Trivy scans everything in your stack for vulnerabilities: container images, filesystems, Git repos, Kubernetes configs, cloud infrastructure. Container images, filesystems, Git repos, Kubernetes clusters, AWS accounts, Terraform configs. One tool, one command, comprehensive results.

It's a security X-ray machine. Point it at anything in your stack and it tells you what's vulnerable, misconfigured, or leaking secrets. It checks against multiple vulnerability databases and updates them automatically.

Apache 2.0, backed by Aqua Security. The most popular open source security scanner in the container ecosystem.

The catch: Trivy finds problems; it doesn't fix them. You'll get a list of CVEs and misconfigurations, and then it's on you to remediate. At scale, the volume of findings can be overwhelming without a management layer on top. Aqua's commercial platform provides that management layer, which is exactly the upsell.

**Free (Apache 2.0):** The full Trivy CLI and all scanning capabilities. Container scanning, SBOM generation, Kubernetes scanning, IaC scanning, secret detection. No feature gates, no scan limits.

**Paid (Aqua Platform):** Aqua Security's commercial platform uses Trivy as its scanning engine and adds: centralized dashboard, policy management, runtime protection, compliance reporting, and team collaboration. Enterprise pricing; contact Aqua for quotes.

The free tool does the scanning. The paid platform manages the results across teams and environments. For a solo developer or small team, Trivy CLI is all you need. When you have 50+ services and need compliance reporting, that's when Aqua's platform earns its price.

Trivy

The Lens

Free vs Self-Hosted vs Paid

Similar Tools

About

Explore Further

More tools in the directory

openclaw

claw-code

n8n