Try our new research platform with insights from 80,000+ expert users
Trivy Logo

Trivy pros and cons

Vendor: Aqua Security
4.3 out of 5
Start review

Pros & Cons summary

Trivy offers easy integration with CI/CD pipelines and desktop installation for image scanning. Its open-source nature adds value, while customizability allows for custom rules and HTML templates. It scans AWS, GCP, Kubernetes, and more, yet lacks runtime scanning and malware capability without ClamAV. Trivy's reporting and scalability need enhancement due to false positives and limited format outputs, although its reliable vulnerability database benefits Docker image checks before production.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the category report

Prominent pros & cons

PROS

Trivy offers easy integration with CI/CD pipelines, enhancing deployment workflows.
It is open-source, providing wide functionality without requiring payment.
Users find value in its ability to scan images, files, GitHub repositories, and Infrastructure as Code.
Trivy effectively scans for vulnerabilities in applications deployed within Kubernetes and as container applications.
Trivy is praised for keeping an up-to-date database, ensuring reliable vulnerability identification.

CONS

Reporting could be enhanced, particularly for better interpretation in CI integration.
Improving output by offering PDF and CSV formats would be beneficial.
Dynamic scanning capability during runtime is needed.
Combining malware and anomaly detection into a single tool would be advantageous to avoid using multiple tools.
Trivy tends to generate many false positives, flagging non-existent vulnerabilities.
 

Trivy Pros review quotes

SK
Apr 25, 2025
What I find valuable is the ease of setup with Trivy, including pre-defined operators that require minimal configuration.
Read full review
Utsav Sharma - PeerSpot reviewer
Feb 3, 2025
The vulnerability scanning feature is excellent as it supports various container capabilities like Docker and Sharma.
Read full review
Faizan Anwar - PeerSpot reviewer
Jan 30, 2025
It is open-source.
Read full review
Buyer's Guide
Container Security
April 2025
Download Free Report
Find out what your peers are saying about Aqua Security, JFrog, Snyk and others in Container Security. Updated: April 2025.
DOWNLOAD NOW
850,671 professionals have used our research since 2012.
GK
Dec 24, 2024
Trivy's open source nature and wide functionality are incredibly valuable.
Read full review
SC
Apr 28, 2025
Trivy is most valuable for its ability to scan all repository files and dependencies.
Read full review
Jyothikumar C - PeerSpot reviewer
Jan 29, 2025
I can see vulnerabilities in the images of any applications deployed in the Kubernetes environment or as container applications.
Read full review
reviewer2599524 - PeerSpot reviewer
Dec 4, 2024
The most valuable feature of Trivy is its easy integration with the CI/CD pipeline.
Read full review
ST
Apr 25, 2025
Trivy is very reliable and always has an up-to-date database to scan images and identify vulnerabilities.
Read full review
reviewer2620167 - PeerSpot reviewer
Dec 20, 2024
It's customizable, allowing me to add any rules and format HTML templates as I wish.
Read full review
DK
Feb 3, 2025
I appreciate Trivy for being open-source and not requiring any payment.
Read full review
Show 2 more reviews (out of 12)
 

Trivy Cons review quotes

SK
Apr 25, 2025
The main area for improvement is in differentiating between OS and application-based vulnerabilities.
Read full review
Utsav Sharma - PeerSpot reviewer
Feb 3, 2025
Trivy generates many false positives, flagging non-existent vulnerabilities.
Read full review
Faizan Anwar - PeerSpot reviewer
Jan 30, 2025
In our CI/CD pipelines, Trivy lacks built-in functionality for report analysis.
Read full review
Buyer's Guide
Container Security
April 2025
Download Free Report
Find out what your peers are saying about Aqua Security, JFrog, Snyk and others in Container Security. Updated: April 2025.
DOWNLOAD NOW
850,671 professionals have used our research since 2012.
GK
Dec 24, 2024
A dynamic scanning capability during runtime would be a significant advantage.
Read full review
SC
Apr 28, 2025
Trivy is not scalable; however, I have scanned very large projects with it. It is stable but not scalable according to my experience.
Read full review
Jyothikumar C - PeerSpot reviewer
Jan 29, 2025
For malware detection, I need to use two tools: Trivy as my anomaly scanner and ClamAV. I am integrating these two tools into the CI pipeline. If both malware and anomaly detection could be managed by one tool, I would not need to depend on two tools.
Read full review
reviewer2599524 - PeerSpot reviewer
Dec 4, 2024
The reporting could be a little better.
Read full review
reviewer2620167 - PeerSpot reviewer
Dec 20, 2024
Trivy can improve by providing an output in PDF format.
Read full review
DK
Feb 3, 2025
Having little experience can hinder the ability to connect it to a user-friendly UI effectively.
Read full review
DA
Jan 31, 2025
The only problem is that Trivy does not support reporting features such as generating reports in CSV, which is useful for auditing and reporting.
Read full review

Product Categories

Product Categories
Container Security

Popular Comparisons

Popular Comparisons
Wiz vs Trivy Logo
Wiz vs Trivy
Microsoft Defender for Cloud vs Trivy Logo
Microsoft Defender for Cloud vs Trivy
Prisma Cloud by Palo Alto Networks vs Trivy Logo
Prisma Cloud by Palo Alto Networks vs Trivy
Snyk vs Trivy Logo
Snyk vs Trivy
Veracode vs Trivy Logo
Veracode vs Trivy
Qualys VMDR vs Trivy Logo
Qualys VMDR vs Trivy
SentinelOne Singularity Cloud Security vs Trivy Logo
SentinelOne Singularity Cloud Security vs Trivy
CrowdStrike Falcon Cloud Security vs Trivy Logo
CrowdStrike Falcon Cloud Security vs Trivy
Orca Security vs Trivy Logo
Orca Security vs Trivy
JFrog Xray vs Trivy Logo
JFrog Xray vs Trivy
Aqua Cloud Security Platform vs Trivy Logo
Aqua Cloud Security Platform vs Trivy
Lacework FortiCNAPP vs Trivy Logo
Lacework FortiCNAPP vs Trivy
SUSE NeuVector vs Trivy Logo
SUSE NeuVector vs Trivy
Red Hat Advanced Cluster Security for Kubernetes vs Trivy Logo
Red Hat Advanced Cluster Security for Kubernetes vs Trivy
Sysdig Secure vs Trivy Logo
Sysdig Secure vs Trivy
See all alternatives

Product Categories

Product Categories
Container Security

Popular Comparisons

Popular Comparisons
Wiz vs Trivy Logo
Wiz vs Trivy
Microsoft Defender for Cloud vs Trivy Logo
Microsoft Defender for Cloud vs Trivy
Prisma Cloud by Palo Alto Networks vs Trivy Logo
Prisma Cloud by Palo Alto Networks vs Trivy
Snyk vs Trivy Logo
Snyk vs Trivy
Veracode vs Trivy Logo
Veracode vs Trivy
Qualys VMDR vs Trivy Logo
Qualys VMDR vs Trivy
SentinelOne Singularity Cloud Security vs Trivy Logo
SentinelOne Singularity Cloud Security vs Trivy
CrowdStrike Falcon Cloud Security vs Trivy Logo
CrowdStrike Falcon Cloud Security vs Trivy
Orca Security vs Trivy Logo
Orca Security vs Trivy
JFrog Xray vs Trivy Logo
JFrog Xray vs Trivy
Aqua Cloud Security Platform vs Trivy Logo
Aqua Cloud Security Platform vs Trivy
Lacework FortiCNAPP vs Trivy Logo
Lacework FortiCNAPP vs Trivy
SUSE NeuVector vs Trivy Logo
SUSE NeuVector vs Trivy
Red Hat Advanced Cluster Security for Kubernetes vs Trivy Logo
Red Hat Advanced Cluster Security for Kubernetes vs Trivy
Sysdig Secure vs Trivy Logo
Sysdig Secure vs Trivy
See all alternatives
Related questions
  • 9
When evaluating Container Security, what aspect do you think is the most important to look for?
  • 67
What tools do you rely on for building a DevSecOps pipeline?
  • 19
Container vs VM: What are the main differences?
  • 18
What do you look for in a container security solution?
  • 19
What container security solution are you using?
  • 69
Which Container Image Security tool is the best in the current market?
  • 120
Why is Container Security software important for companies?
  • 183
Why is Container Security important for companies?
  • 4
What are some tips for ensuring that containers are secure?
  • 3
What container security solution are you using? Do you recommend it?