trivy

[Version]
trivy -v
trivy --version

[FileSystem]
trivy fs .                                                                                          # to scan all files in current folder/directory
trivy fs . > FILE_NAME                                                                              # to scan all files and saving the output into a file in current folder/directory
trivy fs FOLDER_NAME
trivy fs FOLDER_NAME/                                                                               # to scan all files in a given name of folder/directory
trivy fs FOLDER_NAME/ > FILE_NAME                                                                   # to scan all files in a given name of folder/directory and saving the output into a file in current folder/directory
trivy fs /FOLDER_NAME/FOLDER_NAME
trivy fs --format table -o FILE_NAME .
trivy fs --scanners secret,misconfig .
trivy fs --scanners vuln,secret,misconfig /FOLDER_NAME/FOLDER_NAME
trivy fs --security-checks vuln,config /FOLDER_NAME/FOLDER_NAME/FOLDER_NAME

[Git Repository]
trivy repo REMOTE_REPOSITORY_URL(HTTPS/SSH)
trivy repo REMOTE_REPOSITORY_URL(HTTPS/SSH) > FILE_NAME

[Docker]
trivy i IMAGE_NAME
trivy i -f json -o FILE_NAME IMAGE_NAME
trivy image IMAGE_NAME
trivy image IMAGE_NAME:TAG
trivy image DOCKER_HUB_USER_ID/REPOSITORY_NAME
trivy image DOCKER_HUB_USER_ID/REPOSITORY_NAME:TAG
trivy image DOCKER_HUB_USER_ID/REPOSITORY_NAME:TAG > FILE_NAME                                      # saving the output into a file 
trivy image --scanners vuln IMAGE_NAME
trivy image --scanners license IMAGE_NAME
trivy image --scanners misconfig IMAGE_NAME                                                         # Misconfigurations
trivy image --image-config-scanners misconfig IMAGE_NAME                                            # Trivy detects misconfigurations on the configuration of container images. The image config is converted into Dockerfile and Trivy handles it as Dockerfile.
trivy image --security-checks vuln IMAGE_NAME
trivy image --severity HIGH,CRITICAL IMAGE_NAME
trivy image --severity HIGH,CRITICAL,MEDIUM IMAGE_NAME:TAG
trivy image --severity HIGH,CRITICAL DOCKER_HUB_USER_ID/REPOSITORY_NAME
trivy image -f json -o FILE_NAME IMAGE_NAME
trivy image -f json -o FILE_NAME DOCKER_HUB_USER_ID/REPOSITORY_NAME
trivy image --format json -o FILE_NAME DOCKER_HUB_USER_ID/REPOSITORY_NAME
trivy image --format json -o FILE_NAME DOCKER_HUB_USER_ID/REPOSITORY_NAME:TAG
trivy image --format table -o FILE_NAME DOCKER_HUB_USER_ID/REPOSITORY_NAME:TAG

[Kubernetes]
trivy k8s --report summary
trivy k8s --report summary --skip-images
trivy k8s --report=summary
trivy k8s --kubeconfig ~/.FOLDER_NAME/FILE_NAME
trivy k8s --scanners vuln  --report all                                                             # control plane (apiserver, controller-manager and etc) and node components(kubelet, kube-proxy and etc)
trivy k8s --scanners=secret --report=summary
trivy k8s --scanners=misconfig --report=summary
trivy k8s --severity=CRITICAL --report=all
trivy k8s --format json -o FILE_NAME.json CONTEXT_NAME

[Misconfiguration]
trivy config .
trivy config FOLDER_NAME
trivy config --tf-vars FILE_NAME.tfvars .
trivy config -f json FOLDER_NAME
trivy config -f json -o FILE_NAME FOLDER_NAME
trivy config --severity CRITICAL,MEDIUM FOLDER_NAME
