Try our new research platform with insights from 80,000+ expert users
Trivy Logo

Trivy Reviews

Vendor: Aqua Security
4.3 out of 5
Leave a review

What is Trivy?

Trivy is a versatile tool for scanning container images and identifying vulnerabilities, favored for its integration with CI/CD pipelines and ease of use. It supports scanning both operating system packages and application dependencies.

Get the Trivy Buyer's Guide and find out what your peers are saying about Trivy, Wiz, Microsoft Defender for Cloud and more!
Trivy is the #5 ranked solution in Container Security Solutions. PeerSpot users give Trivy an average rating of 8.6 out of 10. Trivy is most commonly compared to Wiz: Trivy vs Wiz. Trivy is popular among the large enterprise segment, accounting for 64% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 14% of all views.
Buyer's Guide
Trivy
August 2025
Get the report
Helped 866,088 peers since 2012

Featured Trivy reviews

Read more reviews

Trivy mindshare

As of August 2025, the mindshare of Trivy in the Container Security category stands at 5.7%, up from 1.9% compared to the previous year, according to calculations based on PeerSpot user engagement data.
Container Security Market Share Distribution
ProductMarket Share (%)
Trivy5.7%
Wiz17.4%
Prisma Cloud by Palo Alto Networks11.5%
Other65.4%
Container Security

PeerResearch reports based on Trivy reviews

TypeTitleDate
CategoryContainer SecurityAug 28, 2025Download
ProductReviews, tips, and advice from real usersAug 28, 2025Download
ComparisonTrivy vs Prisma Cloud by Palo Alto NetworksAug 28, 2025Download
ComparisonTrivy vs WizAug 28, 2025Download
ComparisonTrivy vs SentinelOne Singularity Cloud SecurityAug 28, 2025Download
Suggested products
TitleRatingMindshareRecommending
Wiz4.517.4%95%22 interviewsAdd to research
Microsoft Defender for Cloud4.06.7%94%78 interviewsAdd to research
 
 
Key learnings from peers

Valuable Features

Trivy excels in integrating with CI/CD pipelines, offering seamless setup and comprehensive scanning of code, images, and repositories. Its open-source nature and customizable options stand out. Users appreciate its capability to detect vulnerabilities, expired libraries, and secrets efficiently across multiple platforms. Trivy's straightforward installation, detailed reports, and wide functionality—covering Kubernetes, Docker, Terraform, and CloudFormation—enhance security analysis and compliance. Its lightweight design and up-to-date vulnerability database ensure effective security management.
  • "What I find valuable is the ease of setup with Trivy, including pre-defined operators that require minimal configuration."
  • "Trivy is most valuable for its ability to scan all repository files and dependencies."
  • "Trivy's ability to scan files, images, GitHub repositories, Infrastructure as Code like Terraform, and Kubernetes is valuable."

Room for Improvement

Trivy lacks robust reporting and a user-friendly interface. Reporting needs PDF and CSV outputs, along with dynamic scanning and improved malware detection capabilities. Container scanning is slow with large workloads, and false positives are frequent. Integration with CI/CD and support for AI-driven insights are needed. Users want better customization, security recommendations, and expanded vulnerability databases. There is a desire for seamless UI integration and awareness about Trivy’s capabilities.
  • "The main area for improvement is in differentiating between OS and application-based vulnerabilities."
  • "Trivy is not scalable; however, I have scanned very large projects with it. It is stable but not scalable according to my experience."
  • "One drawback I have observed with Trivy is the difficulty in building or integrating a UI, particularly for an operator in the NetSuite example."

Pricing

Enterprise users find Trivy cost-effective due to its free and open-source nature, making it a popular choice without licensing costs. Integration with platforms like GitLab may require payment. Organizations appreciate its cost-saving potential, mentioning customization options for scanning and cluster management. Companies primarily rely on the open-source version, minimizing expenses and meeting essential functionality without additional fees. Pricing and setup specifics may vary and depend on organizational requirements.

Popular Use Cases

Trivy is used for security and malware analysis of code bases, primarily scanning for vulnerabilities in Docker images, container systems, and application code. It integrates into CI/CD pipelines like Azure DevOps, scans Kubernetes namespaces and Terraform for misconfigurations, and identifies secrets in Kubernetes clusters. Trivy assists in DevSecOps processes, ensuring no critical vulnerabilities are present before deployment, with results visualized on platforms like Grafana.

Service and Support

Customers who engage with Trivy's customer service and support often lean on comprehensive documentation and community resources such as GitHub and Discord. Some users prefer internal expertise or web searches for assistance. When contacted, responses are informative despite possible time zone delays. The enterprise version is recommended for personalized support. While direct contact with support isn't frequent, guidance on technical queries is effective, with open-source community forums being a significant resource.

Deployment

Trivy's initial setup is described as straightforward by many. Most found it quick and easy to install, often taking less than ten minutes. Clear documentation and various installation options, such as Helm charts and Docker images, facilitated the process. While Linux users faced few challenges, some Windows setups were more time-consuming. Familiarity with related technologies like Kubernetes further eased the setup experience for users.

Scalability

Trivy demonstrates significant scalability, especially in CI/CD pipelines and Kubernetes environments. Some users note its efficiency in scanning multiple microservices and large amounts of data, while others highlight challenges when scanning numerous resources simultaneously. Many find it excels with command-line usage and requires no scaling of Trivy itself but rather the infrastructure around it. Users appreciate the ability to integrate Trivy in web app projects, though reporting mechanisms could enhance its scalability further.

Stability

Trivy is described as stable, with users highlighting its consistency in performance. They report few to no major stability issues, even within CICD pipelines. Initial database loading may take time, but subsequent operations are smooth. No lagging or crashing has been noted. Users suggest using the second latest version for optimum stability, as it offers consistent performance over the latest version, which may have frequent updates. Trivy receives high ratings for its reliability.
These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.
Download our Trivy Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
Company SizeCount
Small Business3
Midsize Enterprise1
Large Enterprise8
By reviewers
By visitors reading reviews
Company SizeCount
Small Business194
Midsize Enterprise115
Large Enterprise543
By visitors reading reviews

Top industries

By visitors reading reviews
Computer Software Company
14%
Financial Services Firm
14%
Manufacturing Company
12%
Government
8%
Comms Service Provider
7%
University
4%
Retailer
4%
Insurance Company
3%
Healthcare Company
3%
Media Company
3%
Educational Organization
3%
Energy/Utilities Company
2%
Aerospace/Defense Firm
2%
Legal Firm
2%
Performing Arts
2%
Construction Company
2%
Outsourcing Company
2%
Real Estate/Law Firm
2%
Consumer Goods Company
2%
Transportation Company
2%
Non Profit
2%
Hospitality Company
1%
Logistics Company
1%
Pharma/Biotech Company
1%
Wholesaler/Distributor
1%
Recreational Facilities/Services Company
1%

Compare Trivy with alternative products

Go!

Learn more about Trivy

Trivy is an efficient tool designed to automate security checks and ensure compliance. Its quick setup, detailed analysis capabilities, and support for multiple programming languages and environments make it a reliable choice for users. Trivy provides comprehensive scanning and integration with CI/CD pipelines, resulting in accurate vulnerability detection and a smoother workflow for developers.

What are the most important features?
  • Efficient vulnerability detection: Quickly identifies vulnerabilities in container images.
  • Comprehensive scanning: Supports scanning of both OS packages and application dependencies.
  • CI/CD pipeline integration: Seamlessly integrates with CI/CD tools for automated security checks.
  • Broad language support: Handles multiple programming languages and environments.
  • Ease of use: Simple setup and user-friendly interface.
What benefits or ROI should users look for?
  • Improved security: Regular and thorough vulnerability scanning enhances security posture.
  • Compliance maintenance: Helps in maintaining compliance with security policies and regulations.
  • Cost efficiency: Automation reduces the time and cost associated with manual security checks.
  • Integration flexibility: Efficiently integrates with existing CI/CD pipelines to streamline workflows.
  • Detailed reporting: Provides comprehensive reports for better decision-making.

Trivy is widely used in industries with a focus on maintaining high security standards such as finance, healthcare, and technology sectors. Its ability to detect vulnerabilities quickly and integrate with CI/CD pipelines makes it an essential tool for ensuring secure and compliant software development practices in these industries. Continuous improvements in speed, documentation, and integration could further enhance its value.

Related questions

  • 12
When evaluating Container Security, what aspect do you think is the most important to look for?
  • 34
What tools do you rely on for building a DevSecOps pipeline?
  • 13
Container vs VM: What are the main differences?
  • 20
What do you look for in a container security solution?
  • 16
What container security solution are you using?
  • 62
Which Container Image Security tool is the best in the current market?
  • 125
Why is Container Security software important for companies?
  • 214
Why is Container Security important for companies?
  • 6
What are some tips for ensuring that containers are secure?
  • 5
What container security solution are you using? Do you recommend it?

Product Categories

Product Categories
Container Security

Popular Comparisons

Popular Comparisons
Wiz vs Trivy Logo
Wiz vs Trivy
Microsoft Defender for Cloud vs Trivy Logo
Microsoft Defender for Cloud vs Trivy
Prisma Cloud by Palo Alto Networks vs Trivy Logo
Prisma Cloud by Palo Alto Networks vs Trivy
Snyk vs Trivy Logo
Snyk vs Trivy
SentinelOne Singularity Cloud Security vs Trivy Logo
SentinelOne Singularity Cloud Security vs Trivy
Veracode vs Trivy Logo
Veracode vs Trivy
Qualys VMDR vs Trivy Logo
Qualys VMDR vs Trivy
CrowdStrike Falcon Cloud Security vs Trivy Logo
CrowdStrike Falcon Cloud Security vs Trivy
Orca Security vs Trivy Logo
Orca Security vs Trivy
JFrog Xray vs Trivy Logo
JFrog Xray vs Trivy
Aqua Cloud Security Platform vs Trivy Logo
Aqua Cloud Security Platform vs Trivy
Lacework FortiCNAPP vs Trivy Logo
Lacework FortiCNAPP vs Trivy
SUSE NeuVector vs Trivy Logo
SUSE NeuVector vs Trivy
Sysdig Secure vs Trivy Logo
Sysdig Secure vs Trivy
Red Hat Advanced Cluster Security for Kubernetes vs Trivy Logo
Red Hat Advanced Cluster Security for Kubernetes vs Trivy
See all alternatives
 
Trivy Reviews Summary
Author infoRatingReview Summary
Senior Security Consultant at Ernst & Young5.0I primarily use Trivy for container and Kubernetes security, integrating it with Azure DevOps for vulnerability scans. Its feature set is impressive, though it generates false positives and struggles with database updates. Transitioning from Clair and Anchore proved beneficial.
Principal DevSecOPs at a computer software company with 10,001+ employees4.0I primarily use Trivy to scan Docker images and application code for vulnerabilities. Its open-source nature, ease of integration, and vulnerability checks are invaluable. However, it could benefit from dynamic scanning during runtime, a user interface, and better SIEM integration.
DevOps Engineer at Interdiciplinary center4.0I utilize Trivy to scan Docker images for vulnerabilities before production. Its open-source nature and integration capability with GitLab CI make it valuable. However, building a UI is challenging, especially due to its lack of intuitive or pre-packaged solutions.
Cloud DevOps Lead at Venturenox4.5I use Trivy for vulnerability scanning in Docker images as part of our CI/CD pipelines due to its open-source nature, simplicity, and speed. Although effective, it needs enhanced report analysis features and YAML configuration scanning capabilities for better utility.
Senior Engineering Manager at Ninjacart4.5I use Trivy in my DevSecOps process to scan container applications and images in Kubernetes, identifying vulnerabilities and expired libraries. While integrated with Grafana for metrics, I also use ClamAV for malware detection, wishing for a single-tool solution.
Software Engineer at a tech vendor with 10,001+ employees4.5I have used Trivy for three years to scan packages and Docker images for vulnerabilities, integrating it with Jenkins to fail builds with issues. Trivy's ease of use and reliable, up-to-date database set it apart from previous solutions.
Software Engineer at a manufacturing company with 10,001+ employees4.0We use Trivy for security and malware testing in our code bases. Its integration with the CI/CD pipeline is seamless and scalable. However, the report interpretation could be improved. Trivy complements our other static analysis tools like Coverity and Bandit.
Project Associate Engineer at a tech vendor with 501-1,000 employees4.5I use Trivy for scanning Docker images and containers within CI/CD pipelines. Its standout features include repository scanning, automatic solutions for vulnerabilities, and easy Linux integration. The tool could improve its UI and expand its policies and signatures.