Try our new research platform with insights from 80,000+ expert users
Trivy Logo

Trivy Reviews

Vendor: Aqua Security
4.3 out of 5
Badge Leader
Leave a review

What is Trivy?

Trivy offers comprehensive scanning for files, images, repositories, and infrastructure. It's open-source and integrates with CI/CD for vulnerability detection and security enhancement.

Get the Trivy Buyer's Guide and find out what your peers are saying about Trivy, Wiz, SentinelOne Singularity Cloud Security and more!
Trivy is the #4 ranked solution in Container Security Solutions. PeerSpot users give Trivy an average rating of 8.6 out of 10. Trivy is most commonly compared to Wiz: Trivy vs Wiz. Trivy is popular among the large enterprise segment, accounting for 61% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 13% of all views.
Buyer's Guide
Trivy
February 2026
Get the report
Helped 883,044 peers since 2012

Featured Trivy reviews

Read more reviews

Trivy mindshare

As of March 2026, the mindshare of Trivy in the Container Security category stands at 4.5%, down from 4.7% compared to the previous year, according to calculations based on PeerSpot user engagement data.
Container Security Market Share Distribution
ProductMarket Share (%)
Trivy4.5%
Wiz11.9%
Prisma Cloud by Palo Alto Networks8.8%
Other74.8%
Container Security

PeerResearch reports based on Trivy reviews

TypeTitleDate
CategoryContainer SecurityMar 3, 2026Download
ProductReviews, tips, and advice from real usersMar 3, 2026Download
ComparisonTrivy vs WizMar 3, 2026Download
ComparisonTrivy vs Prisma Cloud by Palo Alto NetworksMar 3, 2026Download
ComparisonTrivy vs SentinelOne Singularity Cloud SecurityMar 3, 2026Download
Suggested products
TitleRatingMindshareRecommending
Wiz4.411.9%97%37 interviewsAdd to research
SentinelOne Singularity Cloud Security4.34.2%99%118 interviewsAdd to research
 
 
Key learnings from peers

Valuable Features

Trivy excels in integrating with CI/CD pipelines, offering seamless setup and comprehensive scanning of code, images, and repositories. Its open-source nature and customizable options stand out. Users appreciate its capability to detect vulnerabilities, expired libraries, and secrets efficiently across multiple platforms. Trivy's straightforward installation, detailed reports, and wide functionality—covering Kubernetes, Docker, Terraform, and CloudFormation—enhance security analysis and compliance. Its lightweight design and up-to-date vulnerability database ensure effective security management.
  • "What I find valuable is the ease of setup with Trivy, including pre-defined operators that require minimal configuration."
  • "Trivy is most valuable for its ability to scan all repository files and dependencies."
  • "Trivy's ability to scan files, images, GitHub repositories, Infrastructure as Code like Terraform, and Kubernetes is valuable."

Room for Improvement

Trivy lacks robust reporting and a user-friendly interface. Reporting needs PDF and CSV outputs, along with dynamic scanning and improved malware detection capabilities. Container scanning is slow with large workloads, and false positives are frequent. Integration with CI/CD and support for AI-driven insights are needed. Users want better customization, security recommendations, and expanded vulnerability databases. There is a desire for seamless UI integration and awareness about Trivy’s capabilities.
  • "The main area for improvement is in differentiating between OS and application-based vulnerabilities."
  • "Trivy is not scalable; however, I have scanned very large projects with it. It is stable but not scalable according to my experience."
  • "One drawback I have observed with Trivy is the difficulty in building or integrating a UI, particularly for an operator in the NetSuite example."

Pricing

Enterprise users find Trivy cost-effective due to its free and open-source nature, making it a popular choice without licensing costs. Integration with platforms like GitLab may require payment. Organizations appreciate its cost-saving potential, mentioning customization options for scanning and cluster management. Companies primarily rely on the open-source version, minimizing expenses and meeting essential functionality without additional fees. Pricing and setup specifics may vary and depend on organizational requirements.

Popular Use Cases

Trivy is used for security and malware analysis of code bases, primarily scanning for vulnerabilities in Docker images, container systems, and application code. It integrates into CI/CD pipelines like Azure DevOps, scans Kubernetes namespaces and Terraform for misconfigurations, and identifies secrets in Kubernetes clusters. Trivy assists in DevSecOps processes, ensuring no critical vulnerabilities are present before deployment, with results visualized on platforms like Grafana.

Service and Support

Customers who engage with Trivy's customer service and support often lean on comprehensive documentation and community resources such as GitHub and Discord. Some users prefer internal expertise or web searches for assistance. When contacted, responses are informative despite possible time zone delays. The enterprise version is recommended for personalized support. While direct contact with support isn't frequent, guidance on technical queries is effective, with open-source community forums being a significant resource.

Deployment

Trivy's initial setup is described as straightforward by many. Most found it quick and easy to install, often taking less than ten minutes. Clear documentation and various installation options, such as Helm charts and Docker images, facilitated the process. While Linux users faced few challenges, some Windows setups were more time-consuming. Familiarity with related technologies like Kubernetes further eased the setup experience for users.

Scalability

Trivy demonstrates significant scalability, especially in CI/CD pipelines and Kubernetes environments. Some users note its efficiency in scanning multiple microservices and large amounts of data, while others highlight challenges when scanning numerous resources simultaneously. Many find it excels with command-line usage and requires no scaling of Trivy itself but rather the infrastructure around it. Users appreciate the ability to integrate Trivy in web app projects, though reporting mechanisms could enhance its scalability further.

Stability

Trivy is described as stable, with users highlighting its consistency in performance. They report few to no major stability issues, even within CICD pipelines. Initial database loading may take time, but subsequent operations are smooth. No lagging or crashing has been noted. Users suggest using the second latest version for optimum stability, as it offers consistent performance over the latest version, which may have frequent updates. Trivy receives high ratings for its reliability.
These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.
Download our Trivy Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
Company SizeCount
Small Business3
Midsize Enterprise1
Large Enterprise8
By reviewers
By visitors reading reviews
Company SizeCount
Small Business249
Midsize Enterprise146
Large Enterprise618
By visitors reading reviews

Top industries

By visitors reading reviews
Financial Services Firm
13%
Computer Software Company
12%
Manufacturing Company
12%
Government
8%
Comms Service Provider
7%
University
5%
Retailer
4%
Media Company
3%
Healthcare Company
3%
Insurance Company
3%
Outsourcing Company
3%
Educational Organization
3%
Energy/Utilities Company
3%
Real Estate/Law Firm
3%
Aerospace/Defense Firm
2%
Construction Company
2%
Legal Firm
2%
Performing Arts
1%
Transportation Company
1%
Hospitality Company
1%
Logistics Company
1%
Consumer Goods Company
1%
Recreational Facilities/Services Company
1%
Non Profit
1%
Pharma/Biotech Company
1%
Wholesaler/Distributor
1%
Marketing Services Firm
1%

Compare Trivy with alternative products

Go!

Learn more about Trivy

Trivy scans vulnerabilities in code, Docker images, containers, and infrastructure. It integrates seamlessly into DevOps pipelines, ensuring security in dependency management and open source vulnerabilities. This tool, lightweight and open-source, provides user-friendly reports and supports continuous vulnerability database updates, fostering ease of use across operating systems. Users benefit from its scanning capabilities, covering Kubernetes, AWS credentials, and GCP service accounts, effectively identifying vulnerabilities and misconfigurations.

What are Trivy's key features?
  • Comprehensive Scanning: Covers files, images, repositories, infrastructure, and sensitive data.
  • CI/CD Integration: Easily integrates into existing pipelines for seamless security checks.
  • Open-Source & Lightweight: Quick setup and fast scanning capabilities ensure rapid deployment.
  • Continuously Updated Database: Keeps vulnerability data current for effective threat detection.
  • User-Friendly Reports: Generates understandable and actionable security insights.
What benefits and ROI can users expect?
  • Enhanced Security: Provides in-depth analysis of vulnerabilities and misconfigurations.
  • Ease of Use: Designed for straightforward implementation and user interaction.
  • Compliance Support: Assists in meeting industry security standards and regulations.
  • Cross-Platform Use: Effective across different operating systems, enabling wide scalability.

In industries like technology and finance, Trivy is used extensively to secure applications, perform compliance checks, and offer security metrics visualization. It addresses microservices, container systems, and Kubernetes clusters security requirements, supporting DevOps teams and enhancing codebase analysis precision.

Related questions

  • 15
When evaluating Container Security, what aspect do you think is the most important to look for?
  • 31
What tools do you rely on for building a DevSecOps pipeline?
  • 16
Container vs VM: What are the main differences?
  • 26
What do you look for in a container security solution?
  • 28
What container security solution are you using?
  • 63
Which Container Image Security tool is the best in the current market?
  • 124
Why is Container Security software important for companies?
  • 251
Why is Container Security important for companies?
  • 15
What are some tips for ensuring that containers are secure?
  • 10
What container security solution are you using? Do you recommend it?

Product Categories

Product Categories
Container Security

Popular Comparisons

Popular Comparisons
Wiz vs Trivy Logo
Wiz vs Trivy
SentinelOne Singularity Cloud Security vs Trivy Logo
SentinelOne Singularity Cloud Security vs Trivy
Snyk vs Trivy Logo
Snyk vs Trivy
Microsoft Defender for Cloud vs Trivy Logo
Microsoft Defender for Cloud vs Trivy
Prisma Cloud by Palo Alto Networks vs Trivy Logo
Prisma Cloud by Palo Alto Networks vs Trivy
Veracode vs Trivy Logo
Veracode vs Trivy
Qualys VMDR vs Trivy Logo
Qualys VMDR vs Trivy
CrowdStrike Falcon Cloud Security vs Trivy Logo
CrowdStrike Falcon Cloud Security vs Trivy
JFrog Xray vs Trivy Logo
JFrog Xray vs Trivy
Orca Security vs Trivy Logo
Orca Security vs Trivy
FortiCNAPP vs Trivy Logo
FortiCNAPP vs Trivy
Aqua Cloud Security Platform vs Trivy Logo
Aqua Cloud Security Platform vs Trivy
Sysdig Secure vs Trivy Logo
Sysdig Secure vs Trivy
SUSE NeuVector vs Trivy Logo
SUSE NeuVector vs Trivy
Red Hat Advanced Cluster Security for Kubernetes vs Trivy Logo
Red Hat Advanced Cluster Security for Kubernetes vs Trivy
See all alternatives
 
Trivy Reviews Summary
Author infoRatingReview Summary
Software Engineer at a tech vendor with 10,001+ employees4.5I have used Trivy for three years to scan packages and Docker images for vulnerabilities, integrating it with Jenkins to fail builds with issues. Trivy's ease of use and reliable, up-to-date database set it apart from previous solutions.
DevOps Developer at a comms service provider with 11-50 employees4.0I use Trivy to scan for vulnerabilities in code before deployment, ensuring no issues with dependencies or secrets. Its ability to handle various formats is valuable. However, improved marketing and potential AI integration could enhance its functionality.
Site Reliability Engineer at a tech vendor with 10,001+ employees4.0We use Trivy for vulnerability scans and identifying open secrets in Kubernetes clusters. It is easy to set up with minimal configuration and generates user-friendly reports. Improvement is needed in differentiating OS and application vulnerabilities and enhancing report customization.
Senior Security Consultant at Ernst & Young5.0I primarily use Trivy for container and Kubernetes security, integrating it with Azure DevOps for vulnerability scans. Its feature set is impressive, though it generates false positives and struggles with database updates. Transitioning from Clair and Anchore proved beneficial.
Principal DevSecOPs at a computer software company with 10,001+ employees4.0I primarily use Trivy to scan Docker images and application code for vulnerabilities. Its open-source nature, ease of integration, and vulnerability checks are invaluable. However, it could benefit from dynamic scanning during runtime, a user interface, and better SIEM integration.
DevOps Engineer at Interdiciplinary center4.0I utilize Trivy to scan Docker images for vulnerabilities before production. Its open-source nature and integration capability with GitLab CI make it valuable. However, building a UI is challenging, especially due to its lack of intuitive or pre-packaged solutions.
Cloud DevOps Lead at Venturenox4.5I use Trivy for vulnerability scanning in Docker images as part of our CI/CD pipelines due to its open-source nature, simplicity, and speed. Although effective, it needs enhanced report analysis features and YAML configuration scanning capabilities for better utility.
Senior Engineering Manager at Ninjacart4.5I use Trivy in my DevSecOps process to scan container applications and images in Kubernetes, identifying vulnerabilities and expired libraries. While integrated with Grafana for metrics, I also use ClamAV for malware detection, wishing for a single-tool solution.