DevOps Developer at a comms service provider with 11-50 employees
Real User
Top 10
Apr 28, 2025
I use Trivy ( /products/trivy-reviews ) to scan code for vulnerabilities before deployment. Our projects, which are developed by different developers, involve various dependencies and third-party code. Before deployment, I scan the code to ensure there are no issues with the dependencies, files, or secrets.
Software Engineer at a tech vendor with 10,001+ employees
Real User
Top 10
Apr 25, 2025
I have been using Trivy ( /products/trivy-reviews ) for around three years. In my previous company, the primary use case was to scan the packages we used to ensure there were no critical or high vulnerabilities (CVEs). We also scanned the Docker ( /products/docker-37146-reviews ) images, like Alpine and Ubuntu ( /products/ubuntu-linux-reviews ), to ensure they were vulnerability-free.
The main use case for Trivy is to scan Docker images or packages for CVEs, specifically for vulnerabilities. I use the tool to ensure that newly built Docker images do not have critical vulnerabilities before they are pushed to production. Additionally, I have integrated Trivy into the Kubernetes cluster alongside policy reports to display a UI for all CVEs.
I use Trivy mainly for container security, specifically for scanning our images. I have integrated it with our CI/CD pipelines, mainly Azure DevOps, for scanning images for vulnerabilities. Additionally, I use it for Kubernetes security, scanning namespaces for misconfigurations or security metrics. I also help my cloud team scan Terraform for misconfigurations and compliance checks.
I use Trivy for vulnerability scanning in Docker images for our microservices applications. I have integrated it into our infrastructure scanning as well. I have also written a blog on it, which is published on my LinkedIn. Furthermore, it is part of our CI/CD pipelines, being used automatically every day.
Trivy offers comprehensive scanning for files, images, repositories, and infrastructure. It's open-source and integrates with CI/CD for vulnerability detection and security enhancement.Trivy scans vulnerabilities in code, Docker images, containers, and infrastructure. It integrates seamlessly into DevOps pipelines, ensuring security in dependency management and open source vulnerabilities. This tool, lightweight and open-source, provides user-friendly reports and supports continuous...
I use Trivy ( /products/trivy-reviews ) to scan code for vulnerabilities before deployment. Our projects, which are developed by different developers, involve various dependencies and third-party code. Before deployment, I scan the code to ensure there are no issues with the dependencies, files, or secrets.
I have been using Trivy ( /products/trivy-reviews ) for around three years. In my previous company, the primary use case was to scan the packages we used to ensure there were no critical or high vulnerabilities (CVEs). We also scanned the Docker ( /products/docker-37146-reviews ) images, like Alpine and Ubuntu ( /products/ubuntu-linux-reviews ), to ensure they were vulnerability-free.
The main use case for Trivy is to scan Docker images or packages for CVEs, specifically for vulnerabilities. I use the tool to ensure that newly built Docker images do not have critical vulnerabilities before they are pushed to production. Additionally, I have integrated Trivy into the Kubernetes cluster alongside policy reports to display a UI for all CVEs.
I use Trivy mainly for container security, specifically for scanning our images. I have integrated it with our CI/CD pipelines, mainly Azure DevOps, for scanning images for vulnerabilities. Additionally, I use it for Kubernetes security, scanning namespaces for misconfigurations or security metrics. I also help my cloud team scan Terraform for misconfigurations and compliance checks.
I use Trivy for CICD and container scanning.
I use Trivy for vulnerability scanning in Docker images for our microservices applications. I have integrated it into our infrastructure scanning as well. I have also written a blog on it, which is published on my LinkedIn. Furthermore, it is part of our CI/CD pipelines, being used automatically every day.
I am implementing Trivy as part of my DevSecOps process in the CSCD pipelines to scan my container applications and container images.
We are using Trivy for status analysis tests of our code bases, primarily for security and malware testing.