcc]

Hey there! 👋 Trivy is my favorite scanning tool. Compared with other commercial tools, Trivy is more lightweight and has great functions. Moreover, Trivy’s team is very good and they will reply to all my suggestions. I think the particularly great feature is that it supports scanning of Maven projects and the transitive relationship of dependencies! Because I am mainly responsible for code security in the company, Trivy has helped me a lot, whether it is Maven or docker images.

Congratulations again to Trivy for gaining 20k stars!🎉🎉🎉 I am also very happy!👍

[AnaisUrlichs]

What great feedback! Thank you so much for sharing -- I am glad Trivy is so useful to you!

[kolja-lucht]

We’re still at the very beginning of using trivy. Our terraform project is running tfsec but we’re about to migrate that to trivy. I also did a few trial runs with the trivy-operator in our Kubernetes clusters, which we will implement soon too. I was very happy when I discovered your Slack workspace though. It’s a great way to gain insights just by following along other users question, but also to receive help for one’s own challenges. 💟
🌟 To the next 20k stars! 🍾 🌟

[AnaisUrlichs]

Oh amazing! Thank you so much for sharing -- may I ask what you prefer in Slack over GitHub Discussions?

[kolja-lucht]

Since we're using GitLab I'm spending barely any time on GitHub. Slack however is open anyway and therefor it's easier for me to stay on top of things in all the workspaces I'm logged into. This is actually my first message in a GitHub discussion ever. So, can't really say anything against it since I haven't used it before 😀

[mustafaakin]

I love how Trivy democratized dependency scanning to the masses as a free and extremely easy to use tool, with also a permissive license. This used to be a gated community with predatory security vendors charging premium, and they were not half as good as Trivy.

[AnaisUrlichs]

thank you so much for sharing!

[pmerlin]

To Aqua teams
Thank you for this wonderful tool I'm using since more than 3 years.
It's really nice from you to keep this kind of tool open source.
I think this is part of the reason of its success !
New feature are always delivered.
A big thank you and keep going !
You have one more star ;-)

[AnaisUrlichs]

We love more stars 😄 thank you!