Trivy Has a Free API — Scan Containers, Code, and Infrastructure for Vulnerabilities

Trivy is the most popular open-source vulnerability scanner — it scans container images, filesystems, Git repos, Kubernetes clusters, and IaC templates (Terraform, CloudFormation) for security issues. Free, open source, by Aqua Security. Used by GitHub, GitLab, and Harbor. Why Use Trivy? All-in-one scanner — containers, code, configs, secrets, licenses Fast — scans in seconds, not minutes CI/CD native — zero config in GitHub Actions, GitLab CI Server mode — run as HTTP service for team-wide scanning SBOM — generates Software Bill of Materials Quick Setup 1. Install # macOS brew install trivy # Linux curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin # Docker docker run aquasec/trivy image nginx:latest 2. Scan Container Image # Simple scan trivy image nginx:latest # JSON output trivy image -f json nginx:latest | jq '.Results[] | {Target: .Target, Vulns: (.Vulnerabilities // [] | length)}' # Only critical/high trivy image -