DevOps Developer at a comms service provider with 11-50 employees
Real User
Top 20
2025-04-28T13:05:24Z
Apr 28, 2025
Trivy's marketing and awareness need improvement. Not everyone knows about it, which isn't ideal given its capabilities. There's potential to integrate AI and machine learning for enhanced functionality.
I would appreciate a hyperlink to the CVE and information on how to resolve it in the Jenkins ( /products/jenkins-reviews ) output. If that feature is not currently available, adding it would be helpful.
One drawback I have observed with Trivy is the difficulty in building or integrating a UI, particularly for an operator in the NetSuite example. It is not intuitive or pre-packaged, making it challenging for users like me who need to develop their own UI. Additionally, having little experience can hinder the ability to connect it to a user-friendly UI effectively.
Trivy generates many false positives, flagging non-existent vulnerabilities. Improvements could include better contextual analysis or granular filtering. Scanning larger workloads takes longer due to slow database updates during initial scans. Enhancements in RBAC or network policy scanning capabilities would be beneficial.
The only problem is that Trivy does not support reporting features such as generating reports in CSV, which is useful for auditing and reporting. Additionally, Trivy should work as a Software Composition Analysis tool. If Trivy could do this, it would be great.
In our CI/CD pipelines, Trivy lacks built-in functionality for report analysis. It would be beneficial to have an automated report mechanism for outputs in formats like CSV or JSON. Additionally, especially as the world is moving towards AI, it would be helpful to give recommendations based on scanning reports. It can also give recommendations in enhancing cluster security if somehow AI is induced in it.
For malware detection, I need to use two tools: Trivy as my anomaly scanner and ClamAV. I am integrating these two tools into the CI pipeline. If both malware and anomaly detection could be managed by one tool, I would not need to depend on two tools. That would be my suggestion.
The reporting could be a little better. When integrating Trivy with CI, the interpretation of the reports could be improved. The only aspect that seems to require more effort is understanding the reporting, which might need some attention.
Trivy is a versatile tool for scanning container images and identifying vulnerabilities, favored for its integration with CI/CD pipelines and ease of use. It supports scanning both operating system packages and application dependencies.
Trivy is an efficient tool designed to automate security checks and ensure compliance. Its quick setup, detailed analysis capabilities, and support for multiple programming languages and environments make it a reliable choice for users. Trivy provides...
Trivy's marketing and awareness need improvement. Not everyone knows about it, which isn't ideal given its capabilities. There's potential to integrate AI and machine learning for enhanced functionality.
I would appreciate a hyperlink to the CVE and information on how to resolve it in the Jenkins ( /products/jenkins-reviews ) output. If that feature is not currently available, adding it would be helpful.
One drawback I have observed with Trivy is the difficulty in building or integrating a UI, particularly for an operator in the NetSuite example. It is not intuitive or pre-packaged, making it challenging for users like me who need to develop their own UI. Additionally, having little experience can hinder the ability to connect it to a user-friendly UI effectively.
Trivy generates many false positives, flagging non-existent vulnerabilities. Improvements could include better contextual analysis or granular filtering. Scanning larger workloads takes longer due to slow database updates during initial scans. Enhancements in RBAC or network policy scanning capabilities would be beneficial.
The only problem is that Trivy does not support reporting features such as generating reports in CSV, which is useful for auditing and reporting. Additionally, Trivy should work as a Software Composition Analysis tool. If Trivy could do this, it would be great.
In our CI/CD pipelines, Trivy lacks built-in functionality for report analysis. It would be beneficial to have an automated report mechanism for outputs in formats like CSV or JSON. Additionally, especially as the world is moving towards AI, it would be helpful to give recommendations based on scanning reports. It can also give recommendations in enhancing cluster security if somehow AI is induced in it.
For malware detection, I need to use two tools: Trivy as my anomaly scanner and ClamAV. I am integrating these two tools into the CI pipeline. If both malware and anomaly detection could be managed by one tool, I would not need to depend on two tools. That would be my suggestion.
The reporting could be a little better. When integrating Trivy with CI, the interpretation of the reports could be improved. The only aspect that seems to require more effort is understanding the reporting, which might need some attention.