Trivy

コンテナ・IaC・依存ライブラリを対象とする包括的な脆弱性スキャナー。

基本情報

項目 内容
種別 OSS
ライセンス Apache-2.0
費用 Free
公式サイト https://trivy.dev
最新バージョン v0.72.0
最終更新日 2026-06-30

機能

機能 対応
コンテナスキャン
言語/ライブラリスキャン
SBOM生成
ポリシー評価
IaCスキャン
シークレット検出
ライセンススキャン
ビルドツールプラグイン
APIサーバー
SSH無エージェントスキャン
ダッシュボード
集中管理

機能一覧の情報源: 公式ドキュメント

リリース履歴

情報源: https://github.com/aquasecurity/trivy/releases

v0.72.0 — 2026-06-30 other

v0.72.0

⚡ Highlights ⚡

👉 https://github.com/aquasecurity/trivy/discussions/10907

Changelog

https://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md#0720-2026-06-30


v0.71.2 — 2026-06-19 feature

v0.71.2

Changelog


v0.71.1 — 2026-06-15 bugfix

v0.71.1

Changelog


v0.71.0 — 2026-06-01 other

v0.71.0

⚡ Highlights ⚡

👉 https://github.com/aquasecurity/trivy/discussions/10767

Changelog

https://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md#0710-2026-06-01


v0.70.0 — 2026-04-17 other

v0.70.0

⚡ Highlights ⚡

👉 https://github.com/aquasecurity/trivy/discussions/10546

Changelog

https://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md#0700-2026-04-16


v0.69.3 — 2026-03-03 feature

v0.69.3

Changelog


v0.69.2 — 2026-03-01 feature

v0.69.2

Changelog


v0.26.0 — 2022-04-15 security

v0.26.0

Changelog


v0.25.4 — 2022-04-11 other

v0.25.4

Changelog


v0.25.3 — 2022-04-06 other

v0.25.3

Changelog


v0.25.2 — 2022-04-05 other

v0.25.2

Changelog


v0.25.1 — 2022-04-04 other

v0.25.1

Changelog


v0.25.0 — 2022-03-31 bugfix

v0.25.0

Changelog


v0.24.4 — 2022-03-17 other

v0.24.4

Changelog


v0.24.3 — 2022-03-16 security

v0.24.3

Changelog


v0.24.2 — 2022-03-03 other

v0.24.2

Changelog

eebf9c8f fix(pom): keep an order of dependencies (#1784) 971092b8 chore: bump up Go to 1.17 (#1781) 2f2d8222 chore(deps): bump actions/setup-python from 2 to 3 (#1776) a2afd6e6 chore(deps): bump golangci/golangci-lint-action from 2 to 3.1.0 (#1777)

Docker images


v0.24.1 — 2022-02-27 other

v0.24.1

Changelog

a423b993 fix(python): correct handling pip package names with a hyphen (#1771) a069ad78 doc(docker): fix command to run trivy with docker on linux (#1761) 015055e1 feat(helm): Add support for custom labels (#1767) cbaa3639 chore(helm): bump chart to trivy 0.24.0 (#1762) bec02f09 docs: remove erroneous command (#1763)

Docker images


v0.24.0 — 2022-02-23 other

v0.24.0

Changelog

d7f8b92a chore(deps): bump github.com/spf13/afero from 1.6.0 to 1.8.1 (#1708) 59ea0d57 fix(option): warn list-all-pkgs only with the table format (#1755) c788676f feat(option): warn "--list-all-pkgs" with "--format table" (#1632) 58ade462 feat(report): add support for CycloneDX (#1081) 77cab6e0 chore(deps): update the defsec and tfsec versions (#1747) 2ede15d3 fix(scanner): fix skip of language-specific files when scanning rootf… (#1751) d266c749 chore(deps): bump github.com/google/wire from 0.4.0 to 0.5.0 (#1712) 4423396b feat(report): considering App.Writer when printing results (#1722) 356ae30c chore(deps): replace satori version and skipping examples folder (#1745) 477dc7d5 build: add s390x container images (#1726) 89b8d7ff feat(template) Add misconfigurations to junit report (#1724) 219b71b4 chore(deps): bump github.com/twitchtv/twirp (#1709) aa6e1eb6 feat(client): configure TLS InsecureSkipVerify for server connection (#1287) de6c3cbb fix(rpc): Supports RPC calls for new identifier CustomResource (#1605) b7d4d1ea chore(deps): bump go.uber.org/zap from 1.20.0 to 1.21.0 (#1705) e6c029d0 chore(deps): bump github.com/caarlos0/env/v6 from 6.0.0 to 6.9.1 (#1707) ec6cb1a6 feat(helm): Parameterise ServiceAccount annotations (#1677) 7dfc16cf chore(deps): bump github.com/hashicorp/go-getter from 1.5.2 to 1.5.11 (#1710) 42d8fd66 chore(deps): bump github.com/cheggaaa/pb/v3 from 3.0.3 to 3.0.8 (#1704) c3ef2035 chore(deps): bump github.com/open-policy-agent/opa from 0.36.1 to 0.37.2 (#1711) 274103e8 chore(dependabot): enable gomod monthly (#1699) e618d83d fix(gitlab tpl): escape double quote (#1635) 3b0b2ed4 build: Make make protoc be consistent (#1682) 5c8d0983 feat(purl): add generate purl package utilities (#1574) 11f4f811 refactor: move result structs under types (#1696) 6db2092c feat(mariner): add support for CBL-Mariner 2.0 (#1694) 8898bb09 docs(gitlab-ci): fix Script in GitLab CI Example #1688 33d08337 chore: Upgrade helm chart version (#1683) 13874d86 chore(mod): update Go dependencies (#1681) f26a06b9 docs: fix typos in markdown docs (#1674) e2821a4f docs: update documentation for image scanning of tar files to use a tag present on Docker Hub (#1671) ef8a1afc fix(repo): --no-progress suppresses git output (#1669)

Docker images


v0.23.0 — 2022-01-31 bugfix

v0.23.0

Changelog

449add24 docs: add ACR navigator (#1651) cb9afc84 fix: update example Rego files and docs (#1628) 78b2b899 feat(option): show a link to GitHub Discussions for --light deprecation (#1650) 52fd3c2e fix(sarif): fix the warning message (#1647) 8d5882be refactor: migrate to prefixed buckets (#1644) 84dd33f7 feat(mariner): add support for CBL-Mariner (#1640) 9e903a1d docs: commercial use available (#1641) f4c746a2 feat: support azure acr (#1611) 420f8ab1 feat(os-pkg): add data sources (#1636) d2827cba feat(redhat): support build info in RHEL (#807) ce703ce4 fix: change links in pull_request_template to static URLs (#1634) 50bb938a feat(lang-pkg): add data sources (#1625) a31ddbe9 feat(detector): support custom detector (#1615) 3a4e18ac docs(contribution): change role who should resolve comments (#1618) 8ba68361 docs: add PR template (#1602) f5c55739 feat(rocky): support Rocky Linux (#1570) eab2b425 Add the ability to set dockerhub credentials in the helm chart (#1569) cabd18da feat(cache): redis TLS support (#1297) 02c3c365 feat(java): add support for PAR files (#1599) 4f7b7683 refactor(rust): move rust-advisory-db to OSV (#1591) d754cb8c feat: log ignored vulnerabilities on debug (#1378) a936e675 chore(mod): hcl2json deps update (#1585) af116d3c fix(rpm): do not ignore installed files via third-party rpm (#1594) b5073600 feat(fs): allow scanning a single file (#1578) 7fcbf44b refactor(python): drop Safety DB (#1580) 478d2799 feat: added insecure tls skip to scan git repo (#1528) 33bd41b4 Supress git clone output (#1590) 39a10089 fix(alma): skip modular package because MODULARITYLABEL is not set (#1588) 37abd612 feat(photon os): added EOL dates check (#1587) 78de33e8 docs: update supported os (#1586) 22054626 BREAKING: remove root command (#1579) 28ddcf1a docs: add Rust to Language-specific Packages Table (#1577) df134c73 docs: update int doc for gitlab ci (#1575) 8da20c8c BREAKING: migrate the sarif template to Go code (#1437) 714b5ca2 refactor: remove unused field (#1567) 51e152b0 chore(deps): bump helm/chart-testing-action from 2.1.0 to 2.2.0 (#1554) 884daff4 docs: gitlab integration (#1381) 2a8336b9 feat(alma): support AlmaLinux (#1238) 1e171af1 docs: added note about default template path when Trivy installed using rpm (#1551) e65274e0 BREAKING: Trivy DB from GHCR (#1539) db35450b feat(cli): Do not set default commands when a plugin is being run (#1549) 24254d19 fix: add fingerprint field to codequality template (#1541) 2ee07456 fix(image): correct handling of uncompressed layers (#1544) 0aef82c5 chore: helm chart app version 0.22.0 (#1535) 8b2a7997 test(integration): use fixtures (#1532)

Docker images


v0.22.0 — 2021-12-24 security

v0.22.0

Changelog

42f795fa fix(java/pom): ignore unsupported requirements (#1514) 8f737cc6 feat(cli): warning for root command (#1516) 76249bdc BREAKING: disable JAR detection in fs/repo scanning (#1512) 59957d4c feat(scan): support --offline-scan option (#1511) da8b72d2 fix: improve memory usage (#1509) b713ad0f feat(java): support pom.xml (#1501) 56115e9d docs: fixing rust link to security advisory (#1504) 7f859afa Add missing IacMetdata (#1505) 628a7964 feat(jar): add file path (#1498) 82fba771 feat(rpm): support NDB (#1497) d5269da5 feat: added misconfiguration field for html.tpl (#1444)

Docker images


v0.21.3 — 2021-12-20 security

v0.21.3

Changelog

8e57dee8 fix(docs): typo (#1488) 8bfbc84a feat(plugin): Add option to update plugin (#1462) 1e811de2 fix: fixed skipFiles/skipDirs flags for relative path (#1482) 8b5796f7 feat (plugin): add list and info command for plugin (#1452) a2199bb4 fix: set up a vulnerability severity (#1458) 279e76f7 chore: add arm64 deb package (#1480) 52625908 Link to trivy tutorial on Semaphore (#1449) c275a841 refactor(helm): externalize env vars to configMap (#1345)

Docker images


v0.21.2 — 2021-12-07 feature

v0.21.2

Changelog

7beed301 docs: provide more information on scanning Google's GCR (#1426) f50e1f42 docs(misconfiguration): added instruction for misconfiguration detection (#1428) 3ae4de58 Update git-repository.md (#1430) 6e35b8f5 fix(hooks): exclude unrelated lib types from system files filtering (#1431) beb60b05 chore: run go fmt (#1429) 582e7fd1 fix(sarif): change help field in the sarif template. (#1423) 11bc2901 Update fanal with cfsec version update (#1425) 392f6892 Replace deprecated option in goreleaser (#1406) 101d5760 feat(alpine): support 3.15 (#1422) bd3ba68c chore: test the helm chart in the PR and used the commit hash (#1414) 3860d6e4 chore(deps): bump alpine from 3.14 to 3.15.0 (#1417) 4f82673a chore(release): add ubuntu older versions to deploy script (#1416)

Docker images


v0.21.1 — 2021-11-26 other

v0.21.1

Changelog

b9a51de8 chore(mod): tidy (#1415) 7f248341 fix(rpc): fix nil layer transmit (#1410) af3eaefd Lang advisory order (#1409) 07c9200e chore: add support for s390x arch (#1304) 8bc8a4ad fix(chart): ingress helm manifest-update trivy image (#1323) 9076a49b docs: Add comparison for cfsec (#1388) bb316d93 remove: delete unused functions in utils package (#1379)

Docker images


v0.21.0 — 2021-11-15 other

v0.21.0

Changelog

efdb29d fix(sarif): fix validation errors (#1376) 9bcf9e7 docs: add Bitbucket Pipelines (#1374) 3147097 docs: add community integrations (#1361) 33f74b3 Use a stable SARIF identifier (#1230) 5915ffb fix(python): fix parsing of requirements.txt with hash checking mode available in pip since version 8.0 ae4c42b feat(iac): Add line information (#1366) 19747d0 feat(cloudformation): Adding support for cfsec IaC scanning (#1360) da45061 chore: send debug and info logs to stdout in install.sh, not stderr. (#1264) cb1a4ed Update containerd to v1.5.7 and docker-cli to v20.10.9 (#1356) 69dae54 chore: update SBOM generation (#1349)

Docker images


v0.20.2 — 2021-10-25 feature

v0.20.2

Changelog

5dc8cfe docs: update builtin.md (#1335) 798b564 chore: fix issues with Homebrew formula (#1329) 21bf5e5 chore: bump GoReleaser to v0.183.0 (#1328) e0f4ebd docs: update iac.md for a typo (#1326) 23a9a5e docs: typo fix (#1308) 1f5d17f Add new networking API features to Ingress (#1262)

Docker images


v0.20.1 — 2021-10-16 feature

v0.20.1

Changelog

bcfa028 chore(release): bump up GoReleaser to v0.182.1 (#1299) 681ab1b fix(yarn): support quoted version (#1298) 46051d5 feat(custom-forward): Forward the extended advisory data (#1247) d8d692b feat(javascript) : Initialize npm driver for javascript packages (#1289) cc344df fix(cli): fix incorrect comparision of DB metadata type. (#1286) 0dec17f docs: add footer to readme (#1281)

Docker images


v0.20.0 — 2021-10-06 security

v0.20.0

Changelog

f12446d feat(report): add package path (#1274) 1c9ccb5 feat(command): add rootfs command (#1271) a463e79 fix: update fanal (#1272) e0ca5ef feat(commands): remove deprecated options (#1270) 1ebb329 Aggregate jar result for table (#1269) b37f682 BREAKING(report): migrate to new json schema (#1265) da90510 feat: improve --skip-dirs and --skip-files (#1249) bd57b4f fix(gobinary): skip large files (#1259) 9027dc3 Disable library analyzer for OS only scan type (#1191) 5750cc2 chore: update trivy version (#1252) bbcce9f refactor: move from io/ioutil to io and os package (#1245) 6bcb4af fix: brew test command (#1253) 8d13234 fix:added layer info in packages (#1248) 982f35b fix(go/binary): improve debug messages (#1244) 2e170cd Update db.go (#1199) cc6c67d fix(deps): fix CVE-2021-32760 for github.com/containerd/containerd (#1243) 669fd1f feat(debian): support the versions that reached EOL (#1237) 8cd7de2 feat(alpine): support unfixed vulnerabilities (#1235) 3bf3a46 feat(report): add image config (#1231) 8edcc62 feat(nodejs): support package.json (#1225) 31c45ff refactor: use testing DB instead of mock (#1234) d8cc8b5 feat(ruby): support gemspec (#1224) dbc7a83 feat(python): add packaging detector and respective hook (#1223) 19c0b70 feat(license): Added support to new License field of go-dep-parser's library (#1167) 9d61777 fix(oracle): handle advisories contain ksplice versions (#1209) 5d57dea fix(docs): remove OSVDB advisories (#1215) b595559 docs: fix typos in CONTRIBUTING.md (#1181) b1410b2 Update EOL of Debian 11 (#1180) 0e777d3 fix(plugin): resolve a closure (#1207) b6d9c30 docs: fix typo (#1206) 5160a2e fix(detector): change an argument for trivy-db getter (#1203) 40ed227 chore(mod): update fanal (#1179) 2a4400c Add license info to package data (#1176) 82eb630 feat(nuget): support packages.config (#1095) 4a8db20 feat(python): add support for requirements.txt (#1169) 8db9b6a GitLab CI integration documentation (#1168) c159501 chore(gorelease) change goreleaser config to include template examples (#1138) 76e63d1 chore(deps): bump dmnemec/copy_file_to_another_repo_action (#1153) 79b6684 chore(deps): bump actions/stale from 3 to 4 (#1152) 214fe82 feat(report): add end of service life flag to OS metadata (#1142) c489e31 chore: set up Dependabot for github-actions and docker (#1128) efd812c docs: fix typo (#1149) 3a920dc docs: add some external links (#1147) 7cb1598 chore (release): add ubuntu esm versions to deploy script (#1151) 6a88002 docs(troubleshooting) add urls which are required to download vuls db (#1137)

Docker images


v0.19.2 — 2021-07-20 bugfix

v0.19.2

Changelog

f3f3029 Updated the Alpine Image to 3.14 (latest) (#1130) 0e52fde Added EOL for Ubuntu 21.10 (#1131) 9b3fba0 fix(image): disabled scanning of config files within container images (#1133) 1101634 docs: fixed typo (#1124) 499b7a6 update cyclonedx github action to v0.3.0 (#1127)

Docker images


v0.19.1 — 2021-07-12 other

v0.19.1

Changelog

cea9b0b fix(policy): fix panic on the first run (#1116)

Docker images


v0.19.0 — 2021-07-12 security

v0.19.0

Changelog

dea3428 docs(misconf): add comparison with Conftest and tfsec (#1111) 47d600a feat(report): add schema version (#1110) eae4baf fix(scan): change unknown os from info to debug (#1109) 9e08bd4 docs: add misconfiguration (#1101) d9883e4 fix(config): rename include-successes with include-non-failures (#1107) e6f7e55 feat(config): support --trace (#1106) 4b84e79 fix(policy): reduce the Internet access (#1105) 05ae22a chore: bump golangci-lint to v1.41.1 (#1104) a0e5c3a feat: support config scanning (#931) 712f9eb feat(report): add artifact metadata (#1079) 803b2f9 Generate SBOM (#1076) 92f980f fix(db): multiple prefixed data sources (#1070) 52e98f1 Add EOL date for Alpine 3.14 (#1072) 6cd9a32 suse: mark sle 15.3 as maintained, add opensuse 15.3 (#1059) 03a7366 docs: improve data sources (#1069) a29d6d8 chore(label): add kind/security-advisory (#1068) 2a08969 fix(asff): replace slice with substr (#1058) 3a94b73 fix(helm-chart): parametrized ingress host path (#1049) 41d000c feat: support Google Artifact Repository (#1055) 78da283 Update ASFF template to use label for severity (#1047) e362843 BREAKING: migrate to a new JSON schema (#782) 097b8d4 docs: Fix link to AWS Security Hub template (#1046) 3b6122f refactor(server): support gzip (#1045) f75a369 chore(rpc): update protoc and twirp (#1044) e4c32cd Added support for list all packages flag in client (#1032) fb19abd chore: chart with 0.18.3 (#1033) d2afc20 feat: add gitlab codequality template (#895) 43ff5f9 feat(plugin): add aqua plugin (#1029) 5e6a50b fix(go): if patchedVersion is empty mark it as vulnerable (#1030) 23b9533 docs(ubuntu): fix supported versions (#1028) d1f8cfc Support Ubuntu 21.04 (#1027) aa2336b chore: remove codecov (#1016) e646172 fix typo on github-actions.md (#1022)

Docker images


v0.18.3 — 2021-05-24 other

v0.18.3

Changelog

85e45ca chore(ci): change to more granular tokens (#1014) 9fa512a chore(ci): add Go scanning and update dependencies (#1001) 349371b docs: Add HIGH severity to Trivy command in GitLab CI example to match comment (#1013)

Docker images


v0.18.2 — 2021-05-20 feature

v0.18.2

Changelog

4446961 fix(image): disable go.sum scanning (#1007) 04473ad fix(gomod): handle go.sum with an empty line (#1006) 1b66b77 feat: prepare for config scanning (#1005) 8fc6ea6 Clarify that dev dependencies are excluded (#986)

Docker images


v0.18.1 — 2021-05-13 bugfix

v0.18.1

Changelog

eaf2da2 Include target value in Sarif template ruleID (#991) 083c157 chore(mkdocs): allow workflow_dispatch (#989)

Docker images


v0.18.0 — 2021-05-12 feature

v0.18.0

Release Note

https://github.com/aquasecurity/trivy/discussions/990

Changelog

e26e39a fix(vuln) unique vulnerabilities from different data sources (#984) 04e7cca feat(go): added support of gomod analyzer (#978)

Docker images


2026-07-10 22:23 UTC 時点の情報