Scans images for vulnerabilities within your CI pipeline Trivy, by Aqua Security, is a simple vulnerability scanner for containers and other artifacts. It can scan container images, Git repositories, and file systems to catch vulnerabilities within OS packages and programming-language dependencies. Trivy is also designed to be used within a CI/CD process to scan for vulnerabilities before sending to a container registry or deploying an application. Complete documentation for Trivy can be found here.