Try our new research platform with insights from 80,000+ expert users
Trivy Logo

Trivy pros and cons

Vendor: Aqua Security
4.3 out of 5
Badge Leader
Leave a review

Pros & Cons summary

Trivy seamlessly integrates with CI/CD pipelines and offers desktop installation for image scanning. Its open-source nature and functionality, including scanning AWS credentials, GCP service accounts, and Infrastructure as Code like Terraform, are praised. Trivy supports Docker and Sharma container capabilities, yet needs improvements in report generation, dynamic runtime scanning, malware detection integration, and reducing false positives. Differentiating OS and application vulnerabilities remains a development area.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the report

Prominent pros & cons

PROS

Trivy's integration with CI/CD pipeline is seamless and efficient.
Customizability in adding rules and formatting HTML templates enhances user experience.
Trivy's open-source nature and comprehensive functionalities are highly valued.
Trivy's ability to scan for vulnerabilities in Kubernetes deployments and container applications is essential.
The capability to scan files, images, GitHub repositories, Infrastructure as Code, and Kubernetes adds significant value.

CONS

Reporting capabilities need improvement, including better report interpretation when integrated with CI and additional output formats such as PDF and CSV.
Trivy can benefit from dynamic scanning capability during runtime as it currently performs static scanning of container images.
Integrating Trivy with ClamAV is necessary for comprehensive malware and anomaly detection, which could be managed by one tool for efficiency.
There is a lack of built-in functionality for report analysis within CI/CD pipelines.
Trivy often generates false positives by flagging vulnerabilities that do not exist, suggesting a need for enhanced contextual analysis or filtering.
 

Trivy Pros review quotes

reviewer2599524 - PeerSpot reviewer
reviewer2599524
Software Engineer at a manufacturing company with 10,001+ employees
Dec 4, 2024
The most valuable feature of Trivy is its easy integration with the CI/CD pipeline.
Read full review
reviewer2620167 - PeerSpot reviewer
reviewer2620167
Framework Engineer at a tech services company with 1,001-5,000 employees
Dec 20, 2024
It's customizable, allowing me to add any rules and format HTML templates as I wish.
Read full review
GK
Goutham Kumar
Principal DevSecOPs at a computer software company with 10,001+ employees
Dec 24, 2024
Trivy's open source nature and wide functionality are incredibly valuable.
Read full review
Buyer's Guide
Trivy
December 2025
Free Report: Trivy Reviews and More
Learn what your peers think about Trivy. Get advice and tips from experienced pros sharing their opinions. Updated: December 2025.
DOWNLOAD NOW
880,844 professionals have used our research since 2012.
Jyothikumar C - PeerSpot reviewer
Jyothikumar C
Senior Engineering Manager at Ninjacart
Jan 29, 2025
I can see vulnerabilities in the images of any applications deployed in the Kubernetes environment or as container applications.
Read full review
Faizan Anwar - PeerSpot reviewer
Faizan Anwar
Cloud DevOps Lead at Venturenox
Jan 30, 2025
It is open-source.
Read full review
DA
Dilshad Ahamad
Cybersecurity & DevSecOps Lead at WhizAI
Jan 31, 2025
Trivy is easy to integrate with CI/CD and can be installed on desktops to scan images.
Read full review
Utsav Sharma - PeerSpot reviewer
Utsav Sharma
Senior Security Consultant at Ernst & Young
Feb 3, 2025
The vulnerability scanning feature is excellent as it supports various container capabilities like Docker and Sharma.
Read full review
DK
Dmitrey Kazin
DevOps Engineer at Interdiciplinary center
Feb 3, 2025
I appreciate Trivy for being open-source and not requiring any payment.
Read full review
SK
ShashankKumar
Site Reliability Engineer at a tech vendor with 10,001+ employees
Apr 25, 2025
What I find valuable is the ease of setup with Trivy, including pre-defined operators that require minimal configuration.
Read full review
SC
Suryadev Chaudhary
Project Associate Engineer at a tech vendor with 501-1,000 employees
Apr 28, 2025
Trivy is most valuable for its ability to scan all repository files and dependencies.
Read full review
 

Trivy Cons review quotes

reviewer2599524 - PeerSpot reviewer
reviewer2599524
Software Engineer at a manufacturing company with 10,001+ employees
Dec 4, 2024
The reporting could be a little better.
Read full review
reviewer2620167 - PeerSpot reviewer
reviewer2620167
Framework Engineer at a tech services company with 1,001-5,000 employees
Dec 20, 2024
Trivy can improve by providing an output in PDF format.
Read full review
GK
Goutham Kumar
Principal DevSecOPs at a computer software company with 10,001+ employees
Dec 24, 2024
A dynamic scanning capability during runtime would be a significant advantage.
Read full review
Buyer's Guide
Trivy
December 2025
Free Report: Trivy Reviews and More
Learn what your peers think about Trivy. Get advice and tips from experienced pros sharing their opinions. Updated: December 2025.
DOWNLOAD NOW
880,844 professionals have used our research since 2012.
Jyothikumar C - PeerSpot reviewer
Jyothikumar C
Senior Engineering Manager at Ninjacart
Jan 29, 2025
For malware detection, I need to use two tools: Trivy as my anomaly scanner and ClamAV. I am integrating these two tools into the CI pipeline. If both malware and anomaly detection could be managed by one tool, I would not need to depend on two tools.
Read full review
Faizan Anwar - PeerSpot reviewer
Faizan Anwar
Cloud DevOps Lead at Venturenox
Jan 30, 2025
In our CI/CD pipelines, Trivy lacks built-in functionality for report analysis.
Read full review
DA
Dilshad Ahamad
Cybersecurity & DevSecOps Lead at WhizAI
Jan 31, 2025
The only problem is that Trivy does not support reporting features such as generating reports in CSV, which is useful for auditing and reporting.
Read full review
Utsav Sharma - PeerSpot reviewer
Utsav Sharma
Senior Security Consultant at Ernst & Young
Feb 3, 2025
Trivy generates many false positives, flagging non-existent vulnerabilities.
Read full review
DK
Dmitrey Kazin
DevOps Engineer at Interdiciplinary center
Feb 3, 2025
Having little experience can hinder the ability to connect it to a user-friendly UI effectively.
Read full review
SK
ShashankKumar
Site Reliability Engineer at a tech vendor with 10,001+ employees
Apr 25, 2025
The main area for improvement is in differentiating between OS and application-based vulnerabilities.
Read full review
SC
Suryadev Chaudhary
Project Associate Engineer at a tech vendor with 501-1,000 employees
Apr 28, 2025
Trivy is not scalable; however, I have scanned very large projects with it. It is stable but not scalable according to my experience.
Read full review

Product Categories

Product Categories
Container Security

Popular Comparisons

Popular Comparisons
Wiz vs Trivy Logo
Wiz vs Trivy
Snyk vs Trivy Logo
Snyk vs Trivy
Microsoft Defender for Cloud vs Trivy Logo
Microsoft Defender for Cloud vs Trivy
SentinelOne Singularity Cloud Security vs Trivy Logo
SentinelOne Singularity Cloud Security vs Trivy
Prisma Cloud by Palo Alto Networks vs Trivy Logo
Prisma Cloud by Palo Alto Networks vs Trivy
Veracode vs Trivy Logo
Veracode vs Trivy
Qualys VMDR vs Trivy Logo
Qualys VMDR vs Trivy
CrowdStrike Falcon Cloud Security vs Trivy Logo
CrowdStrike Falcon Cloud Security vs Trivy
JFrog Xray vs Trivy Logo
JFrog Xray vs Trivy
Orca Security vs Trivy Logo
Orca Security vs Trivy
Aqua Cloud Security Platform vs Trivy Logo
Aqua Cloud Security Platform vs Trivy
FortiCNAPP vs Trivy Logo
FortiCNAPP vs Trivy
Sysdig Secure vs Trivy Logo
Sysdig Secure vs Trivy
SUSE NeuVector vs Trivy Logo
SUSE NeuVector vs Trivy
Red Hat Advanced Cluster Security for Kubernetes vs Trivy Logo
Red Hat Advanced Cluster Security for Kubernetes vs Trivy
See all alternatives

Product Categories

Product Categories
Container Security

Popular Comparisons

Popular Comparisons
Wiz vs Trivy Logo
Wiz vs Trivy
Snyk vs Trivy Logo
Snyk vs Trivy
Microsoft Defender for Cloud vs Trivy Logo
Microsoft Defender for Cloud vs Trivy
SentinelOne Singularity Cloud Security vs Trivy Logo
SentinelOne Singularity Cloud Security vs Trivy
Prisma Cloud by Palo Alto Networks vs Trivy Logo
Prisma Cloud by Palo Alto Networks vs Trivy
Veracode vs Trivy Logo
Veracode vs Trivy
Qualys VMDR vs Trivy Logo
Qualys VMDR vs Trivy
CrowdStrike Falcon Cloud Security vs Trivy Logo
CrowdStrike Falcon Cloud Security vs Trivy
JFrog Xray vs Trivy Logo
JFrog Xray vs Trivy
Orca Security vs Trivy Logo
Orca Security vs Trivy
Aqua Cloud Security Platform vs Trivy Logo
Aqua Cloud Security Platform vs Trivy
FortiCNAPP vs Trivy Logo
FortiCNAPP vs Trivy
Sysdig Secure vs Trivy Logo
Sysdig Secure vs Trivy
SUSE NeuVector vs Trivy Logo
SUSE NeuVector vs Trivy
Red Hat Advanced Cluster Security for Kubernetes vs Trivy Logo
Red Hat Advanced Cluster Security for Kubernetes vs Trivy
See all alternatives
Related questions
  • 13
When evaluating Container Security, what aspect do you think is the most important to look for?
  • 31
What tools do you rely on for building a DevSecOps pipeline?
  • 12
Container vs VM: What are the main differences?
  • 21
What do you look for in a container security solution?
  • 17
What container security solution are you using?
  • 60
Which Container Image Security tool is the best in the current market?
  • 126
Why is Container Security software important for companies?
  • 246
Why is Container Security important for companies?
  • 12
What are some tips for ensuring that containers are secure?
  • 7
What container security solution are you using? Do you recommend it?