> For the complete documentation index, see [llms.txt](https://notes.nomanaziz.me/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://notes.nomanaziz.me/cybersecurity/blue-teaming/miscellaneous/docker-image-security-analysis-with-trivy.md).

# Docker Image Security Analysis with Trivy

### Trivy

* Simple and comprehensive scanner for vulnerabilities
  * container images
  * file systems
  * git repositories
  * configuration issues
* Used to scan Infrastructure as Code (IaC) files such as \<below\_listed> to detect potential configuration issues that expose your deployment to risk of attacks
  * Terraform
  * Dockerfile
  * Kubernetes

***
