Try our new research platform with insights from 80,000+ expert users
Trivy Logo

Trivy pros and cons

Vendor: Aqua Security
4.3 out of 5
Post review

Pros & Cons summary

Trivy integrates with CI/CD pipelines, enhancing workflow efficiency and security through vulnerability scanning in Docker and Kubernetes environments. Its open-source nature is cost-effective, but report interpretation and format output like PDF and CSV need improvement. Users can customize with rules and HTML templates, yet false positives remain an issue. Combining static and dynamic scanning with built-in malware detection could reduce reliance on tools like ClamAV.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the category report

Prominent pros & cons

PROS

Trivy easily integrates with CI/CD pipelines and can be installed on desktops for image scanning.
Trivy is highly customizable, allowing users to add rules and format HTML templates as needed.
Trivy effectively scans items like AWS credentials and GCP service accounts, enhancing security.
Trivy's open-source nature and extensive functionality make it highly valuable.
Trivy is praised for its excellent vulnerability scanning capabilities, especially for Docker images.

CONS

Trivy could improve its reporting features, such as PDF output and CSV generation.
It generates many false positives, which could be reduced through contextual analysis or granular filtering.
Container image scanning in Trivy is static, and a dynamic scanning capability during runtime would be an advantage.
Trivy lacks built-in functionality for report analysis in CI/CD pipelines, which hampers integration.
To detect malware, users must rely on Trivy in conjunction with another tool, like ClamAV, instead of a single integrated tool.
 

Trivy Pros review quotes

Utsav Sharma - PeerSpot reviewer
Feb 3, 2025
The vulnerability scanning feature is excellent as it supports various container capabilities like Docker and Sharma.
Read full review
Faizan Anwar - PeerSpot reviewer
Jan 30, 2025
It is open-source.
Read full review
GK
Dec 24, 2024
Trivy's open source nature and wide functionality are incredibly valuable.
Read full review
Buyer's Guide
Container Security
February 2025
Download Free Report
Find out what your peers are saying about Aqua Security, JFrog, Snyk and others in Container Security. Updated: February 2025.
DOWNLOAD NOW
838,713 professionals have used our research since 2012.
Jyothikumar C - PeerSpot reviewer
Jan 29, 2025
I can see vulnerabilities in the images of any applications deployed in the Kubernetes environment or as container applications.
Read full review
reviewer2599524 - PeerSpot reviewer
Dec 4, 2024
The most valuable feature of Trivy is its easy integration with the CI/CD pipeline.
Read full review
reviewer2620167 - PeerSpot reviewer
Dec 20, 2024
It's customizable, allowing me to add any rules and format HTML templates as I wish.
Read full review
DK
Feb 3, 2025
I appreciate Trivy for being open-source and not requiring any payment.
Read full review
DA
Jan 31, 2025
Trivy is easy to integrate with CI/CD and can be installed on desktops to scan images.
Read full review
 

Trivy Cons review quotes

Utsav Sharma - PeerSpot reviewer
Feb 3, 2025
Trivy generates many false positives, flagging non-existent vulnerabilities.
Read full review
Faizan Anwar - PeerSpot reviewer
Jan 30, 2025
In our CI/CD pipelines, Trivy lacks built-in functionality for report analysis.
Read full review
GK
Dec 24, 2024
A dynamic scanning capability during runtime would be a significant advantage.
Read full review
Buyer's Guide
Container Security
February 2025
Download Free Report
Find out what your peers are saying about Aqua Security, JFrog, Snyk and others in Container Security. Updated: February 2025.
DOWNLOAD NOW
838,713 professionals have used our research since 2012.
Jyothikumar C - PeerSpot reviewer
Jan 29, 2025
For malware detection, I need to use two tools: Trivy as my anomaly scanner and ClamAV. I am integrating these two tools into the CI pipeline. If both malware and anomaly detection could be managed by one tool, I would not need to depend on two tools.
Read full review
reviewer2599524 - PeerSpot reviewer
Dec 4, 2024
The reporting could be a little better.
Read full review
reviewer2620167 - PeerSpot reviewer
Dec 20, 2024
Trivy can improve by providing an output in PDF format.
Read full review
DK
Feb 3, 2025
Having little experience can hinder the ability to connect it to a user-friendly UI effectively.
Read full review
DA
Jan 31, 2025
The only problem is that Trivy does not support reporting features such as generating reports in CSV, which is useful for auditing and reporting.
Read full review

Product Categories

Product Categories
Container Security

Popular Comparisons

Popular Comparisons
Wiz vs Trivy Logo
Wiz vs Trivy
Microsoft Defender for Cloud vs Trivy Logo
Microsoft Defender for Cloud vs Trivy
Snyk vs Trivy Logo
Snyk vs Trivy
Veracode vs Trivy Logo
Veracode vs Trivy
Qualys VMDR vs Trivy Logo
Qualys VMDR vs Trivy
Orca Security vs Trivy Logo
Orca Security vs Trivy
CrowdStrike Falcon Cloud Security vs Trivy Logo
CrowdStrike Falcon Cloud Security vs Trivy
JFrog Xray vs Trivy Logo
JFrog Xray vs Trivy
Aqua Cloud Security Platform vs Trivy Logo
Aqua Cloud Security Platform vs Trivy
Lacework FortiCNAPP vs Trivy Logo
Lacework FortiCNAPP vs Trivy
SUSE NeuVector vs Trivy Logo
SUSE NeuVector vs Trivy
Sysdig Secure vs Trivy Logo
Sysdig Secure vs Trivy
Tenable.io Container Security vs Trivy Logo
Tenable.io Container Security vs Trivy
Sysdig Falco vs Trivy Logo
Sysdig Falco vs Trivy
CoreOS Clair vs Trivy Logo
CoreOS Clair vs Trivy
See all alternatives

Product Categories

Product Categories
Container Security

Popular Comparisons

Popular Comparisons
Wiz vs Trivy Logo
Wiz vs Trivy
Microsoft Defender for Cloud vs Trivy Logo
Microsoft Defender for Cloud vs Trivy
Snyk vs Trivy Logo
Snyk vs Trivy
Veracode vs Trivy Logo
Veracode vs Trivy
Qualys VMDR vs Trivy Logo
Qualys VMDR vs Trivy
Orca Security vs Trivy Logo
Orca Security vs Trivy
CrowdStrike Falcon Cloud Security vs Trivy Logo
CrowdStrike Falcon Cloud Security vs Trivy
JFrog Xray vs Trivy Logo
JFrog Xray vs Trivy
Aqua Cloud Security Platform vs Trivy Logo
Aqua Cloud Security Platform vs Trivy
Lacework FortiCNAPP vs Trivy Logo
Lacework FortiCNAPP vs Trivy
SUSE NeuVector vs Trivy Logo
SUSE NeuVector vs Trivy
Sysdig Secure vs Trivy Logo
Sysdig Secure vs Trivy
Tenable.io Container Security vs Trivy Logo
Tenable.io Container Security vs Trivy
Sysdig Falco vs Trivy Logo
Sysdig Falco vs Trivy
CoreOS Clair vs Trivy Logo
CoreOS Clair vs Trivy
See all alternatives
Related questions
  • 12
When evaluating Container Security, what aspect do you think is the most important to look for?
  • 91
What tools do you rely on for building a DevSecOps pipeline?
  • 28
Container vs VM: What are the main differences?
  • 19
What do you look for in a container security solution?
  • 21
What container security solution are you using?
  • 71
Which Container Image Security tool is the best in the current market?
  • 97
Why is Container Security software important for companies?
  • 116
Why is Container Security important for companies?
  • 14
What are some tips for ensuring that containers are secure?
  • 3
What container security solution are you using? Do you recommend it?